Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Pwn2Own 2017 Takes Aim at Linux (

darthcamaro writes: For the first time in its ten year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.

Submission + - As Linux Turns 25: Torvalds Credits GPL for Sucess (

darthcamaro writes: There are a lot of things that make Linux work and today at the LinuxCon conference in Toronto, 25 years after he first announced Linux, Linus Torvalds talked about the highlight and the low-lights of Linux (so far). For low lights he talked about the process challenges during the Linux 2.4 timeframe. When asked why Linux hasn't ended up fragmented like UNIX — Torvalds had an easy answer — the GPL.

I love the GPL and see it as a defining factor in the success of Linux," Torvalds said.

Submission + - Stagefright One Year Later - Not One Bug, but 115 (

darthcamaro writes: A year ago, on July 27, 2016 news about the Android Stagefright flaw was first revealed with the initial reports claiming widespread impact with a billion users at risk. As it runs out, the impact of stagefright has been more pervasive than a single point in time flaw. In fact over the course of the last 12 months, Google has patched no less than 115 flaws in stagefright and related Android media libraries. Joshua Drake, the researcher the first discovered the stagefright flaw never expected it to go this far.

"I expected shoring up the larger problem to take an extended and large effort, but I didn't expect it to be ongoing a year later," Drake said.

Submission + - Lennart Poettering Admits he Doesn't Understand SELinux (

darthcamaro writes: No surprise, but Lennart Poettering, the father of (love it or hate it..) systemd prefers it over other systems that can be used to secure Linux, including Red Hat (his employer) and its SELinux.

"My recommendation is that, systemd settings are easy and are just boolean expressions that most people will easily understand, that's why I created them and that's why I think they are more useful to more people than an SELinux policy," Poettering said during a keynote at the CoreOS Fest in Berlin. "There are probably only 50 people in the world that understand SELinux policies, but I really hope there are more than 50 people that understand systemd."

Submission + - All Linux Kernel Bugs are Potential Security Risks: Greg Kroah-Hartman (

darthcamaro writes: At the CoreOS Fest event in Berlin this week, Linux stable kernel maintainer Greg Kroah-Hartman provided some impressive stats on Linux kernel development. From April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day. All that change however represents a non-trivial security risk.

"When we push out the fixes, you better take advantage of it," Kroah-Hartman said. "If you are not using a stable, long-term kernel, your machine is insecure.

Submission + - CoreOS Ramps up Funding & Tech to Take on Docker (

darthcamaro writes: In a day full of activities at CoreOS Fest in Berlin (and simulcast in San Francisco) CoreOS announced a new $28 Million round of funding, new featuring in the etcd key value store (that is part of Kubernetes) a new microservice authentication technology, bittorrent download of container images and a new Cloud Native Computing Foundation project called Prometheus to help with container monitoring. While CoreOS started out just as a Docker ecosystem vendor, it's now clear they're ramping up to take Docker Inc on, head-on.

Submission + - Shuttleworth Pledges to Never Weaken Encryption in Ubuntu (

darthcamaro writes: As works kicks off this week to build the Ubuntu 16.10 distribution (which may or may not include Mir), there is one item that is certain and that's security. In a video interview Shuttleworth doubles-down on security emphatically stating that he will never allow weak encryption in Ubuntu.

"We don't do encryption to hide things, we do encryption so we can choose what to share," Shuttleworth said. "That's a profound choice we should all be able to make."

Submission + - Google Admits that is Dangerous (

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous site, where malware and phishing exploits can be found. Apparently one of those unsafe sites is none other than itself.

Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of (and the sites linked in its index), "Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information)."

Comment Red Hat has a different view - and it's not hype (Score 3, Informative) 21

I don't know much about Windows and there there are 12 other advisories more impactful that Badlock this month - but Red Hat is and has taken the Linux related vulnerabilities *very* seriously - which is a good thing, it means no shellshocked/heartbleed repeat, patches on time and no real risk.

"Working closely with the community over many months, Red Hat engineers have been heavily involved in the process of analyzing and developing Samba patches for Badlock-associated issues," Josh Bressers, security strategist at Red Hat sad.

Submission + - Heartbleed Turns Two -Has Anything Changed? (

darthcamaro writes: Two years ago on April 7 2014, the Heartbleed vulnerability on OpenSSL was first disclosed, arguably changing the open-source security world in many ways. For one there is now an unfortunate trend of security vendors branding vulnerabilities. On a more positive note though is the emergence of more rigor in open-source code auditing, thanks in part to the effort of the Linux Foundation's Core Infrastructure Initiative (CII).

"OpenSSL now has a well-known and published approach for how it will appropriately inform all interested parties of security advisories," Emily Ratliff, senior director of infrastructure security at The Linux Foundation, told eWEEK. "Even trivial patches must follow the review process."

Submission + - OpenStack Mitaka Debuts (

darthcamaro writes: The 13th release of OpenStack, codenamed Mitaka is now generally available, with updates across all major projects. Among the biggest new capabilities in OpenStack Mitaka however isn't a new project or a new featue in a single existing project, but rather the official debut of the OpenStack Client, which creates for the first time a unified command line interface to control the cloud.

"The OpenStack client is a command line client that unifies access across all the main projects," Jonathan Bryce, executive director of the OpenStack Foundation, said.
So if an administrator wants to create a user, a block storage device or a virtual server, or attach to a network, all those functions are now enabled in the single tool that is the OpenStack client. The OpenStack client provides a standardized set of commands, whereas previously, each project had its own command line client, Bryce said. He added that the OpenStack client can be run locally or in the cloud, and can be configured to control multiple OpenStack clouds.

Submission + - Comodo CEO Not Afraid of Google Project Zero (

darthcamaro writes: Google Project Zero researchers have aggressively been going after Comodo anti-virus and security tech in recent week. Now Comodo's CEO is shooting back saying that his company believes in responsible disclosure. He also noted that Comodo is set to debut its own bug bounty program at some point soon.

Submission + - Mozilla Takes Tab Candy Away from Firefox Users (

darthcamaro writes: While most modern web browsers are busy adding news features for users, Mozilla is taking them away. In the new Firefox 45 milestone, Mozilla has decided to remove the Tab Groups features, previously known as Panorama and originally started as the Mozilla Labs Tab Candy project.

"The primary reason for discontinuing the feature is low usage," Nick Nguyen, vice president of Firefox Product at Mozilla said.

Submission + - Pwn2Own 2016 Won't Attack Firefox (cause it's too easy!) ( 1

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security.

"We wanted to focus on the browsers that have made serious security improvements in the last year," Brian Gorenc, manager of Vulnerability Research at HPE said.

Submission + - CoreOS Launches Rkt 1.0 (

darthcamaro writes: Docker is about to get some real competition in the container runtime space, thanks to the official launch of rkt 1.0. CoreOS started building rkt in 2014 and after more than a year of security, performance and feature improvement are now ready to declare it 'production-ready.' While rkt is a docker runtime rival, docker apps will run in rkt, giving using a new runtime choice.

rkt will remain compatible with the Docker-specific image format, as well as its own native App Container Image (ACI). That means developers can build containers with Docker and run those containers with rkt. In addition, CoreOS will support the growing ecosystem of tools based around the ACI format.

Slashdot Top Deals

"All we are given is possibilities -- to make ourselves one thing or another." -- Ortega y Gasset