Language Selection

English French German Italian Portuguese Spanish

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

More in Tux Machines

Android Leftovers

Zynq UltraScale+ module runs Linux at industrial temperatures

iWave’s “iW-RainboW-G30M” compute module runs Linux on a quad -A53 Zynq UltraScale+ SoC with 192K to 504K FPGA logic cells. The module ships with 6GB DDR4 and 8GB eMMC and supports -40 to 85°C temperatures. iWave has posted details on a computer-on-module built around Xilinx’s 64-bit, hybrid Arm/FPGA based Zynq UltraScale+ MPSoC. Unlike the SODIMM-style iW-RainboW-G28M that iWave shipped earlier this year based on the dual Cortex-A9 Zynq-7000 FPGA SoC, the new iW-RainboW-G30M is a larger, 95 x 75mm module with dual 240-pin board-to-board interfaces. There’s an optional Zynq Ultrascale+ Development Kit, but no details were available. Read more

Desktops You Don't Control Anymore

  • We’re inching closer to DaaS Windows
    Today’s Windows isn’t your dad’s Windows. Microsoft is finally acknowledging that IT professionals are fed up with Windows 10’s binannual major release cadence. So, to address this, it has come up with several new ideas, one of which comes straight out of the Ubuntu Linux desktop playbook.
  • Windows update problems: Microsoft reveals why recent patches broke some PCs
    Microsoft is preparing to rerelease a two-year old update for Windows 7 that's necessary to avoid 'error 0x8000FFFF' when installing its latest security updates. If your organization's Windows 7 PCs failed to install Microsoft's two most recent monthly rollup updates or the September security-only update, it's because the affected systems were missing a servicing stack update (SSU) that Microsoft released in October 2016.

Ubuntu 18.10 Performance Is Looking Up, But Clear Linux Still Leads In Many Tests

With less than one month until Ubuntu 18.10 "Cosmic Cuttlefish" releases, I have begun my usual benchmarking dance in checking out how the Ubuntu performance is looking to its current release, in this case the Ubuntu 18.04 LTS "Bionic Beaver". Our first performance look at Ubuntu 18.10 is with a mix of seven Intel and AMD desktop systems while using Ubuntu 18.04 LTS with all updates, Ubuntu 18.10 in its current near-final form, and using Intel's Clear Linux as a gold standard reference with it generally offering the leading out-of-the-box Linux x86_64 performance of major distributions. Read more Also: Ethereum Crypto Mining Performance Benchmarks On The GeForce RTX 2080 Ti