This Month's News
Banking Botnets Are Worse Than Ever
Financial institutions continue to face threats from banking botnets built using trojan-style Internet attacks. The new activity occurs in spite of some recent successes with discovering and eliminating criminal botnets. According to a new report from Dell SecureWorks, users should not feel confident that the recent discoveries of the Ramnit, Shylock, and Gameover ZeuS botnets indicate a safer Internet. Several other forms of botnets are still prevalent, led by the Citadel trojan, which reportedly attacked 1,170 unique targets. The report says, "New threats arise with emerging technologies, and attacks on mobile banking platforms and advances in bypassing standard authentication mechanisms evolved in 2014."
More than 90% of the trojans were aimed at US financial institutions, but the 10% aimed at the rest of the world was still enough to cause some significant losses. More that 1,400 institutions around the world reported attacks from banking trojans.
The Register offers a concise summary of the SecureWorks report on banking botnets. You can download the full report from the SecureWorks site. Be ready to provide some demographic information.
Debian Project Releases Debian 8 "Jessie"
The Debian Project has announced the arrival of Debian 8 "Jessie." The latest release of the great free distro was two years in development. The team pledges to maintain this version for five years.
The vast Debian project includes more than 20,000 packages and supports a total of 10 architectures, including the usual Intel equivalents, as well as MIPS, IBM S/390, 32-bit ARM, and even the new ARM64/AArch64 architecture.
The change that has received the most attention is the presence of systemd as the default init system. The Debian project says systemd will provide "many exciting features, such as faster boot times, cgroups for services, and the possibility of isolating part of the services." The move to systemd was controversial, however, with many old guard Unix and Linux veterans preferring the classic SysVinit system and suspecting that commercial vendors like Canonical influenced the switch. (The SysVinit system is still available for Debian 8 – it just isn't the default option.)
The Debian package repositories contain all the popular Linux deskops, as well as user applications, network server applications, and development tools. Installation images are available for CD, DVD, USB stick, Blu-ray, and network installation. Debian also provides a pre-built image designed for the OpenStack cloud. Debian 7 users can upgrade to Debian 8 using the apt-get package management tool.
Debian isn't as much in the public eye as it used to be, but the massive project is still extremely influential as a background distro that forms the basis for several popular Linux alternatives. Ubuntu, Knoppix, Mint, and many other Linux distributions are based on Debian.
Linux Kernel Turns Over
Linux godfather Linus Torvalds has announced the availability of Linux kernel 4.0. Kernel watchers have known this new "major" release has been on the way, so the announcement was no surprise. For many products and projects, a new major version number is timed to mark major feature enhancements, but Linus downplayed the significance of change from the 3.X to 4.X series, stating "… we've had much bigger changes in other versions."
Torvalds has been quoted in the past as saying Linux would need to roll over to a new major version before getting past 3.20 because he wanted to be able to count the minor release numbers on his fingers and toes. Perhaps more to the point, he says he is "… personally so much happier with time-based releases than the bad old days when we had feature-based releases." According to the announcement, 4.0 does not come with a trove of experimental new features but is a very stable release.
One new feature that has drawn some excitement from the Linux community is the new live kernel patching infrastructure.
The Linux Foundation and the Internet Security Research Group (ISRG) have announced a new project aimed at promoting encryption on the Internet. The new service, known as "Let's Encrypt," is described as "… a free, automated and open security certificate authority for the public's benefit. Let's Encrypt allows website owners to obtain security certificates within minutes, enabling a safer web experience for all."
Despite advances in encryption and intrusion prevention, security problems continue to plague the Internet. Experts have long advocated universal encryption as a best-practice technique for minimizing attacks. The Let's Encrypt project is intended to make it easier for webmasters to install and maintain encryption. According to ISRG executive director Josh Aas, "Encryption should be the default for the web. The web is a complicated place these days; it is difficult for consumers to be in control of their data. The only reliable strategy for making sure that everyone's private data and information is protected while in transit over the web is to encrypt everything. Let's Encrypt simplifies this."
The founders of the Let's Encrypt project believe one reason website encryption is not universal is that conventional certificate authority services are too complicated, and often too expensive, to be an option for smaller websites. Let's Encrypt will provide certificates for free, and it will simplify the configuration at the web server so that a couple of easy commands are all that is necessary to implement encryption.
According to the project website, Let's Encrypt will be available to the public in mid-2015.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.