It would be an understatement to say that the security world tends to be full of hype and noise. At times, it seems like vendors virtually xerox each other’s marketing materials. Everyone uses the same words, phrases, jargon, and buzzwords. This is a complicated phenomenon and there are many reasons why this is the case.
The more important issue is why security leaders find ourselves in this state. How can we make sense of all the noise, cut through all the hype, and make the informed decisions that will improve the security of our respective organizations? One answer is by making precise, targeted, and incisive inquiries at the outset. Let’s start with a game of 20 questions. Our first technology focus: analytics.
Linux users have yet another trojan to worry about, and as always, crooks are deploying it mostly to hijack devices running Linux-based operating systems and use them to launch DDoS attacks at their behest.
With Docker appearing in businesses of all shapes and sizes, security is a concern for many IT admins. Here's how to secure Docker on the container or the host machine.
I shared a meal not long ago with a source who works at a financial services company. The subject of ransomware came up and he told me that a server in his company had recently been infected with a particularly nasty strain that spread to several systems before the outbreak was quarantined. He said the folks in finance didn’t bat an eyelash when asked to authorize several payments of $600 to satisfy the Bitcoin ransom demanded by the intruders: After all, my source confessed, the data on one of the infected systems was worth millions — possibly tens of millions — of dollars, but for whatever reason the company didn’t have backups of it.
The internet was designed to be a massive, decentralized system that nobody controlled, but it is increasingly controlled by a select few tech companies, including Google, Facebook, Apple and Amazon, and they are continuing to consolidate power, said the CEO of a cybersecurity company.
"More and more of the internet is sitting behind fewer and fewer players, and there are benefits of that, but there are also real risks," said Matthew Prince, chief executive officer of web security company CloudFlare, in an interview with CNBC. His comments came at CloudFlare's Internet Summit — a conference featuring tech executives and government security experts — on Tuesday in San Francisco.
Facebook has faced a lot of criticism for perceived abuse of its editorial sway among the 1.7 billion monthly active users who visit the site to consume news alongside family photos and ads. For example, a Norwegian newspaper editor recently slammed Mark Zuckerberg for Facebook's removal of a post featuring an iconic image known as the Napalm Girl that included a naked girl running from napalm bombs.
This is just something that's been occupying my thoughts lately. As an experiment I decided to try disabling almost all of my extensions on my GNOME desktop (I'm running 3.18 for now) and go with something a little closer to what the designers intended.
There's a few design choices that I just refuse to leave stock, though. The indicator icons being in the lower left seems contradictory to the main design so I use Top Icons Plus to keep them in the upper right and I still have icons enabled on my desktop. But that's really it; I have no other extensions installed and I even left the minimize and maximize buttons turned off to try and embrace the style/workflow suggested by GNOME's designers. It's very strange but I'm actually enjoying it in spite of my initial apprehension about switching to something so different.
So if you use GNOME, I'm curious to know: do you prefer to go full-on vanilla? Or do you open up GNOME Tweak and change everything you can and install a bajillion extensions? Do you turn on the maximize and minimize buttons or - like me - do you live in a world of minimize-free insanity?
How do you prefer your GNOME desktop experience?submitted by /u/MikeIronFist
Just a reminder to some of us that need a poke every now & then, along with for those who might not even realize.
Linux & other open source types of things are "Free as in freedom" to do what you want with them, not free as in hahaha... I don't have to pay for squat.
These projects are designed for people who can do the right thing.
Help out with your favorite projects... If you can code fantastic, if not; learning to code & being able to prove it with a open source project can look great on a resume, or most projects could use help in bug hunting, or even documentation. You can help the developers have more time to actually develop if you hang around the forums for the project & catch those simple "how do I" questions before they have to waste their time. If you don't have time for that sort of stuff because you work for a living; donate money or beer vouchers to the projects you use often.
I see many people on the internet get disappointed when linux is behind the ball on some of the newest technologies, but that's how we all can make a difference.
While open source communities are thriving, I think we can make them better.submitted by /u/ShadowOfAGeek
The Debian project is pleased to announce the sixth update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
Ello all I know there several tech savvy folks reading this sub.
Does anyone have any pen testing experience? Any books or online courses you would recommend.
I have black / white box testing experience on consumer products. Mainly smart phones and smart meters and would like to venture into pen testing realm.
Thank you kindly!submitted by /u/Tister1985
Many Linux distros still spawn 6 login terminals which can be accessed with Ctrl+Alt+F1 - Ctrl+Alt+F6. In the day of graphical desktop, is there really a need for these? They seem like a legacy thing that hangs in the background year after year.
I suspect most people drop there just because X.org is unresponsive or otherwise messed up. Therefore, to me it would make sense to only have some kind of local root emergency console that could be accessed with Ctrl+Alt+F1, and that would be it. Put a little Tux logo with a spanner in his hand there. Nice and professional. If someone still needed those old login consoles, he could explicitly enable them.
What do you think?submitted by /u/jones_supa
Friday afternoon after we published our report, Richard Stallman, founder and president of FSF, posted a brief, unofficial statement in an email to the thread around Rowe’s email. “The dismissal of the staff person was not because of her gender,” he said. “Her gender now is the same as it was when we hired her. It was not an issue then, and it is not an issue now.”
For a while now, you’ve been able to get Builder from the gnome-apps-nightly Flatpak repository. Until now, it had a few things that made it difficult to use. We care a whole lot about making our tooling available via Flatpak because it is going to allow us to get new code into users hands quicker, safer, and more stable.
So over the last couple of weeks I’ve dug in and really started polishing things up. A few patches in Flatpak, a few patches in Builder, and a few patches in Sysprof start getting us towards something refreshing.
Next Monday I am speaking at the Libre Application Summit GNOME in Portland about how we’re managing and delivering the applications to our Endless OS’s users. I am also very curious to check out the city of Portland as everybody tells me good things about it.
FOSSforce: Both Richard Stallman and John Sullivan have issued statements concerning the allegations made against the FSF by Libreboot's lead developer.