Linux kernel flaw endangers millions of PCs, servers and Android devices

By Lucian Constantin

For almost three years, a serious vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.

The flaw, which stems from the kernel’s keyring facility, allows applications running under a local user to execute code in the kernel. As a result, an attacker with access to only a limited account on a Linux system can escalate their privileges to root.

The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.

To read this article in full or to leave a comment, please click here

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Linux zero-day affects most Androids, millions of Linux PCs

By Maria Korolov

A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point.

“This affects all Android phones KitKat and higher,” said Yevgeny Pats, co-founder and CEO at security vendor Perception Point.

Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit. Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world’s supercomputers.

To read this article in full or to leave a comment, please click here

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

9 Linux distros to watch in 2016

By Bryan Lunduke

9 linux distros to watch in 2016
New year, new list

Image by Public Domain

Last year, right about this time, I listed my top Linux distributions to watch during 2015. Not which ones would be the best. Nor which would be the worst. Simply which ones I believed would be the most interesting, the most fascinating, to watch over the course of the year. I’ve done so again this year. Because it sounded like fun and I wanted to. Enjoy.

To read this article in full or to leave a comment, please click here

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

My Linux wish list for 2016 is just one item long

By Bryan Lunduke

I recently wrote up my annual predictions for 2016 – the big things that I think will happen in the Linux world over the coming year. Some of those predictions are optimistic… others, the opposite of optimistic.

What follows is not that – not a list of predictions. This article is entirely about the things that I want, so very dearly, to happen in 2016. The things that, if they were to come to pass, I would be so happy I would do the dance of joy. This is my “Linux Wish List” for the year.

To read this article in full or to leave a comment, please click here

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Third try is no charm for failed Linux ransomware creators

By Lucian Constantin

Getting cryptographic implementations right is difficult. A group of malware creators is currently experiencing that hard truth, to the amusement of security researchers.

For the past several months, a group of cybercriminals have been infecting Linux systems — primarily Web servers — with a file-encrypting ransomware program that the security industry has dubbed Linux.Encoder.

This development is worrying, because Web server infections don’t require user interaction as on desktop computers where getting users to open rogue email attachments or visit malicious websites are common attack vectors. Instead, the hackers use automated scanners to find servers that host vulnerable applications or have weak SSH passwords they can guess using brute-force methods.

To read this article in full or to leave a comment, please click here

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

The Endless Mini $79 desktop PC stores as much of the Internet as it can

By Mark Hachman

Call it “One Desktop per Child.” The Endless Mini is a $79 desktop PC designed to bring the knowledge of the Internet to the billions of people who might not be able to access it.

The Endless Mini is a small sphere of a machine, slightly larger than a grapefruit, with three USB ports (two USB 2.0, one USB 3.0) and an HDMI output. Inside of it is an AMLogic Cortex-A ARM chip, 1 GB of RAM, Linux, and a suite of Endless-designed apps, all with the goal of minimizing the resources needed to allow Endless customers access to the Internet—even if there is no Internet access.

The Mini ships in two versions: one with 24 GB of storage space, and a second version with 32 GB. (The price of the 32-GB model, which also has 2 GB of RAM, has not been disclosed.) Most of that capacity is full of cached information: stored Wikipedia files, open-source music, even games. The idea is that users will have access to Internet content even if an Internet connection is unavailable.

To read this article in full or to leave a comment, please click here

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Review: 7 data recovery tools for every data disaster

By Serdar Yegulalp

Storage media is more reliable than it’s ever been. But while drive failures are fewer and further between, technology improvements do nothing to protect you from the No. 1 cause of data loss: human error. It’s devastating to lose the only copy you have of any file — that important document or irreplaceable photo — all because you mistakenly formatted the wrong drive or hit Delete too quickly. It’s even more infuriating when you have only yourself to blame.

The single biggest limitation of Recuva is that file signatures appear to be hard-wired into the program. If you want to look for a custom format or another file not in Recuva’s list, you’ll need to use PhotoRec or an application that allows custom file signatures. What’s more, it was difficult to figure out exactly which file types are supported by the application in the first place. Piriform’s website doesn’t seem to list which files Recuva recognizes, although I found a note in the product forum that provided a way to discover supported file types in advanced mode.

To read this article in full or to leave a comment, please click here

(Insider Story)

From: Network World

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail