Feed aggregator

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Linux Slashdot - Thu, 25/09/2014 - 17:52
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.

Read more of this story at Slashdot.








Categories: Linux News

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Linux Slashdot - Thu, 25/09/2014 - 17:52
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.

Read more of this story at Slashdot.








Categories: Linux News

India Market Puts Linux Smartphones to the Test

Linux.com - Thu, 25/09/2014 - 17:28

 India has suddenly become the hot ticket in the race to expand smartphones beyond saturated markets in the North America, Europe, and Asia Pacific.

Categories: Linux News

LibreOffice 4.3.2 Goes Live With More Than 80 Fixes

Omgubuntu - Thu, 25/09/2014 - 13:48

LibreOffice 4.3.2 has been made available for immediate download and brings improved file compatibility with Microsoft Office file formats.

The post LibreOffice 4.3.2 Goes Live With More Than 80 Fixes first appeared on OMG! Ubuntu!.

Categories: Linux News

Why GNOME 3.14 Won’t Be Included in Ubuntu 14.10

Omgubuntu - Thu, 25/09/2014 - 13:25

Wondering why the new stable GNOME 3.14 desktop won't be in Ubuntu GNOME 14.10 next month? Developer Ali Linx is on hand to explain.

The post Why GNOME 3.14 Won’t Be Included in Ubuntu 14.10 first appeared on OMG! Ubuntu!.

Categories: Linux News

Is iOS 8 Spotlight Search Similar to the Ubuntu Dash?

Omgubuntu - Thu, 25/09/2014 - 11:58

If you've played with iOS 8 you might have spotted a new feature in Spotlight that is very similar to a key part of the Ubuntu desktop.

The post Is iOS 8 Spotlight Search Similar to the Ubuntu Dash? first appeared on OMG! Ubuntu!.

Categories: Linux News

On integrating flash arrays with server-side flash

The Register - Thu, 25/09/2014 - 10:32
Cache storage gets faster and faster

If you're buying flash storage today, you're doing it for speed. After all, you're not doing it to save money and you're definitely not rich enough to be doing it because you want to be green and save a few kilowatt-hours on your power bill.

Categories: Linux News

What Western media and polititians fail to mention about Iraq and Ukraine

Mark Shuttleworth - Thu, 25/09/2014 - 08:01

Be careful of headlines, they appeal to our sense of the obvious and the familiar, they entrench rather than challenge established stereotypes and memes. What one doesn’t read about every day is usually more interesting than what’s in the headlines. And in the current round of global unease, what’s not being said – what we’ve failed to admit about our Western selves and our local allies – is central to the problems at hand.

Both Iraq and Ukraine, under Western tutelage, failed to create states which welcome diversity. Both Iraq and the Ukraine aggressively marginalised significant communities, with the full knowledge and in some cases support of their Western benefactors. And in both cases, those disenfranchised communities have rallied their cause into wars of aggression.

Reading the Western media one would think it’s clear who the aggressors are in both cases: Islamic State and Russia are “obvious bad actors” who’s behaviour needs to be met with stern action. Russia clearly has no business arming rebels with guns they use irresponsibly to tragic effect, and the Islamic State are clearly “a barbaric, evil force”. If those gross simplifications, reinforced in the Western media, define our debate and discussion on the subject then we are destined pursue some painful paths with little but frustration to show for the effort, and nasty thorns that fester indefinitely. If that sounds familiar it’s because yes, this is the same thing happening all over again. In a prior generation, only a decade ago, anger and frustration at 9/11 crowded out calm deliberation and a focus on the crimes in favour of shock and awe. Today, out of a lack of insight into the root cause of Ukrainian separatism and Islamic State’s attractiveness to a growing number across the Middle East and North Africa, we are about to compound our problems by slugging our way into a fight we should understand before we join.

This is in no way to say that the behaviour of Islamic State or Russia are acceptable in modern society. They are not. But we must take responsibility for our own behaviour first and foremost; time and history are the best judges of the behaviour of others.

In the case of the Ukraine, it’s important to know how miserable it has become for native Russian speakers born and raised in the Ukraine. People who have spent their entire lives as citizens of the Ukraine who happen to speak in Russian at home, at work, in church and at social events have found themselves discriminated against by official decree from Kiev. Friends of mine with family in Odessa tell me that there have been systematic attempts to undermine and disenfranchise Russian speaking in the Ukraine. “You may not speak in your home language in this school”. “This market can only be conducted in Ukrainian, not Russian”. It’s important to appreciate that being a Russian speaker in Ukraine doesn’t necessarily mean one is not perfectly happy to be a Ukranian. It just means that the Ukraine is a diverse cultural nation and has been throughout our lifetimes. This is a classic story of discrimination. Friends of mine who grew up in parts of Greece tell a similar story about the Macedonian culture being suppressed – schools being forced to punish Macedonian language spoken on the playground.

What we need to recognise is that countries – nations – political structures – which adopt ethnic and cultural purity as a central idea, are dangerous breeding grounds for dissent, revolt and violence. It matters not if the government in question is an ally or a foe. Those lines get drawn and redrawn all the time (witness the dance currently under way to recruit Kurdish and Iranian assistance in dealing with IS, who would have thought!) based on marriages of convenience and hot button issues of the day. Turning a blind eye to thuggery and stupidity on the part of your allies is just as bad as making sure you’re hanging with the cool kids on the playground even if it happens that they are thugs and bullies –  stupid and shameful short-sightedness.

In Iraq, the government installed and propped up with US money and materials (and the occasional slap on the back from Britain) took a pointedly sectarian approach to governance. People of particular religious communities were removed from positions of authority, disqualified from leadership, hunted and imprisoned and tortured. The US knew that leading figures in their Iraqi government were behaving in this way, but chose to continue supporting the government which protected these thugs because they were “our people”. That was a terrible mistake, because it is those very communities which have morphed into Islamic State.

The modern nation states we call Iraq and the Ukraine – both with borders drawn in our modern lifetimes – are intrinsically diverse, intrinsically complex, intrinsically multi-cultural parts of the world. We should know that a failure to create governments of that diversity, for that diversity, will result in murderous resentment. And yet, now that the lines for that resentment are drawn, we are quick to choose sides, precisely the wrong position to take.

What makes this so sad is that we know better and demand better for ourselves. The UK and the US are both countries who have diversity as a central tenet of their existence. Freedom of religion, freedom of expression, the right to a career and to leadership on the basis of competence rather than race or creed are major parts of our own identity. And yet we prop up states who take precisely the opposite approach, and wonder why they fail, again and again. We came to these values through blood and pain, we hold on to these values because we know first hand how miserable and how wasteful life becomes if we let human tribalism tear our communities apart. There are doors to universities in the UK on which have hung the bodies of religious dissidents, and we will never allow that to happen again at home, yet we prop up governments for whom that is the norm.

The Irish Troubles was a war nobody could win. It was resolved through dialogue. South African terrorism in the 80′s was a war nobody could win. It was resolved through dialogue and the establishment of a state for everybody. Time and time again, “terrorism” and “barbarism” are words used to describe fractious movements by secure, distant seats of power, and in most of those cases, allowing that language to dominate our thinking leads to wars that nobody can win.

Russia made a very grave error in arming Russian-speaking Ukranian separatists. But unless the West holds Kiev to account for its governance, unless it demands an open society free of discrimination, the misery there will continue. IS will gain nothing but contempt from its demonstrations of murder – there is no glory in violence on the defenceless and the innocent – but unless the West bends its might to the establishment of societies in Syria and Iraq in which these religious groups are welcome and free to pursue their ambitions, murder will be the only outlet for their frustration. Politicians think they have a new “clean” way to exert force – drones and airstrikes without “boots on the ground”. Believe me, that’s false. Remote control warfare will come home to fester on our streets.

 

Categories: Linux News

Bash bug: Shellshocked yet? You will be ... when this goes WORM

The Register - Thu, 25/09/2014 - 07:01
Much carnage to come, warn experts

Much of the impact of the Shellshock vulnerability is unknown and will surface in the coming months as researchers, admins and attackers (natch) find new avenues of exploitation.

Categories: Linux News

Desperate VXers enslave FREEZERS in DDoS bot

The Register - Thu, 25/09/2014 - 06:32
Updated Spike malware targets Asia

Bad guys are launching denial of service attacks from Windows and Linux boxes and in a sign of desperation even fridges, freezers and Raspberry Pis.

Categories: Linux News

09/18 Webconverger 26.0

Distro watch - Thu, 25/09/2014 - 02:55
Categories: Latest Distros

Linux Foundation Certified Engineer Will Sheldon on What It's Like to Pass the Exam

Linux.com - Wed, 24/09/2014 - 23:43

Just a few days after the Linux Foundation announced its new certification program in August, Will Sheldon took the certified engineer exam and passed. Here he discusses why he took the exam, how he prepared, what the test was like, and gives some helpful advice for anyone who plans to take it.

Categories: Linux News

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

The Register - Wed, 24/09/2014 - 20:27
Updated CGI scripts to DHCP clients hit by Heartbleed-grade remote-code exec vuln

A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large.

Categories: Linux News

5 New Enterprise Open Source Projects to Watch

Linux.com - Wed, 24/09/2014 - 18:40

We asked open source experts: What are the most exciting open source projects to launch recently with a focus on the enterprise?

Categories: Linux News

GNOME 3.14 Released With New Features and App Updates

Omgubuntu - Wed, 24/09/2014 - 18:15

The GNOME project has announced the release of GNOME 3.14, a new stable update featuring multi-touch gestures, new UI animations and more.

The post GNOME 3.14 Released With New Features and App Updates first appeared on OMG! Ubuntu!.

Categories: Linux News

Remote Exploit Vulnerability Found In Bash

Linux Slashdot - Wed, 24/09/2014 - 17:12
kdryer39 sends this news from CSO: A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

Read more of this story at Slashdot.








Categories: Linux News

Patent trolls are starting to get trampled

Zdnet news - Wed, 24/09/2014 - 13:44
The Open Invention Network now has over a thousand licensees and the court cases are starting to go against the patent trolls.
Categories: Linux News

Patent trolls are starting to get trampled

Zdnet news - Wed, 24/09/2014 - 13:44
The Open Invention Network now has over a thousand licensees and the court cases are starting to go against the patent trolls.
Categories: Linux News

Kali turns Nexus fondleslabs into hacking weapons

The Register - Wed, 24/09/2014 - 04:32
Pen test from your tablet

Every hacker's favourite operating system, Kali Linux, has been brought to Google Nexus in a move that brings portable popping to a new level.

Categories: Linux News

Debian Switching Back To GNOME As the Default Desktop

Linux Slashdot - Wed, 24/09/2014 - 00:03
An anonymous reader writes: Debian will switch back to using GNOME as the default desktop environment for the upcoming Debian 8.0 Jessie release, due out in 2015. The decision is based on accessibility and systemd integration, along with a host of other reasons. Debian switched away from GNOME back in 2012 .

Read more of this story at Slashdot.








Categories: Linux News
Syndicate content