API flaws said to have left Symantec SSL certificates vulnerable to compromise

LinuxSecurity.com: Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec SSL certificates.
144 Hits

Google proposes sending Symantec to TLS sin bin

LinuxSecurity.com: Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.
149 Hits

FBI director floats international framework on access to encrypted data

LinuxSecurity.com: FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.
143 Hits

Is Linux Mint a secure distribution?

LinuxSecurity.com: Linux Mint has been lambasted by some in the media for security problems over the last few years. But how accurate are such perceptions? Does Linux Mint really suffer from security problems or is it all much ado about nothing?
156 Hits

LastPass hit by password stealing and code execution vulnerabilities

LinuxSecurity.com: LastPass has closed a remote code execution vulnerability on its Chrome extension, but according to Google Project Zero researcher Tavis Ormandy, issues remain on its Firefox extension, as well as details on another password-stealing vulnerability to come. Writing in the Project Zero issue tracker, Ormandy said it was possible to proxy untrusted messages to LastPass....
Continue reading
158 Hits

Old Linux kernel security bug bites

LinuxSecurity.com: OK, hands up, who knows what High-Level Data Link Control (HDLC) is? It's an archaic networking data framing protocol that's used in modems, X.25, frame-relay, ISDN, and other now uncommon networking technologies. I know it because I used to work with them back in the day. You'll get to know it now because a researcher discovered a security hole hidden within the Linux kernel driver that implements it....
Continue reading
162 Hits

Ethical Hacking: The Most Important Job No One Talks About

LinuxSecurity.com: If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers. Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers....
Continue reading
184 Hits

This laptop-bricking USB stick just got even more dangerous

LinuxSecurity.com: Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars? Now there's a new version, and it's even more dangerous than before.
159 Hits

In-the-wild exploits ramp up against high-impact sites using Apache Struts

LinuxSecurity.com: Eight days after developers patched a critical flaw in the Apache Struts Web application framework, there has been no let-up in the volley of attacks attempting to exploit the vulnerability, which affects a disproportionate number of high-impact websites, a security researcher said Tuesday.
163 Hits