Evaluating Linux desktop security

first_main_article” class=”article readability=”57″>

This is called a study that echo MuySeguridad our fellow, whose sentence is none other than Linux desktop security could be much better . We will not repeat here what I can read in the above link, but we will give some specific detail.

xEvaluando Linux desktop security

short, all this begins with a recognized security expert IOActive class=”notranslate”> has discovered more than 60 potential security holes ., All related to your desktop.

class=”notranslate”> are many times you are going to read the word sojourn desktop entry, then X.Org problems ranging from a Gclib, or GNOME and KDE . And not everything that has published a precaution found. That’s why we take a look at Assessing the Linux Desktop’s Security (PPT, 74 pages) is quite interesting, though not too understand what is there if one is not versed in computer codes.

For example, it highlights a problem with Qt with your developers disagree, so we have no problem to be published. Who is right here? or security expert Qt developers? As I say, is just one example, but there are many more, and no one thinks that this is something that affects a single distribution, desktop environment or application, because it is widespread.

By contrast, other problems have been reported and are solved or way of being, and many others remain unknown. There’s a bit of everything here. But do not be alarmed or shocked, although the author of the study stops short of recommending the use of dietlibc or uClibc detriment of glibc, which considers (free translation) “a monster superhinchado stale code.”

In short, navel-gazing it does not apply to software, whether free or proprietary. There are errors in all creation and you should put more attention on it , always taking as a reference the bonded labor. So we are left with the final note left on MuySeguridad: need to check if the model of development makes a difference in the resolution of these problems, or not. Today rock some self-criticism.

yarpp-related-none” class=”yarpp-related

No related posts.

Powered By WizardRSS.com | RFID Blocking Wallet Cards

May 24, 2013 | admin | Tags: , , , | Comments Closed

Linus: UEFI is not security, but control

class=”article first_main_article” readability=”73″>Do you remember those two

polemics which we fought us? As a going to be impossible, since the discussion has continued in crescendo, leaving details of interest and the father of Linux once again showing its character and attention, putting the user first: Linux will jump through hoops of Microsoft’s Secure Boot . And point.

Linus: UEFI is not security, but control

that you walk a little clueless, start the story at the beginning, when it was revealed that Windows 8 would incorporate secure boot feature using UEFI, which basically serve as a replacement to existing and decrepit after BIOS upgrade system security, preventing software startup unsigned and potentially dangerous .

What’s wrong with the above? That the vast majority of computers sold in the world come with Windows pre-installed, and Microsoft is signing keys UEFI security on devices with its operating system . In short and possibilities “unofficial” apart, who would like to install a Linux distribution on your newly bought computer with Windows 8 could not, at least a priori.

As you can imagine, the mess was monumental, even though from Microsoft were quick to calm down. The official solution passed through reliable Linux distributions that go through the hoop Microsoft , requesting certified keys for this purpose. From there, each went his way distribution, Fedora being the most active in this respect (the first to pay the license to generate their own keys, offering them to other community GNU / Linux). Even the Linux Foundation came into play.

So, the problem was gone, and in fact the latest releases of the most popular distros already support Microsoft’s Secure Boot . Without thier, although the problem was gone, you could do something to improve the implementation of Microsoft’s UEFI (stating the distinction and repetition) in GNU / Linux, preventing developers work distros if firms included directly into the kernel . That’s at least what he must have thought the Red Hat engineer who dared last week with the request. But …

fuck u linus Linus: UEFI is not security, but control

Linux

response and know not (more details at the link). What if Red Hat wanted, could deploy your kernel, but not the kernel he keeps . Mainly because it is not a standard, but a “thing” that Microsoft’s own security will not but control . To make matters worse, Microsoft, only certification authority for now, just sign binary . Once again …

fuck u linus Linus: UEFI is not security, but control

And again you can imagine the response of Linus (expletives included, of course). But in addition to take fire from his mouth, the distinguished finlandéis took something of his genius-productive in the sense of the word, and suggested some changes, “ instead of trying to please Microsoft, see how we can increase security really “(we will look and see if something interesting comes out of there). The discussion, however, continues, now spread throughout the network

And what is it? In that while Linus send, “it” is not within the Linux code . Or at least not as it will now arise. And how does that affect users of GNU / Linux? anything . Why I rewrite on a subject that neither going nor coming to using GNU / Linux and also can not explain or understand without technical knowledge of many lack? Because now the end has been imposed, would be the answer. But I have not very clear.

No related posts.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon WordPress Plugin | Android Forums | WordPress Tutorials

February 28, 2013 | admin | Tags: , , , | Comments Closed

Security hole discovered in the Linux kernel

class=”article first_main_article” readability=”41″>According

published MuySeguridad our fellow last night, has discovered a vulnerability in the kernel Linux by which an attacker could gain root access . Affected versions are Linux 3.3 onwards .

computer security hole discovered bug in the Linux kernel

Apparently, the hole is in the kernel networking code , and has not been heard of him until this past weekend appeared online an exploit with which “take advantage “.

Among

vulnerable to this flaw distributions are Fedora 17 and Ubuntu 18 or Ubuntu 12.10 and 12.04.2. In contrast, Red Hat and SUSE Linux have already patched their kernels . The solution for the rest will surely come in the coming days as a patch, because the ultimate solution will have to wait until the release of Linux 3.9.

As a side note, in the original article there are two very significant comments. The first vulnerability blames open source Linux , I understand that under the reasoning that to be accessible to everyone, you can find and exploit bugs.

The second comment suggests that precisely because Linux open source has been discovered so quickly the problem . Although the kernel 3.3 is launched almost a year ago.

What is your opinion?

No related posts.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon WordPress Plugin | Android Forums | WordPress Tutorials

February 26, 2013 | admin | Tags: , , , , | Comments Closed

Blizzard confirmed security filtering on Battle.net

620x239 806XLAR0SYE01281041826716 Blizzard confirmed on Battle.net security leak

Blizzard president Mike Morhaime, reported that the Battle.net service suffered a security leak . The platform stores affected much of the user information, including personal and financial data related to the most popular videogames.

However, the most important information (real name, billing address, card number credit) NOT have been compromised by the head of the intrusion.

“This week our security team detected an access illegal and unauthorized our internal network here at Blizzard. Quickly take action to close such access and started working with security agencies and defense experts to investigate what happened, “, Morhaime wrote on the official blog of the company.

The president of Blizzard, the data accessed during filtration were as follows:

  • Email addresses global users of Battle.net,

    • The answer to the question of security of players using U.S. servers. According to Morhaime, this affects users in Latin America, North America, Australia, New Zealand and Southeast Asia. Versions “cryptographically riots” of Battle.net users passwords using U.S. servers. We must clarify that they are not the actual keys, but encrypted versions.

    alone does not serve to gain access to the accounts . Anyway recommend that users change Battle.net keys and any other service you access using the same password (or similar). To change your password must be entered at this link. If you have further questions can consult this comprehensive FAQ.

    August 10, 2012 | admin | Tags: , , , , | Comments Closed

    Chrome improves the security of its extensions

    500px Google Chrome 2011 Chrome 300x300 icon.svg improving computer security extensions Safety is a very important web browsing and Google are aware of it. For this reason, in the latest version of Chrome developers increased browser security blocking the automatic installation of extensions hosted on third party websites .

    The measure aims to slow the execution of malicious supplements are not hosted on Chrome Web Store. The browser still possible to install extensions that are not part of the online store, but users have to do it manually.

    This is the explanation in the support page Chrome:

    dir=”ltr”> To keep them safe on the web, we have begun to analyze all the extensions that are uploaded to the Web Store and eliminate those that we recognize as malicious. Unfortunately we do not have the ability to delete malicious items promoted on other websites. For example, hackers can create pages that automatically trigger the installation of malicious additions. Their extensions are typically designed to spy on entering information on the web, and then reuse it for evil purposes.

    The move by Google is understandable, although surprised by the fact that previously did not carry out any gains control over extensions to Chrome Web Store. Those wishing to run add-ins from third-party websites have to download the files on your computer, drag the page extensions in Chrome and then accept the installation dialog.

    July 16, 2012 | admin | Tags: , , , | Comments Closed

    Thunderbird slow down its development, will focus on security and stability

    class=”article first_main_article” readability=”39″>

    Thunderbird mail client that had long been taking advantage of rapid development cycle also adopted the Firefox browser for months. However, those responsible for this development have decided to focus on other issues, which will cause Thunderbird developments will be much slower .

    Thunderbird thunderbird 500x357 slows their development, will focus on security and stability

    So says Mitchell Baker, Mozilla Foundation president, on his blog, which states that “ stability is most important, and continuous innovation Thunderbird is not a priority to the efforts of the Mozilla products “.

    That means that in the coming months we will see how the email client fails to include new features or changes “relevant” in appearance or functionality, and will focus solely on safety and stability.

    are two very important aspects of any development, of course, but that speech sounds to us Thunderbird Mozilla is not worth too much , which has decided to devote fewer resources to this customer. It is an understandable choice from the point of view, but sad when you consider that it was one of the email clients most popular Open Source.

    No related posts.

    Powered By WizardRSS.com | Full Text RSS Feed | WordPress Amazon Plugin | Android Forums | WordPress Tutorials

    July 9, 2012 | admin | Tags: , , , , , , | Comments Closed

    Applications to improve the security of your Android

    620x324 android security applications to improve the security of your Android

    Improve safety our Smartphone is something that always has us worried. And, increasingly, our phone gets important information and reserved for us. Because the mobile phone and did not use it only to call. We now have access to our email and private information that can be stolen by an interested party. Also the value of our Smartphone is more phones than previous years and, therefore, should improve security on our Smartphone. Today there are applications that can even locate, using GPS, our lost or stolen device, and block it if necessary.

    Then will link some of the best applications to improve the safety of our device Android . Antivirus, password manager or location applications, as will now be our best ally when keep our brand new device under the safety:

    Antivirus Free – Lookout

    img trans Applications to improve the security of your Android img trans Applications to improve the security of your Android images Applications to improve the security of your Android Protect your device and data easily by block viruses, spyware or other malware and scan each application that is installed with the automatic updates of antivirus, back up your contacts on the web or restore data to an existing phone, find your lost phone and more. Protect your phone with Lookout, the best antivirus and security application. Lookout is application # 1 in security and antivirus for Android. More than 15,000,000 users trust to protect their Smartphones Lookout.

    avast! Mobile Security

    images 1 Applications to improve the security of your Android

    Another of the best free antivirus. Protect your personal data with automatic virus scanning and URL alerts infected. Stop hackers by adding a firewall (phones with root access committed). Check anti-theft features with remote SMS commands: erase history, phone lock, siren activation, GPS tracking, audio monitoring and WIN many other useful tools.

    Application Protection

    This application helps you protect applications and data on your device with a password to prevent unauthorized use. You can set a password and a personal unlock code.

    KeePassDroid

    Too many passwords to remember? This application helps you manage passwords from your Android device easily. You only have to remember one master password or select the key file to unlock them.

    Wheres My Droid

    Wheres My Droid was born as a simple application for when you were losing your phone in your house and you could make it sound to find it, but every month the developer was as including new features that the users send their suggestions for new features, like being able to locate the GPS Smartphone , if you are missing out of your house or you have been stolen.

    Wheres My Droid Found Phone Applications to improve the security of your Android

    Prey Anti-Theft

    As to the previous application, Prey is a smart application that can dede send data about where the lost mobile , taking the coordinates of location using Wi-Fi or GPS, blocking the phone, and other methods to only be triggered by a text message. You can track the device, block or delete the files in it.

    May 18, 2012 | admin | Tags: , , , | Comments Closed

    A study casts doubt on the security of Open Source

    class=”article first_main_article” readability=”44″>

    As shown in Converged Infrastructure, a joint study by Sonatype firms and Aspect Security has opened the debate by ensuring that most large companies in the Fortune top-500, use applications built on open source components (libraries and frameworks) with security holes .

    open source 500x357 A study casts doubt on the security of Open Source

    The report, based on a survey to 2,550 developers, software architects and analysts, argues that open source “overlooks the shortcomings of ecosystems” , mainly due to the lack of a alert notification developers about the vulnerabilities and new versions with corrections. “80% of the code in the applications of today comes from libraries and frameworks. The risk of the vulnerabilities of these components is largely ignored and undervalued “, stand out.

    The report states, for example, that there have been 46 million downloads of unsafe versions of libraries and frameworks most popular open source , such as Google Web Toolkit, Spring MVC, Struts 1. X. and Hibernate. Struts 2, which was downloaded over a million times by 18,000 companies, contains a critical vulnerability.

    However there are many arguments against the conclusions of the study, as revealed in the original story, Converged Infrastructure .

    No related posts.

    Powered By WizardRSS.com | Full Text RSS Feed | Amazon Script | Android Forums | WordPress Tutorials

    March 28, 2012 | admin | Tags: , , , , , | Comments Closed

    Linus slams security management in openSUSE

    class=”article first_main_article” readability=”33″>

    The creator of the Linux kernel is known both for his genius-not for nothing was the architect of GNU / Linux today many happily use every day- and its sourness time to dot the i’s.

    Linus Torvalds Linus slams security management in openSUSE

    Linus

    not usually bite his tongue, and we have another example in a commentary he wrote yesterday in your Google Account Plus in criticizing openSUSE and his security management.

    translate:

    Desahogándome.

    I do not think people can talk about the segment of “security” without cursing, so it might be a good time for you cover you eyes.

    I gave openSUSE a try, especially because it worked really well in the installation on my Macbook Air, but I must say I can not anymore. There is no way in hell you can recommend to anyone.

    first lost weeks discussion in bugzilla that the security policy to require the password to change the time zone or include a new wireless network card was stupid and wrong.

    I think the issue over the wireless network solucionándose, but the time zone never did, and continues to call the administrator password.

    moron who thought to ask the administrator password for features and functions used every day like this and called it “good security” is mentally Enferno.

    So this is my request: if you have anything to do with the security of any distribution, and believe that my children (replace “my children” with “sales representatives” when you consider that your customers are businesses ) need the administrator password to access any wireless network, or be able to print something, or change the date preferences yhora, please suicidaos now. The world will be a better place.

    … and now I need to find a new distribution that works on the MacBook Air.

    Linus

    pure state, is not it? And what he says, although he argues it a bit hard, is absolutely true: the request of the administrator password is fine for certain sections, but it is ridiculous to ask for everything. much that we complained about UAC in Windows Vista and Windows 7 …

    Powered By WizardRSS.com | Full Text RSS Feed | Amazon Script | Android Forums | WordPress Tutorials

    March 1, 2012 | admin | Tags: , , , , | Comments Closed

    Security flaw in HTC mobile WiFi passwords may leak

    620x392 htc security flaw in HTC mobile WiFi passwords could filter

    A group of researchers discovered that a flaw in several HTC manufactured Android smartphones can filter credentials WiFi network security . The Taiwanese corporation recognized the problem and said that in coming weeks will release an update to fix it permanently.

    Analysts say the problem lies with those third party applications that are permitted android.permission.ACCESS_WIFI_STATE , as they are able to execute a command and access the information of the network where the device is connected. When combined with the permission android.permission.INTERNET all the data could be sent to a remote server.

    HTC reported that the fault is “small” and will be fixed with a automatic update. Anyway the Asian firm said that in some smartphones the update must be installed manually. These devices are compromised by the security flaw:

  • EVO 4G (GRI40)
  • EVO 3D (GRI40)
  • Desire S (GRI40)
  • Sensation 4G (GRI40)
    • Sensation
  • Z710e (GRI40)
  • Thunderbolt 4G (FRG83D)
  • Droid Incredible (FRF91)
  • Desire HD (FRG83D, GRI40)
  • Glacier (FRG83).

    • holders of such equipment will have to be aware of upcoming security updates to keep your data safe. HTC specialists indicated that to collect network information and send it to a remote server to install fraudulent applications from the Android Market.

    So you have this information in mind the next time you surf the app store, especially when interacting with tools unreliable source .

    Track | The Next Web | The Verge.

    February 2, 2012 | admin | Tags: , , , , , | Comments Closed
    « Older Entries