Language Selection

English French German Italian Portuguese Spanish

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

More in Tux Machines

Red Hat: Interview, Releases, Events, Compliance and Finance

Linux Foundation Expansion and Linux Development

  • Deutsche Telekom signs up as platinum member of Linux Foundation Networking
    Deutsche Telekom has doubled down on its commitment to using open source by signing up as a platinum member of Linux Foundation Networking. Earlier this year, the Linux Foundation put some of its open source communities, including the Open Network Automation Platform (ONAP), under the Linux Foundation Networking (LFN) brand in order to foster cross-project collaboration. Mainly thanks to ONAP, the LNF projects currently enable close to 70% of all the world's global mobile subscribers.
  • Deutsche Telekom Joins The Linux Foundation, Deepens Investment in Open Source Networking
  • Samsung Galaxy S Support With The Linux 4.19 Kernel
    Just in case you have your hands still on the Samsung Galaxy S or Galaxy S 4G that were released back in 2010 as once high-end Android smartphones, they have DeviceTree support with the upcoming Linux 4.19 kernel cycle. The DeviceTree additions are currently staged ahead of the Linux 4.19 kernel for these S5Pv210 Aries based smartphones. With this code in place for Linux 4.19, the Galaxy S should at least see working mainline support for storage, PMIC, RTC, fuel gauge, keys, USB, and WiFi working in order.
  • Using the Best CPU Available on Asymmetric Systems
    This is the type of situation with a patch where it might look like a lack of opposition could let it sail into the kernel tree, but really, it just hasn't been thoroughly examined by Linux bigwigs yet. Once the various contributors have gotten the patch as good as they can get it without deeper feedback, they'll probably send it up the ladder for inclusion in the main source tree. At that point, the security folks will jump all over it, looking for ways that a malicious user might force processes all onto only one particular CPU (essentially mounting a denial-of-service attack) or some such thing. Even if the patch survives that scrutiny, one of the other big-time kernel people, or even Linus Torvalds, could reject the patch on the grounds that it should represent a solution for large-scale systems as well as small. Either way, something like Dietmar and Quentin's patch will be desirable in the kernel, because it's always good to take advantages of the full range of abilities of a system. And nowadays, a lot of devices are coming out with asymmetric CPUs and other quirks that never were part of earlier general-purpose systems. So, there's definitely a lot to be gained in seeing this sort of patch go into the tree.

Games: Risin' Goat, CorsixTH, Hegemone Pass, Unreal Engine

Software: Remote Access, EncryptPad, Aria2 WebUI, Qbs

  • Best Linux remote desktop clients of 2018
    This article has been fully updated, and was provided to TechRadar by Linux Format, the number one magazine to boost your knowledge on Linux, open source developments, distro releases and much more. It appeared in issue 220, published February 2017. Subscribe to the print or digital version of Linux Format here. SSH has been the staple remote access tool for system administrators from day one. Admins use SSH to mount remote directories, backup remote servers, spring-clean remote databases, and even forward X11 connections. The popularity of single-board computers, such as the Raspberry Pi, has introduced SSH into the parlance of everyday desktop users as well. While SSH is useful for securely accessing one-off applications, it’s usually overkill, especially if you aren’t concerned about the network’s security. There are times when you need to remotely access the complete desktop session rather than just a single application. You may want to guide the person on the other end through installing software or want to tweak settings on a Windows machine from the comfort of your Linux desktop yourself.
  • EncryptPad: Encrypted Text Editor For Your Secrets
    EncryptPad is a simple, free and open source text editor that encrypts saved text files and allows protecting them with passwords, key files, or both. It's available on Windows, macOS, and Linux. The application comes with a GUI as well as a command line interface, and it also offers a tool for encrypting and decrypting binary files.
  • Aria2 WebUI: Clean Web Frontend for aria2
    Aria2 WebUI is an open source web frontend for aria2. The software bills itself as the finest interface to interact with aria2. That’s a lofty goal considering the competition from the likes of uGet Download Manager (which offers an aria2 plugin). Aria2 WebUI started as part of the GSOC program 2012. But a lot has changed since the software’s creation under that initiative. While the pace of development has lessened considerably in recent years, the software has not been abandoned.
  • qbs 1.12 released
    We are happy to announce version 1.12.0 of the Qbs build tool. [...] All command descriptions now list the product name to which the generated artifact belongs. This is particularly helpful for larger projects where several products contain files of the same name, or even use the same source file. The vcs module no longer requires a repository to create the header file. If the project is not in a repository, then the VCS_REPO_STATE macro will evaluate to a placeholder string. It is now possible to generate Makefiles from Qbs projects. While it is unlikely that complex Qbs projects are completely representable in the Makefile format, this feature might still be helpful for debugging purposes.