Right now, you get most of your Linux software from your distribution’s software repositories. Those applications have to be packaged specifically for your Linux distribution, and you have to trust them with full access to your Linux user account and all its files.
But imagine if developers could distribute applications in a standard way so you could install and run them on any Linux distribution, and if those applications ran in a “sandbox” so you could quickly download and run them without the security and privacy risks.
Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.
One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.
In the corporate world, it is well established that being on the front foot when it comes to security is an issue that demands money. As individuals feel the consequences of compromising security for convenience, will consumers change their ways?
Last week's discovery of Lenovo bundling Superfish malware that chose to insert its own self-signing certificate authority into Windows' trusted certificate chain under the auspices of serving ads to Lenovo customers highlights the extent to which hardware makers will try to squeeze a profit out of a low-margin business.
Let me see if I can guess your password. 12345? Qwerty? How about abc123 or Dragon or trustno1 (yes, I see what you did there), or Master?
If I guessed right, then shame on you: all of those feature in the top 25 worst passwords -- along with plenty of other all-but-impossible-to-crack strokes of genius like 111111 and letmein (yes, I see what you did there, too).