Security
  • This new Linux malware targets ecommerce sites ahead of Black Friday [Ed: Mayank Sharma should know better; this isn't the fault of Linux and moreover he has added the smear against Go just because people can write malicious programs in Go (as they can in any other language)]

    The malicious agent, dubbed linux_avp is written in Golang, and was discovered by researchers at Sansec, who were approached by an affected merchant who couldn’t seem to get rid of malware from his store.

  • New Rowhammer Technique [Ed: We have states and so-called 'tech' companies putting back doors in all their stuff and yet we're meant to focus on theoretical attacks of this oddball nature]

    Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem.

  • DDR4 memory protections are broken wide open by new Rowhammer technique

    Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.

  • This Week in Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, and The Blacksmith

    Intel has announced CVE-2021-0146, a vulnerability in certain processors based on the Atom architecture, and the Trusted Platform Module (TPM) is at the center of the problem. The goal of the system around the TPM is to maintain system integrity even in the case of physical access by an attacker, so the hard drive is encrypted using a key stored in a secure chip on the motherboard. The TPM chip holds this encryption key and provides it during the boot process. When combined with secure boot, this is a surprisingly effective way to prevent tampering or data access even in the case of physical access. It’s effective, at least, when nothing goes wrong.

    Earlier this year, we covered a story where the encryption key could be sniffed directly from the motherboard, by tapping the traces connecting the TPM to the CPU. It was pointed out that TPM 2.0 can encrypt the disk encryption key on the traces, making this attack impossible.

    The entire Trusted Compute Model is based on the premise that the CPU itself is trustworthy. This brings us back to Intel’s announcement that a debug mode could be enabled via physical access. In this debug mode, the CPU master key can be extracted, leading to complete compromise. The drive encryption key can be recovered, and unsigned firmware can be loaded to the Management Engine. This means data in the TPM enclave and the TPM-stored encryption key can be compromised. Updated firmware is rolling out through motherboard vendors to address the problem.

Microsoft Keeps Clobbering and Attacking Firefox and Mozilla

  • Thousands of Firefox users accidentally commit login cookies on GitHub [Ed: Microsoft just doesn't care about security and the media is paid to blame the victims for Microsoft's own problems]

    Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions. These cookies.sqlite databases normally reside in the Firefox profiles folder. They're used to store cookies between browsing sessions. And they're findable by searching GitHub with specific query parameters, what's known as a search "dork." Aidan Marlin, a security engineer at London-based rail travel service Trainline, alerted The Register to the public availability of these files after reporting his findings through HackerOne and being told by a GitHub representative that "credentials exposed by our users are not in scope for our Bug Bounty program." [...] "I'm frustrated that GitHub isn't taking its users' security and privacy seriously," Marlin told The Register in an email. "The least it could do is prevent results coming up for this GitHub dork. If the individuals who uploaded these cookie databases were made aware of what they'd done, they'd s*** their pants."

  • Mozilla Performance Blog: Upgrading Page Load Tests to Use Mitmproxy 7

    mitmproxy is a third-party tool that we use to record and play back page loads in Firefox to detect performance regressions. The page load is “recorded” to a file: the page is loaded while mitmproxy is running, and the proxy logs all requests and responses made and saves them to a file. The page load can then be played back from this file; each response and request (referred to as a “flow”) made during the recording is played back without accessing the live site. Recorded page load tests are valuable for detecting performance regressions in Firefox because they are not dependent on changes to the site we are testing. If we tested using only live sites, it would be much more difficult to tell if a regression was caused by changes in Firefox or changes in the site being tested. So, as we run these tests over time, we have a history of how Firefox performs when replaying the same recording again and again, helping us to detect performance regressions that may be caused by recent changes to our code base.

  • When you use Bing to search for Chrome or Firefox, this is what happens instead.

    Microsoft can’t just put on their big boy pants and admit that people don’t like Edge and don’t want to use Edge. This reeks of desperation. But then, we didn’t suspect it would end with the paid shitposting about Edge on GNU/Linux or with the million ways you can accidentally launch Edge in Windows Vista SP11. Did we?

Emmanuele Bassi: Fair Weather Friends

Today I released libgweather-3.90.0, the first developers snapshot of GWeather 4... Read more Also: Felix Häcker: #19 Updated Calculations

Videos: KDE, Pi Servers, and Emacs

Linux-on-NXP boards from Kontron and SolidRun gain Arm SystemReady compliance

Kontron and SolidRun have each announced several NXP-based embedded products that have achieved Arm SystemReady certification for interoperable Linux stacks and boot systems. Following Arm’s formal announcement of its Arm SystemReady initiative in Oct. 2020, support for the interoperability program has begun to accelerate. Yesterday, Kontron announced three embedded Linux products based on NXP processors that have received Arm SystemReady certification for standardized firmware and hardware running on Arm-based CPUs. The products include its pITX-iMX8M Pico-ITX SBC and sandwich-style BL i.MX8M Mini, as well as a new KBox A-203-LS networking box with an NXP LS1028A. Read more

