Language Selection

English French German Italian Portuguese Spanish

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

More in Tux Machines

My code of conduct

There are many “code of conduct” documents. Often they differ a lot. I have my own and it is probably the shortest one:

Do not be an asshole. Respect the others.
Simple. I do not care which gender people have when I speak with them (ok, may stare at your boobs or butt once) nor their sexual preferences. Colour of the skin does not matter as most of my friends I first met online without knowing anything about them. Political stuff? As long as we can be friends and do not discuss it I am fine. Etc etc. It works on conferences. And in projects where I am/was involved. Someone may say that part of it was shaped by working for corporation (is Red Hat corpo?) due to all those no harassment regulations and trainings. I prefer to think that it is more of how I was raised by parents, family and society. Read more

pfSense 2.4.4-RELEASE now available

We are excited to announce the release of pfSense® software version 2.4.4, now available for new installations and upgrades! pfSense software version 2.4.4 brings security patches, numerous new features, support for new Netgate hardware models, and stability fixes for issues present in previous pfSense 2.4.x branch releases. pfSense 2.4.4-RELEASE updates and installation images are available now! Read more Also: MagicPoint presentation foils

Linux or Windows: 25 Things You Must Know While Choosing The Best Platform

Choosing the best platform – Linux or Windows is complicated. Because both the system is versatile and capable of doing many mission-oriented and regular task. So if I ask you which one is the best system between Linux and Windows? On this topic, you can start an ever ending discussion. Windows OS is the most used operating system in the desktop world, no doubt in this statement, but “most used” can’t prove itself to be the best option in a bigger prospect. We all know that cigarette is one of the “most used” consumer product in the world but still, it’s not good for health. It’s challenging to leave smoking because people are habituated with this addiction. So why I have given this example which is entirely off topic? Because we all know, humanity is a slave of habit, and accordingly, most of the users are quite habituated with the use of a Windows system for quite a long time. Now they can’t leave it just like smoking. If a bird remains in a case, how will it enjoy freedom? Even one day the bird will forget, he can fly. Read more

Test the new features in Fedora 29 Atomic and Cloud

Fedora 29 Atomic and Cloud provides latest version of packages from Fedora 29. Both Fedora Cloud Base and Atomic Host provide the latest available versions of packages in Fedora 29 containing all features and bug fixes done in individual packages like the kernel, cockpit and more. Additionally, Fedora Atomic Host includes the latest version of podman, which provides the ability to use OCI containers and runc. Read more