We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The internet runs on open-source, and it’s often hardworking volunteer developers who spend long hours keeping the projects alive. Unfortunately, they don’t always have the time or resources they need to hunt down the bugs that inevitably spring up in these large, complex code bases.
It was a very busy year in kernel space from mitigating security vulnerabilities to preparing new features. Here is a look back at the most popular kernel topics of this year.
The European Union believes it has a simple way to bolster its digital security: offer lots of cold, hard cash. The European Commission is launching bug bounties in January that will offer prizes in return for spotting security flaws in 14 free, open source software tools EU institutions use.
20 years ago, on the 23rd December 1998, the first version of OpenSSL was released. OpenSSL was not the original name planned for the project but it was changed over just a few hours before the site went live. Let’s take a look at some of the early history of OpenSSL as some of the background has not been documented before.
Security is a big worry for the Internet of Things. We've already seen countless incidents where smart internet-connected devices are taken over by an attacker and put to unintended use.
Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: “today’s voting machines are often insecure, not particularly easy-to-use, and so expensive that they’re often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us.”
Veteran systemd and BUS1 developers are David Herrmann and Tom Gundersen have been working on "nettools" as a new network configuration libraries project for Linux.
Taipan is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the Taipan dashboard:
Spoiler alert: If application security isn't dead yet, its days are numbered. OK, this is an over-exaggeration, but fear not, application security engineers — the work you do is actually becoming more important than ever, and your budget will soon reflect this. Application security will never die, but it will have to morph to succeed.
GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners.
yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon Colin Percival's scrypt and includes classic scrypt, a minor extension of scrypt known as YESCRYPT_WORM (named that for "write once, read [potentially] many [times]", which is how scrypt works), and the full native yescrypt also known as YESCRYPT_RW (for "read-write").
Security researcher Georg Wicherski recalls a friend who was once stopped at the airport on his way to the Black Hat hacking conference. Security took his laptop, supposedly for a routine X-ray, but it seemed to be taking too long. He suspected something more nefarious: airports are an easy place for authorities to place malware on seized equipment.
This is impressive: "An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille says.
Having trouble getting a Meterpreter shell past that pesky AV? Check out the new Shellter 5.1 shellcode injection tool! The latest version of Shellter for pentesters includes a
When Matthew Garrett, well-known Linux kernel developer and CoreOS principal security engineer, announced he was releasing a [Linux] kernel tree with patches that implement a BSD-style securelevel interface, I predicted people would say Garrett was forking Linux. I was right. They have. But, that's not what Garrett is doing.
CyanogenMod has rolled out stable builds for about 50 handsets and is including the October security fixes that Google released this week for Nexus devices. For Android users concerned about easily exploited bugs like Stagefright 1.0 and 2.0, it seems that the fastest way to get critical security updates is to replace the device's existing firmware with CyanogenMod.
You might think that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.
After Volkswagen used software that manipulated exhaust values and defeated emissions tests, it has affected 11 million VW diesel cars built since 2008. A 2007 letter from VW parts supplier Bosch warned Volkswagen not to use the software for regular operations; in 2011, a Volkswagen technician raised concerns about the illegal practices in connection with the emissions levels.
The peinjector is a MITM PE file injector, the tool provides different ways to infect Windows platform executable files (PE COFF) with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant, lightweight, modular and can be operated on embedded hardware.
For governments seeking to hide controversial programs from their citizens, there are few better directions to transmit secret military and espionage communications than straight up. Unlike here on earth, no pesky amateur radio eavesdroppers or curious hackers monitor the open sky between ground control and a drone
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
