Security Leftovers
To elaborate on Xavier's and Bojan's excellent nmap diaries over the last few days, I thought that today might be a good day to go back to basics on nmap and demonstrate why nmap really is a security practitioner’s swiss army knife and should be in each of our testing toolkits.
Salt is used for configuring, managing and monitoring servers in datacenters and cloud environments.
The Salt installation is the “master” and each server it monitors runs an API agent called a “minion”. The minions send state reports to the master and the master publishes update messages containing instructions/commands to the minions. The communication between the master and its minions is secured (encrypted).
The U.S. Department of Commerce is close to signing off on a new rule that would allow U.S. companies to work with China's Huawei Technologies on setting standards for next generation 5G networks, people familiar with the matter said.
One problem confronting the enterprise world today is that when data is stored in multiple platforms, it also takes multiple security tools to keep that information safe.
A SANS Institute survey found that nearly half of respondents lacked visibility into data processed within their own organizations and 55% struggled with the lack of integration between security analytics tools and cloud platforms.
The enticement of OSS is undeniable, and the vibrant open source community has rallied, resulting in significant contributions to the open source movement. As a result, developers are increasingly turning to OSS to aid their organisation’s transformation.
By embracing OSS, companies realise major economic and productivity benefits, in addition to a positive impact on their bottom line. OSS enables organisations to move even faster by harnessing prefabricated building blocks to bootstrap the software development process and drive forward innovation.
[...]
Open source plays a pivotal role in the success and/or failure of software development teams. However, whilst the benefits of OSS are generally understood by the software developer community, the risks may not. It should be fully understood by developers that OSS is not immune to potential security risks. The core security risks in using OSS are like other types of software assets. All code comes with security risks and developers mustn’t put undue trust in OSS code. As companies use a greater amount of open source code, it introduces vulnerabilities that expose a company to risks and possible breaches.
Overall, Fresenius employs nearly 300,000 people across more than 100 countries, and is ranked 258th on the Forbes Global 2000. The company provides products and services for dialysis, hospitals, and inpatient and outpatient care, with nearly 40 percent of the market share for dialysis in the United States. This is worrisome because COVID-19 causes many patients to experience kidney failure, which has led to a shortage of dialysis machines and supplies.
On Tuesday, a KrebsOnSecurity reader who asked to remain anonymous said a relative working for Fresenius Kabi’s U.S. operations reported that computers in his company’s building had been roped off, and that a cyber attack had affected every part of the company’s operations around the globe.
Snake ransomware operators, like other ones, also steal unencrypted files before encrypting the infected systems, then they threaten the victims to release the data if they don’t pay the ransom.
While locking away your treasured data, SNAKE will also automatically disable any remote management tools or remote management software. That means your local IT technicians won’t be able to remote take-over your machine to have a snoop around and try to help resolve the problem. Instead, your computer will now be locked off from the system.
Once it’s scrambled your data, Snake dumps a “What happened to your files?” document on your desktop: [...]
This malware actually writes this file, called Fix-Your-Files.txt, into what Windows calls the ‘public desktop’, usually in the directory C:\Users\Public, where it shows up in the background for every user on the system.
One of my discoveries about Ubuntu 20.04 is that my test machine can trigger the kernel's out of memory killing during shutdown. My test virtual machine has 4 GB of RAM and 1 GB of swap, but it also has 347 NFS mounts, and after some investigation, what appears to be happening is that in the 20.04 version of systemd (systemd 245 plus whatever changes Ubuntu has made), systemd now seems to try to run umount for all of those filesystems all at once (which also starts a umount.nfs process for each one). On 20.04, this is apparently enough to OOM my test machine.
GitHub is a popular software development platform that provides hosting software to about 40 million developers, who use it for version control of their software. Microsoft acquired GitHub for $7.5 billion in October 2018.
Maze ransomware has wreaked havoc across North America and Europe in the last year, leading to warnings from the FBI and the Department of Homeland Security. They have hit over a dozen sectors, from construction to financial services to transportation. But some of the hackers’ most effective tactics are less novel than reflective of broader trends of how savvy ransomware gangs operate, according to Mandiant, FireEye’s incident response team. Maze is a microcosm for a type of criminality that needs to be studied carefully to be countered.
Like others involved in ransomware, the people behind Maze are not one group but a series of distinct teams with specialties, according to Mandiant. One team develops the malware, another distributes it and, when the victim pays a ransom, the developers get a commission.
This leads to jockeying among criminals looking to maximize their profits.
FreeType 2.10.2 and More
FreeType 2.10.2 while seemingly a minor version bump is significant in that it brings support for WOFF 2 fonts. Version 2.0 of the Web Open Font Format (WOFF) has been a W3C Recommendation since early 2018 as a successor to the older WOFF format. WOFF 2 makes use of Brotli compression and other improvements leading to smaller font files. WOFF 2 has been supported by all major web browsers for a number of years while now FreeType has support for dealing with these font files. This support was initially written for FreeType during Google Summer of Code 2019.
You may recall towards the end of last year when the Pango layout engine library dropped support for bitmap fonts, causing frustrations among some users. There now appears to be another Linux font debacle brewing.
With that former Pango font situation, one of the developers recommended users replace their displays with HiDPI panels if unsatisfied with the font presentation. There now seems to be a similar but different situation at hand.
Pango prior to version 1.44 used kerning hints provided by FreeType but now makes use of the hints provided by HarfBuzz. But HarfBuzz doesn't support all of the hints supported by FreeType and thus a regression for some users depending upon their font hinting preferences and what visibly looks the best to them and their displays.
Kernel: EXT4, FSGSBASE, Intel and Torvalds on Working From Home
Patches are pending that can sharply speed-up mount times of large EXT4 file-systems.
A Phoronix reader pointed us to the work this weekend on improving bitmap loading and skip non-loaded groups at cr=0/1.
FSGSBASE support is found on Intel CPUs going back to Ivy Bridge. On the AMD side it's there with Zen processors. FSGSBASE support can be checked by looking for its flag in /proc/cpuinfo.
Intel on Friday quietly released new Intel CPU microcode files for Linux.
Normally the "Intel Linux Processor Microcode Data Files" are updated in-step for all supported generations, but this new binary drop is limited to Ice Lake U/Y processors. Unfortunately, no change-log at hand for what has been shifted with this new CPU microcode drop for Linux users.
[...]
I'll do some poking at this new Ice Lake microcode release and see if there are any performance ramifications. Those wanting the new release can grab it from Intel-Linux-Processor-Microcode-Data-Files.
Social distancing is hitting some people a lot harder than others.
Of course, there are huge inequities that are making life harder for a lot of people, even if they don't know anyone infected with the coronavirus. Distancing is pointing out long-standing inequalities in living situations (how much can you distance when you live in an apartment with an elevator, and get to work on public transit?) and, above all, in internet access. Here in New Mexico, rural residents, especially on the pueblos and reservations, often can't get a decently fast internet connection at any price. I hope that this will eventually lead to a reshaping of how internet access is sold in the US; but for now, it's a disaster for students trying to finish their coursework from home, for workers trying to do their jobs remotely, and for anyone trying to fill out a census form or an application for relief.
[...]
Linus Torvalds, creator of the Linux operating system (which is developed entirely remotely, by developers across the world communicating electronically with each other), was interviewed a few weeks ago on how to work from home effectively: Pet the cat, own the bathrobe: Linus Torvalds on working from home.
He says, "Don't try to re-create an office from your home. ... If you spend hours in online meetings from home, instead of spending hours in meetings at the office like you used to, you've just taken the worst part of office life, and brought it home, and made it even worse."
The most important thing, he says, is "make it asynchronous, not some 'now everybody needs to attend this stupid web meeting to let everybody else know what they've been doing or what they should do.'" Decisions in kernel development are made mostly via email; there's no requirement that a developer in India and a developer in London have to be awake at the same time, sitting in hours of video calls while someone drones on about how things should be designed.
That's something that extroverts don't get. If they don't see your face in front of them the whole time the discussion is taking place, it seems, they aren't comfortable with the decision that results.
Android Leftovers
Ubuntu 20.04 LTS (Focal Fossa) Is Now Certified
Ubuntu 20.04 LTS (Focal Fossa) Is Now Certified for the Raspberry Pi