Language Selection

English French German Italian Portuguese Spanish

Security: Vault 8 From Wikileaks, Yahoo and Other Massive Data Leaks

Filed under
  • Vault 8

    Source code and analysis for CIA software projects including those described in the Vault7 series.

    This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.

    Source code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks' earlier Vault7 series, the material published by WikiLeaks does not contain 0-days or similar security vulnerabilities which could be repurposed by others.

  • Marissa Mayer sounds distraught over Yahoo’s massive data breach

    Former Yahoo CEO Marissa Mayer appeared distraught at a US Senate hearing Wednesday (Nov. 8) on the unprecedented data breaches at the company during her tenure.

    “As you know, Yahoo was the victim of criminal, state-sponsored attacks on its systems, resulting in the theft of certain user information,” Mayer said in her opening remarks, rarely looking up from her notes. “As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users.”

More in Tux Machines

Kernel: Security in Linux 4.19 and 4.20 Work So Far

  • Kees Cook: security things in Linux v4.19
    While it seems like ages ago, the fixes for L1TF actually landed at the start of the v4.19 merge window. As with the other speculation flaw fixes, lots of people were involved, and the scope was pretty wide: bare metal machines, virtualized machines, etc. LWN has a great write-up on the L1TF flaw and the kernel’s documentation on L1TF defenses is equally detailed. I like how clean the solution is for bare-metal machines: when a page table entry should be marked invalid, instead of only changing the “Present” flag, it also inverts the address portion so even a speculative lookup ignoring the “Present” flag will land in an unmapped area.
  • Linux Kernel Interface To Finally Allow For Programmable LED Patterns
    It's not often we get to talk about the LED drivers for the Linux kernel... Yes, the class of Linux kernel drivers to support controlling the brightness of LEDs via supported drivers and exposing that to user-space. With Linux 4.20~5.0 comes finally the ability to program "patterns" for LEDs.
  • Linux 4.20~5.0 Bringing Better x86 32-Bit Hibernation Support
    Intel's Rafael Wysocki sent in the power management updates today for the Linux 4.20~5.0 kernel cycle. On the power management front for this next Linux kernel, there is better x86 32-bit hibernation support. Hibernation bug fixes were back-ported from the x86_64 kernel code to x86 32-bit for consolidating the x86 hibernation handling and allowing a lot more 32-bit systems to behave correctly should you still be running them and wish to correctly hibernate for power conservation.
  • IBM s390 Code For Linux 4.20 Bringing Several Features
    Should you be into Linux on z Systems, the IBM s390 code for the Linux 4.20~5.0 cycle is coming with several feature additions. The s390 code is bringing a few features that have been available on other platforms for a while including KASAN (Kernel Address Sanitizer) as well as support for virtually mapped kernel stacks.

Linux Foundation: Academy Software Foundation Grows, Zemlin Interviewed

  • Open Source: Sony Pictures, Warner Bros. Join Academy Software Foundation (EXCLUSIVE)
  • How the Linux Foundation is reckoning with its security and diversity issues
    Linus Torvalds is back in charge of Linux. With that elephant out of the room - what else might the Linux Foundation be keen to address? Speaking with Computerworld UK at the Open Source Summit in Edinburgh this week, executive director of the Foundation, Jim Zemlin, outlined three key areas of improvement: application security, diversity, and data sharing. [...] These are the most pressing issues outlined by Zemlin, but another area where the Foundation hopes to see improvement is bolstering collaboration, specifically around the rise of machine learning, artificial intelligence and predictive analytics. As these become more important to how people build technology products and services, Zemlin adds, the importance of code sharing also increases. "I think the concept of taking open source practices of code sharing and lending them to data sharing is something that we could assist on, and to that end we've created an open data licence - two of them actually, a copyleft one and a more permissive data licence, similar to how standardised open source licences made it easy to share code, make it easy to share data."

Windows Back Doors for NSA, Libssh (Not Related to OpenSSH) Patched

  • Windows servers still infected by DarkPulsar NSA exploit
    Researchers from security outfit Kaspersky Lab say they have found about 50 systems infected by the DarkPulsar malware, part of the NSA exploits which were dumped online by a group calling itself the Shadow Brokers in 2017. A research brief written by Andrey Dolgushev, Dmitry Tarakanov and Vasily Berdnikov said DarkPulsar was in the implants category of the dump which included two frameworks called DanderSpritz and FuzzBunch. DarkPulsar was not a backdoor in itself, but just the administrative part of a backdoor.
  • Kaspersky says it detected infections with DarkPulsar, alleged NSA malware
    The hacking tools were leaked by a group of hackers known as the Shadow Brokers, who claimed they stole them from the Equation Group, a codename given by the cyber-security industry to a group that's universally believed to be the NSA. DarkPulsar went mostly unnoticed for more than 18 months as the 2017 dump also included EternalBlue, the exploit that powered last year's three ransomware outbreaks --WannaCry, NotPetya, and Bad Rabbit. Almost all the infosec community's eyes have been focused on EternalBlue for the past year, and for a good reason, as the exploit has now become commodity malware. But in recent months, Kaspersky researchers have also started to dig deeper into the other hacking tools leaked by the Shadow Brokers last year. They looked at FuzzBunch, which is an exploit framework that the Equation Group has been using to deploy exploits and malware on victims' systems using a CLI interface similar to the Metasploit pen-testing framework.
  • Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now

Openwashing 'OpenSync' and Oracle

  • Open source initiative to improve residential Wi-Fi [Ed: No, OpenSync is about broadening the reach of in-home surveillance]
    Operators Liberty Global, Bell and Comcast have signed up to OpenSync that was announced at the Broadband World Forum. It creates a silicon, CPE, and cloud-agnostic approach for the curation, delivery and management of emerging residential services leveraging managed Wi-Fi.
  • Plume and Samsung Launch OpenSync™ Open Source Initiative
    Following the large-scale deployment of residential Wi-Fi services relying on its core elements, the cloud managed modern home services pioneer Plume, and the world’s largest consumer electronics manufacturer Samsung announced the formation of a new open source software initiative called OpenSync™. The initiative, whose elements have been deployed by Liberty Global, the world’s largest international TV & broadband company, Bell, Canada’s largest communications company, and Comcast, the largest broadband company in the US, creates a silicon, CPE, and cloud-agnostic approach for the curation, delivery and management of emerging residential services leveraging managed Wi-Fi.
  • Oracle helps users curate their way through the growing open-source cloud stack [Ed: "SPONSORED POST BY PETER BURRIS" and "This post is sponsored by Oracle Corp." So Mr. Burris is basically a PR agent, paid by Oracle for openwashing and googlebombing.]