Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Every Browser Hacked at Pwn2own 2015 as HP Pays out $557,500 in Awards->

Submitted by darthcamaro
darthcamaro (735685) writes "Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. Sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers the princely sum of $557,500. So why does this happen every year? Why can't browser vendors actually produce software that can't be exploited — year after year?

Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.

"

Link to Original Source

+ - Red Hat Enterprise Linux 7.1 and Atomic Host Hit General Availability->

Submitted by darthcamaro
darthcamaro (735685) writes "Red Hat today released the first milestone update to its flagship Red Hat Enterprise Linux 7.x (RHEL) platform. Among the new features in RHEL is the dogtag certificate system and improved two-factor authentication support. Perhaps more noteworthy is the first release of Red Hat Enterprise Linux 7.1 Atomic Host which is an optimized version of RHEL specifically for the deployment of Docker containers. Red Hat is using Google Kubernets for orchestration and the OStree open source technology as a way to enable 'snappy' transactional updates and rollback capabilities. Atomic Host also introduces the concept of 'super-privileged' containers. The super-privileged containers allow users to deploy system services as containers and then run those service containers with privileged access to the host system."
Link to Original Source

+ - Lenovo.com DNS Hacked / Brought Back Online by CloudFlare->

Submitted by darthcamaro
darthcamaro (735685) writes "Multiple reports emerged this afternoon about an attack against Lenovo, allegedly executed by the notorious Lizard Squad. It appears as though the attackers were able to hack Lenovo.com's domain registrar and change the DNS records. Though Lenovo wasn't a customer of security vendor CloudFlare, CEO Matt Prince http://www.eweek.com/security/...">said that his firm was able to jump in and fix the situation."
Link to Original Source

+ - Canonical Launches Internet of Things Division Embedding Ubuntu Linux Everywhere->

Submitted by darthcamaro
darthcamaro (735685) writes "Ubuntu Linux isn't just for desktops, servers and the cloud anymore, Mark Shuttleworth wants Ubuntu to be the operating system of choice for the Internet of Things too. The new Snappy Ubuntu Core is being targeted at device developers and its the basis for an entire new division of Canonical Inc. The promise of Snappy Ubuntu Core is also one of security, protecting the devices of the world, by keeping them updated.

With Snappy there is also a division of responsibilities for updating that can also help protect IoT devices and users.
"So we could deliver an update for a Heartbleed or Shellshock vulnerability, completely independently of the lawnmower control app that would come from the lawnmower company," Shuttleworth said.

"

Link to Original Source

+ - Mark Shuttleworth Says Open-Source is More Secure Because of Diversity->

Submitted by darthcamaro
darthcamaro (735685) writes "2014 was seen by some as a tough year for open-source, given the Heartbleed and Shellshock vulnerabilities that impacted millions of users and systems. Mark Shuttleworth, founder of Ubuntu Linux (and former space tourist) has a different view. 2014 was a great year for him, as he marked the 10th anniversary of Ubuntu — and in terms of security he knows exactly why the open-source model is superior.

"The great thing about open source is that it's so dynamic and has so much innovation, that we have much more diversity in our ecosystem than there has ever been in the proprietary ecosystem," Shuttleworth said. "You'll never stop security issues from occurring in either open source or proprietary software but you deal with issues faster in open source."

"

Link to Original Source

+ - WordPress Can Now Automatically Update Plugins->

Submitted by darthcamaro
darthcamaro (735685) writes "There have been lots of stories here on /. in recent years about vulnerable WordPress plugins that aren't patched by users, resulting in those sites being exploited by attackers. While WordPress has provided a fully automated way to keep the core WordPress application updated for security fixes, plugins have been a gap. With the new Jetpack update from WordPress.com, a site administrator can now choose a setting that will enable automatic updates of plugins.
Is this the feature that could make massive WordPress exploits extinct in the future?"

Link to Original Source

Comment: Grinch is not a flaw - has no CVE!!! (Score 5, Informative) 118

by darthcamaro (#48628735) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking
The linked story is factually incorrect. Red Hat (and others) have publicly stated that this isn't a flaw at all but is in fact an expected and specified feature of PolicyKIt. I spoke with Red Hat on this, which is something that neither of the linked articles in this /. post did. It's not a flaw at all.
Also check out Red Hat Knowledgebase article on this too.

A report has been released detailing an issue that the reporter is naming "Grinch". This report incorrectly classifies expected behavior as a security issue.

+ - Linux Hit by Privilege Escalation Flaw; The Grinch is Not to Blame-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "Some media outlets in the past 24 hours have been reporting on a new alleged flaw in Linux that has been branded as the Grinch. The only problem with the flaw, is that it's not actually a flaw at all, it's a pre-defined feature in PolicyKit.

Basically, this bug report on Grinch was a bit more sensational than it needed to be," Josh Bressers, lead of the Red Hat Product Security Team said.

Ironically though, the same day that the Grinch was disclosed, a bona fide real Linux kernel privilege escalation vulnerability identified as CVE-2014-9322 was disclosed and patched."
Link to Original Source

+ - After a Five Year Delay, Snort 3.0 is Back in Development->

Submitted by darthcamaro
darthcamaro (735685) writes "The world's most popular open-source Intrusion Prevention System (IPS) has long been Snort, but it has been a while since there has been a major upgrade. Back in 2009 an effort started to build a Snort 3.0 but it got shelved. This week, Cisco announced that Snort 3.0 is now in development and it will bring a new policy language engine and a new command line shell.

"The user-friendliness features, for example, might enable users to build a programmatic interface for Snort, so when you run it, it can ask the user what class of attacks to look for," Marty Roesch, Snort founder said

"

Link to Original Source

+ - Red Hat Enterprise Linux 7.1 Set To Beef Up Security->

Submitted by darthcamaro
darthcamaro (735685) writes "Red Hat Enterprise Linux 7.1 is now out as a public beta and it has a long list of new features including improved Ceph storage support and windows Common Internet File System (CIFS) integration. Security is a big item in the new release with a number of new capabilities including support for FreeOTP for two-factor authentication, a new Certificate Authority managements system and an guide for the Security Content Automation Protocol (SCAP)"
Link to Original Source

+ - Cisco, Akamai, EFF and Mozilla Partner for New Free Let's Encrypt SSL Service->

Submitted by darthcamaro
darthcamaro (735685) writes "We all know we should deploy SSL/TLS on our servers but it's not always easier (or cheap) to do properly. That's the reason why the Electronic Frontier Foundation (EFF), Cisco, Akamai and Mozilla have come together for the 'Let's Encrypt' initiative which will provide free certificates backed by a free certificate authority

Peter Eckersley, technology projects director at the EFF said: "To Websites that have been struggling with HTTPS, and Internet users who are frustrated by a lack of privacy and security, we have a simple message: Help is on the way."

"

Link to Original Source

+ - Does Open Source Have Any Natural Enemies?-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "Usually, proprietary closed software is thought off as being the enemy of open source, but that's not necessarily the case. At the OpenStack Summit in Paris, Mark Collier, the Chief Operating Officer of the OpenStack Foundation spent the first half of his keynote bashing Amazon for being a monolith. But he was quick to note at the midway point that Amazon isn't the enemy. In his view, open source doesn't have any enemies.

"Open source is not about enemies; it's about using technology in the way that you want," Collier said. What do you think?

"

Link to Original Source

+ - Are New Domain Names Leading to Confusion for .com and .net?->

Submitted by darthcamaro
darthcamaro (735685) writes "A year ago, there were only 22 Top Level Domain Names, with .com and .net being the most commonly deployed. Now there are hundreds of new names and according to VeriSign (the people that manage .com and .net), it's leading to confusion.
Are you confused by new .xyz / .guru .anything domains?"

Link to Original Source

+ - The Carder Who Loved Me (aka how to entrap a Credit Card Criminal)->

Submitted by darthcamaro
darthcamaro (735685) writes "Credit card theft is the bane of the modern world and credit card thieves — known as Carders — are growing in number. Big retail breaches are giving these carders lots of numbers to play with, but thankfully law enforcement is up to the task of tracking down the carders. In a session at the SecTor security conference in Toronto, Grayson Lenik, recounted a story of how a good looking undercover female agent convinced a card to come to Las Vegas to marry her. It didn't end well for the carder — or his friends."
Link to Original Source

+ - OpenStack Juno Released!-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "The OpenStack Juno release is now generally available. This the 10th major release for the open-source cloud platform and introduces the Sahara Data Processing Service as the major new project. That's not the only new feature in Juno though, with 310 new features in total. The new features include cloud storage policy, improved IPv6 support, a rescue mode and improved multi-cloud federation capabilities."
Link to Original Source

I do not fear computers. I fear the lack of them. -- Isaac Asimov

Working...