Language Selection

English French German Italian Portuguese Spanish

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

More in Tux Machines

Videos: Manjaro 18.0.3 Cinnamon, Bash Commands and FLOSS Weekly With ClearlyDefined

  • Manjaro 18.0.3 Cinnamon Run Through
    In this video, we look at Manjaro 18.0.3 Cinnamon.
  • JC’s Favorite BASH Commands
    We chill and look at some cool commands for the BASH terminal and scripts.
  • FLOSS Weekly 518: Clearly Defined
    Carol Smith is the program manager for ClearlyDefined, a project under the Open Source Initiative. ClearlyDefined is an open source project to crowd-source the gathering, curation, and upstreaming of licensing and security (and more) data about free and open source projects.

fff – A Simple Fast File Manager for Linux

fff (fast file-manager) is a simple, blazing fast and minimal file manager for Linux, written in bash. It only requires bash and coreutils, and its highly optimized now for efficient performance. Read more Also: z.lua - A Faster Way Of Changing Directories (cd Command That Learns As You Use It)

qoob – excellent foobar-like music player for Linux

Are you debilitated by the countless music players that use web technologies with a massive RAM footprint? Maybe you want a lean yet slick audio player with a good range of features? You might be interested in qoob. It’s a music player written in the versatile and hugely popular Python programming language. The software uses Qt 5, a cross-platform application framework and widget toolkit for creating classic and embedded graphical user interfaces. qoob is similar to foobar2000, a freeware audio player respected for its highly modular design, breadth of features, and extensive user flexibility in configuration. Unlike foobar, qoob is available for Linux and it’s released under an open source license. Read more

Programming: GStreamer, Rust, Python and More

  • GStreamer 1.15.1 unstable development release
    The GStreamer team is pleased to announce the first development release in the unstable 1.15 release series. The unstable 1.15 release series adds new features on top of the current stable 1.16 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. The unstable 1.15 release series is for testing and development purposes in the lead-up to the stable 1.16 series which is scheduled for release in a few weeks time. Any newly-added API can still change until that point, although it is rare for that to happen. Full release notes will be provided in the near future, highlighting all the new features, bugfixes, performance optimizations and other important changes.
  • GStreamer: GStreamer Rust bindings 0.13.0 release
    A new version of the GStreamer Rust bindings, 0.13.0, was released. This new release is the first to include direct support for implementing GStreamer elements and other types in Rust. Previously this was provided via a different crate. In addition to this, the new release features many API improvements, cleanups, newly added bindings and bugfixes.
  • Niko Matsakis: Rust lang team working groups
    Now that the Rust 2018 edition has shipped, the language design team has been thinking a lot about what to do in 2019 and over the next few years. I think we’ve got a lot of exciting stuff on the horizon, and I wanted to write about it.
  • RVowpalWabbit 0.0.13: Keeping CRAN happy
    Another small RVowpalWabbit package update brings us version 0.0.13. And just like Rblpapi yesterday, we have a new RVowpalWabbit update to cope with staged installs which will be a new feature of R 3.6.0. No other changes were made No new code or features were added.
  • Test automation framework thoughts and examples with Python, pytest and Jenkins
    In this article I'll share some personal thoughts about Test Automation Frameworks; you can take inspiration from them if you are going to evaluate different test automation platforms or assess your current test automation solution (or solutions). Despite it is a generic article about test automation, you'll find many examples explaining how to address some common needs using the Python based test framework named pytest and the Jenkins automation server: use the information contained here just as a comparison and feel free to comment sharing alternative methods or ideas coming from different worlds. It contains references to some well (or less) known pytest plugins or testing libraries too.
  • Basics of Object-Oriented Programming
    In programming, an object is simply a 'thing'. I know, I know...how can you define something as a 'thing'. Well, let's think about it - What do 'things' have? Attributes, right? Let's take a Song for example. A song has attributes! It has a Title, an Artist, a Genre, etc. How about a Dog - A dog has four legs, a color, a name, an owner, and a breed. Though there are millions Dogs with countless names, owners, etc, the one thing that ties them all together are the very fact that every single one can be described as a Dog. Although this may seem like a not-very informative explanation, these types of examples are what ultimately made me understand Object-oriented programing. The set of activities that an object can perform is an Object's behavior. A dog can bark, wag it's tail, sit, and even shake if it's owner trains them. In the same way, a programmer can create an object and teach it tricks in order to achieve certain goals. In Ruby(my first programming language), EVERYTHING is an object. This means that every piece of code you encounter can perform certain tricks at your command, some are built into Ruby while others can be created at your disposal. Let's look at a common element in programming, a simple string. As you can see, after the string is defined, I'm able to call different 'methods' or functions on the string I created. Ruby has several built in methods on common objects(ie strings, integers, arrays, and hashes.
  • Hello pytest-play!
    pytest-play is a rec&play (rec not yet available) pytest plugin that let you execute a set of actions and assertions using commands serialized in JSON format. It tries to make test automation more affordable for non programmers or non Python programmers for browser, functional, API, integration or system testing thanks to its pluggable architecture and third party plugins that let you interact with the most common databases and systems.
  • Nikola v8.0.2 is out!
    Nikola is a static site and blog generator, written in Python. It can use Mako and Jinja2 templates, and input in many popular markup formats, such as reStructuredText and Markdown — and can even turn Jupyter Notebooks into blog posts! It also supports image galleries, and is multilingual. Nikola is flexible, and page builds are extremely fast, courtesy of doit (which is rebuilding only what has been changed).
  • Mu!
    In the past several days, I innaugurated a private Fediverse instance, "Mu", running Pleroma for now. Although Mastodon is the dominant implementation, Pleroma is far easier to install, and uses less memory on small, private instances. By doing this, I'm bucking the trend of people hating to run their own infrastructure. Well, I do run my own e-mail service, so, what the heck, might as well join the Fediverse. So far, it was pretty fun, but Pleroma has problem spots. For example, Pleroma has a concept of "local accounts" and "remote accounts": local ones are normal, into which users log in at the instance, and remote ones mirror accounts on other instances. This way, if users Alice@Mu and Bob@Mu follow user zaitcev@SLC, Mu creates a "remote" account UnIqUeStRiNg@Mu, which tracks zaitcev@SLC, so Alice and Bob subscribe to it locally. This permits to send zaitcev's updates over the network only once. Makes sense, right? Well... I have a "stuck" remote account now at Mu, let's call it Xprime@Mu and posit that it follows X@SPC. Updates posted by X@SPC are reflected in Xprime@Mu, but if Alice@Mu tries to follow X@SPC, she does not see updates that Xprime@Mu receives (the updates are not reflected in Alice's friends/main timeline) [1]. I asked at #pleroma about it, but all they could suggest was to try and resubscribe. I think I need to unsubscribe and purge Xprime@Mu somehow. Then, when Alice resubscribes, Pleroma will re-create a remote, say Xbis@Mu, and things hopefully ought to work. Well, maybe. I need to examine the source to be sure.
  • Django ORM optimization story on selecting the least possible
    This an optimization story that should not surprise anyone using the Django ORM. But I thought I'd share because I have numbers now! The origin of this came from a real requirement. For a given parent model, I'd like to extract the value of the name column of all its child models, and the turn all these name strings into 1 MD5 checksum string.
  • Reasons Mitogen sucks
    I have a particular dislike for nonspecific negativity, where nothing can be done to address its source because the reasons underlying it are never explicitly described. In the context of Mitogen, there has been a consistent stream of this sort originating from an important camp in public spaces, and despite efforts to bring specifics out into the open, still it continues to persist. For that reason I'd like to try a new strategy: justify the negativity and give it a face by providing all the fuel it needs to burn. Therefore in this post, in the interests of encouraging honesty, I will critique my own work.
  • The North Star of PyCascades, core Python developer Mariatta Wijaya, receives the 2018 Q3 Community Service Award
    At Montreal PyCon 2015, Guido Van Rossum delivered the closing keynote during which Guido issued a public ask, “I want at least two female Python core developers in the next year ... and I will try to train them myself if that's what it takes. So come talk to me." Consequently, Mariatta did just that, she reached out to Guido after PyCon 2016 to learn more about starting in Python core development. Mariatta recalls, “I hadn’t contributed to open source [yet] and I wanted to know how to start”. Guido recommended some ways for Mariatta to start including reviewing the dev guide, looking at open issues and joining and introducing herself on the Python dev mailing list .
  • Episode #118: Better Python executable management with pipx