Language Selection

English French German Italian Portuguese Spanish

Security: Windows Back Doors, China Plans to Create a Technology Security Management System and More

Filed under
Security
  • Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

    But according to Joe Stewart, a seasoned malware analyst now consulting with security firm Armor, the malicious software used in the Baltimore attack does not contain any Eternal Blue exploit code. Stewart said he obtained a sample of the malware that he was able to confirm was connected to the Baltimore incident.

  • China Plans to Create a Technology Security Management System

    The National Development and Reform Commission has been tasked with setting up the list system which aims to “more effectively forestall and defuse national security risks,” Xinhua reported on Saturday. Details on the measures will be provided in the near future, according to the news agency.

  • BGP event sends European mobile traffic through China Telecom for 2 hours

    The incident started around 9:43am UTC on Thursday (2:43am California time). That's when AS21217, the autonomous system belonging to Switzerland-based data center colocation company Safe Host, improperly updated its routers to advertise it was the proper path to reach what eventually would become more than 70,000 Internet routes comprising an estimated 368 million IP addresses. China Telecom's AS4134, which struck a network peering arrangement with Safe Host in 2017, almost immediately echoed those routes rather than dropping them, as proper BGP filtering practices dictate. In short order, a large number of big networks that connect to China Telecom began following the route.

    The result: much of the traffic destined for telecommunications providers using the affected IP addresses passed through China Telecom equipment before either being sent to their final stop or being dropped during long waits caused by the roundabout paths. [...]

  • Fortune 500 company Tech Data leaks 264GB of private data

    While the card numbers were obfuscated, the data wasn't encrypted, and it's possible there's more than this: going through an entire 264GB file is somewhat time-consuming, after all. The site did say the sample its reporters saw contained "tens of thousands of customers," and it was a fraction of the larger database.

    This data was kept on a server for support agents to look at for troubleshooting purposes, but the company had neglected to put a password on it - meaning anybody with access to a web browser could look at the logs at will.

  • An Open Source Program Aims to Help Idaho Shore Up Cyberdefenses

    The mitigation of phishing is a top priority for Idaho, said ITS Administrator Jeff Weak. Phishing is the practice of sending emails that appear to be from a reputable source but hide malware links or try to convince users to reveal personal or system information.

    “Phishing, in general, that’s our biggest threat because we can stop a lot of the payload of most malware coming through. We have multiple layers of detection going through our email system so it will strip out virtually anything that looks out of place,” Weak said. “Where that gets tricky is in hyperlinks and things of that nature that look natural to an email or if it’s embedded into another link inside of a Word document, for example.”

    Idaho is currently in its second year of mandated cybersecurity training for state employees, he said. The learning modules, provided by KnowBe4, include a phishing course. One goal is to educate personnel on differentiating emails that make it past current cyberdefenses and into their inboxes.

  • Malicious Actors Create “Frankenstein Monsters” by Combining Open Source Components [Ed: TechNadu has somehow managed to blame security issues in Windows (which is insecure by design) on "open source"; amazing spin]

    Examples of these open source and freely available components include a tool that leverages MSBuild to execute a PowerShell command, another GitHub hosted project called Fruityc2 that is used to build stagers, the “PowerShell Empire”, and an article to help the attackers detect whether their software is running in a virtual machine or not. The reason for using open source tools is not only because they are free and readily available, but also because they feature higher operational security and make the malicious activities and the group behind them harder to detect. Custom tools on the other side leave unique traces, as they are developed by specific groups of hackers.

  • Checkmarx Makes SCA Market Waves with Enhanced Open Source Security Offering

More in Tux Machines

Funding for GNU and Debian

  • Paying (some) Debian developers
    In an offshoot of the Debian discussion we looked at last week, the Debian project has been discussing the idea of paying developers to work on the distribution. There is some history behind the idea, going back to the controversial Dunc-Tank initiative in 2006, but some think attitudes toward funding developers may have changed—or that a new approach might be better accepted. While it is playing out with regard to Debian right now, it is a topic that other projects have struggled with along the way—and surely will again. The discussion on the debian-devel mailing list about possibly recommending dh for building packages that we covered headed into a bit of a tangent on "difficult packaging practices" that might be preventing new people from contributing. From there, Andreas Tille brought up the longstanding idea of creating some kind of Debian equivalent to the Ubuntu personal package archives (PPAs). Raphaël Hertzog suggested that it might be worth using some of the money in the Debian bank account to fund the development of such a feature.
  • Double the movement: Inspire someone to explore free software
    Thank you for being part of our exceptionally generous community. Your interest in our mission is what got us where we are, in position to succeed if we keep at it. While it's incredible to have hundreds of thousands of subscribers around the world, we need to connect with millions if we're to realize a world free of proprietary software. This spring, we have set ourselves goals to reach 200 new members and 400 donations before July 15th, and to achieve them, we need your help. Please take this moment to publicly share your passion for free software. If each free software supporter inspires just one other, we can double our strength. We tasked free software designer Raghavendra Kamath with creating some inspiring visual images to help us spread our message further. You can find these banners and profile images, including their embed codes, here. Sharing these images online might inspire someone to explore free software, and may give reasons for you to educate your friends and family about why free software matters. Use the hashtag #ISupportFreeSoftware when you share the images online or on your social media.

Programming/Development Leftovers

  • ‘I code in my dreams too’, say developers in Jetbrains State of Developer Ecosystem 2019 Survey
    Last week, Jetbrains published its annual survey results known as The State of Developer Ecosystem 2019. More than 19,000 people participated in this developer ecosystem survey. But responses from only 7000 developers from 17 countries were included in the report. The survey had over 150 questions and key results from the survey are published, complete results along with the raw data will be shared later. Jetbrains prepared an infographics based on the survey answers they received. Let us take a look at their key takeaways:
  • Python and "dead" batteries
    Python is, famously, a "batteries included" language; it comes with a rich standard library right out of the box, which makes for a highly useful starting point for everyone. But that does have some downsides as well. The standard library modules are largely maintained by the CPython core developers, which adds to their duties; the modules themselves are subject to the CPython release schedule, which may be suboptimal. For those reasons and others, there have been thoughts about retiring some of the older modules; it is a topic that has come up several times over the last year or so. It probably had been discussed even earlier, but a session at the 2018 Python Language Summit (PLS) is the starting point this time around. At that time, Christian Heimes listed a few modules that he thought should be considered for removal; he said he was working on a PEP to that end. PEP 594 ("Removing dead batteries from the standard library") surfaced in May with a much longer list of potentially dead batteries. There was also a session at this year's PLS, where Amber Brown advocated moving toward a much smaller standard library, arguing that including modules in the standard library stifles their growth. Some at PLS seemed to be receptive to Brown's ideas, at least to some extent, though Guido van Rossum was apparently not pleased with her presentation and "stormed from the room".
  • When and How to Win With New Programming Languages
  • Understanding Data Ops and it's impact on Application Quality

Latest Security FUD

Linux Foundation, Kernel, and Linux Plumbers Conference

  • Tech Giants Join Linux Foundation's Connected-Cities Efforts [Ed: Just surveillance capitalism inside Zemlin's PAC. Reminder: the spokesperson of the "Linux" Foundation is the former spokesperson of James Clapper.]
  • Generalized events notification and security policies
    Interfaces for the reporting of events to user space from the kernel have been a recurring topic on the kernel mailing lists for almost as long as the kernel has existed; LWN covered one 15 years ago, for example. Numerous special-purpose event-reporting APIs exist, but there are none that are designed to be a single place to obtain any type of event. David Howells is the latest to attempt to change that situation with a new notification interface that, naturally, uses a ring buffer to transfer events to user space without the need to make system calls. The API itself (which hasn't changed greatly since it was posted in 2018) is not hugely controversial, but the associated security model has inspired a few heated discussions.
  • Detecting and handling split locks
    The Intel architecture allows misaligned memory access in situations where other architectures (such as ARM or RISC-V) do not. One such situation is atomic operations on memory that is split across two cache lines. This feature is largely unknown, but its impact is even less so. It turns out that the performance and security impact can be significant, breaking realtime applications or allowing a rogue application to slow the system as a whole. Recently, Fenghua Yu has been working on detecting and fixing these issues in the split-lock patch set, which is currently on its eighth revision. [...] With a split lock, the value needs to be kept coherent between different CPUs, which means assuring that the two cache lines change together. As this is an uncommon operation, the hardware design needs to take a special path; as a result, split locks may have important consequences as described in the cover letter of Yu's patch set. Intel's choice was to lock the whole memory bus to solve the coherency problem; the processor locks the bus for the duration of the operation, meaning that no other CPUs or devices can access it. The split lock blocks not only the CPU performing the access, but also all others in the system. Configuring the bus-locking protocol itself also adds significant overhead to the system as a whole. On the other hand, if the atomic operation operand fits into a single cache line, the processor will use a less expensive cache lock. This all means that developers may increase performance and avoid split locks by actions like simply correctly aligning their variables.
  • Real-Time Microconference Accepted into 2019 Linux Plumbers Conference
    We are pleased to announce that the Real-Time Microconference has been accepted into the 2019 Linux Plumbers Conference! The PREEMPT_RT patch set (aka “The Real-Time Patch”) was created in 2004 in the effort to make Linux into a hard real-time designed operating system. Over the years much of the RT patch has made it into mainline Linux, which includes: mutexes, lockdep, high-resolution timers, Ftrace, RCU_PREEMPT, priority inheritance, threaded interrupts and much more. There’s just a little left to get RT fully into mainline, and the light at the end of the tunnel is finally in view. It is expected that the RT patch will be in mainline within a year, which changes the topics of discussion. Once it is in Linus’s tree, a whole new set of issues must be handled. The focus on this year’s Plumbers events will include: