Language Selection

English French German Italian Portuguese Spanish

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

More in Tux Machines

Thunderbird version 60.3.1 now Available, Includes Fixes for Cookie Removal and Encoding Issues

Thunderbird happens to be one of the most famous Email client. It is free and an open source one which was developed by the Mozilla Foundation back in 2003, fifteen years ago. From a very basic interface, it has come a long way to be what it is today in 2018. With these updates, a recent one into the 60.x series from the 52.x series was a significant one. While the 60.x (60.3.0) update started rolling out, Mozilla was keen to push out 60.3.1. This new version of Thunderbird had a few bugs and kinks here and there which needed to be addressed which Mozilla did, most of them at least. Read more

Games: Feral Interactive, ATOM RPG, Lore Finder, UnDungeon, Humble Store Fall Sale

Another Fine Update Cycle From Microsoft

  • Windows 10 1809's new rollout: Mapped drives broken, AMD issues, Trend Micro clash
    Within days of Microsoft's first release of Windows 10 1809 at the beginning of October, IT pros noticed that Windows File Explorer indicated that mapped network drives appeared to be broken. "Testing the new 1809 update, and everything seems to be fine except all mapped drives to Windows 2012 file servers show disconnected (red x) after reboots or logoff/on," wrote one IT pro on October 5, with many others confirming the same issue on company networks.
  • Windows 10’s October 2018 Update Breaks Mapped Network Drives
    Microsoft’s October 2018 Update drama is largely over, but there are still a few lingering bugs. Microsoft has confirmed an issue where mapped network drives are broken after a PC restarts. This will not be fixed until 2019.

Linux 4.20 Showing Some Performance Slowdowns

Being well past the Linux 4.20 merge window I have moved onto benchmarking more of this development version of the Linux kernel. Unfortunately, there are some clear performance regressions. This week I got to firing off some Linux 4.20 kernel benchmarks... I started with the AMD Ryzen Threadripper 2990WX and Intel Core i9 7980XE for being the interesting HEDT CPUs in my possession at the moment. On the 7980XE I spotted several performance regressions with this Linux 4.20 development kernel compared to Linux 4.19 and 4.18, so then I fired up the completely separate Intel Core i9 7960X box to carry out the same tests. Sure enough, with that different hardware, there is further confirmation of slowdowns with Linux 4.20. The common trait of these systems was Ubuntu 18.10 x86_64 and using the Linux 4.18.18, 4.19.1, and 4.20 Git kernel packages provided by the Ubuntu Mainline Kernel PPA. With the differing hardware the intention is not to compare the performance between the systems but in looking at the direction of the Linux kernel performance. Read more