Language Selection

English French German Italian Portuguese Spanish

Security

Why You Still Don’t Need Antivirus Software on Linux in 2020

Filed under
GNU
Linux
Security

There’s a division of opinion when it comes to the question; does Linux need antivirus? Well, the short answer is no. Some say viruses for Linux are rare; others say Linux’s security system is secure and much safer than other operating Windows.

So, is Linux really secure?

While no single operating system is entirely secure, Linux is known to be much more reliable than Windows or any operating system. The reason behind this is not the security of Linux itself but the minority of viruses and malware that exist for the operating system.

Viruses and malware are incredibly rare in Linux. They do exist though the likelihood of getting a virus on your Linux OS is very low. Linux based operating systems also have additional security patches that are updated regularly to keep it safer.

The userbase of Linux is tiny when compared to Windows. While Operating systems like Windows and Mac house all kinds of users, Linux is inclined more towards advanced users. In the end, It all comes down to the caution taken by the user.

Can you get viruses on Linux?

Yes, before you assume anything, viruses and malware can affect any operating system.

No operating system is 100% safe, and it’s a fool errand to look for one. Like Windows and Mac OS, you can get viruses on Linux. However rare they are, they still exist.

On the official page of Ubuntu, a Linux based OS, it is said that Ubuntu is highly secure. A lot of people installed Ubuntu for the sole purpose of having a dependable OS when it comes to the security of their data and sensitive details.

Read more

Security: Patches, Bugs, RMS Talk and NG Firewall 15.0

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, ksh, and sudo), Debian (php7.0 and python-django), Fedora (cacti, cacti-spine, mbedtls, and thunderbird), openSUSE (chromium, re2), Oracle (firefox, java-1.7.0-openjdk, and sudo), Red Hat (openjpeg2 and sudo), Scientific Linux (java-1.7.0-openjdk and sudo), SUSE (dbus-1, dpdk, enigmail, fontforge, gcc9, ImageMagick, ipmitool, php72, sudo, and wicked), and Ubuntu (clamav, linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-azure, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3, linux-lts-xenial, linux-aws, and qemu).

  • Certificate validity and a y2k20 bug

    One of the standard fields of an SSL certificate is the validity period. This field includes notBefore and notAfter dates which, according to RFC5280 section 4.1.2.5, indicates the interval "during which the CA warrants that it will maintain information about the status of the certificate"

    This is one of the fields that should be inspected when accepting new or unknown certificates.

    When creating certificates, there are a number of theories on how long to set that period of validity. A short period reduces risk if a private key is compromised. The certificate expires soon after and can no longer be used. On the other hand, if the keys are well protected, then there is a need to regularly renew those short-lived certificates.

  • Free Software is protecting your data – 2014 TEDx Richard Stallman Free Software Windows and the NSA

    Libre booted (BIOS with Linux overwritten) Thinkpad T400s running Trisquel GNU/Linux OS. (src: https://stallman.org/stallman-computing.html)

    LibreBooting the BIOS?

    Yes!

    It is possible to overwrite the BIOS of some Lenovo laptops (why only some?) with a minimal version of Linux.

  • NG Firewall 15.0 is here with better protection for SMB assets

    Here comes the release of NG Firewall 15.0 by Untangle with the creators claiming top-notch security for SMB assets. Let’s thoroughly discuss the latest NG Firewall update.

    With that being said, it only makes sense to first introduce this software to the readers who aren’t familiar with it. As the name ‘NG Firewall’ suggests, it is indeed a firewall but a very powerful one. It is a Debian-based and network gateway designed for small to medium-sized enterprises.

    If you want to be up-to-date with the latest firewall technology, your best bet would be to opt for this third-generation firewall. Another factor that distinguishes the NG Firewall from other such products in the market is that it combines network device filtering functions and traditional firewall technology.

Unsigned Firmware Puts Windows, Linux Peripherals at Risk

Filed under
Security

Researchers at firmware security company Eclypsium on Tuesday released new research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers.

Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

The demonstration shows the exposed attack vector once firmware on any of these components is infected using the issues the report describes. The malware stays undetected by any software security controls.

Unsigned firmware provides multiple pathways for malicious actors to compromise laptops and servers. That leaves millions of Windows and Linux systems at risk of firmware attacks that can exfiltrate data, disrupt operations and deliver ransomware, warned Eclypsium.

Read more

Proprietary Software and Security

Filed under
Software
Security
  • TurboTax Is Still Tricking Customers With Tax Prep Ads That Misuse the Word “Free”

    On Dec. 30, the IRS announced it was revamping a long-standing agreement with the online tax preparation industry in which companies offer free filing to people with incomes below certain levels, a category that includes 70% of filers. The change in what’s known as the Free File program came in the wake of multiple ProPublica articles that revealed how the companies in the program steered customers eligible for free filing to their paid offerings. Under the updated agreement, the companies are now prohibited from hiding their Free File webpages from Google searches, and the IRS was allowed to create its own online tax-filing system.

    So far, it seems, the companies are abiding by their promise to make their Free File webpages visible in online searches. But the updated agreement appears to have a loophole: It doesn’t apply to advertising. Nothing in it, the agreement states, “limits or changes the rights” of participating companies to advertise “as if they were not participating in the Free File program.”

  • Ransomware Shuts Gas Compressor for 2 Days in Latest Attack [iophk: Windows TCO]

    It appears likely that the attacker explored the facility’s network to “identify critical assets” before executing the ransomware attack, according to Nathan Brubaker, a senior manager at the cybersecurity firm FireEye Inc. This tactic -- which has become increasingly popular among hackers -- makes it “possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators,” he said.

  • Twitter says Olympics, IOC accounts [cracked]

    Twitter (TWTR.N) said on Saturday that an official Twitter account of the Olympics and the International Olympic Committee’s (IOC) media Twitter account had been [cracked] and temporarily locked.

    The accounts were [cracked] through a third-party platform, a spokesperson for the social media platform said in an emailed statement, without giving further details.

  • Olympics, IOC accounts were [cracked], Twitter says

    The social media company Twitter on Saturday said that the official Twitter accounts for the Olympics as well as the International Olympic Committee (IOC) have both been [cracked] and temporarily locked.

  • Apple warns revenue will be lower than expected because of coronavirus impact

    In a rare investor update on Monday, Apple said the global effects of the coronavirus outbreak are having have a material impact on the company bottom line. The company does not expect to meet its own revenue guidance for the second quarter due to the impact of the virus, and warns that “worldwide iPhone supply will be temporarily constrained.” Store closures and reduced retail traffic in China are also expected to have a significant impact.

    All of Apple’s iPhone manufacturing partner sites have been reopened but are “ramping up more slowly than we had anticipated,” which means that fewer iPhones than expected will be manufactured. As a result, “[t]hese iPhone supply shortages will temporarily affect revenues worldwide,” says Apple.

  • We decided to leave AWS

    For past adventures, I mostly use third-party email delivery services like Postmark, SendGrid, SES, etc. Unfortunately their pricing models are based on the number of emails, which are not compatible with the unlimited forwards/sends that SimpleLogin offers. In addition, we want SimpleLogin to be easily self-hosted and its components fit on a single server. For these reasons, we decide to run our MTA (Mail Transfer Agent) on EC2 directly.

  • [Old] Kerberos (Sleepy: How does Kerberos work? – Theory

    The objective of this series of posts is to clarify how Kerberos works, more than just introduce the attacks. This due to the fact that in many occasions it is not clear why some techniques works or not. Having this knowledge allows to know when to use any of those attacks in a pentest.

    Therefore, after a long journey of diving into the documentation and several posts about the topic, we’ve tried to write in this post all the important details which an auditor should know in order to understand how take advantage of Kerberos protocol.

    In this first post only basic functionality will be discussed. In later posts it will see how perform the attacks and how the more complex aspects works, as delegation.

  • [Old] Kerberos (II): How to attack Kerberos?

    These attacks are sorted by the privileges needed to perform them, in ascending order. Thus, to perform the first attacks only connectivity with the DC (Domain Controller) is required, which is the KDC (Key Distribution Center) for the AD (Active Directory) network. Whereas, the last attack requires a user being a Domain Administrator or having similar privileges.

  • Kerberos (III): How does delegation work?

    In this article, we will focus on understand how the different kinds of delegation work, including some special cases. Additionally, some scenarios where it could be possible to take advantage of these mechanisms in order to leverage privilege escalation or set persistence in the domain will be introduced.

    Before starting with the explanations, I will assume that you already understand Kerberos’ basic concepts. However, if expressions like TGT, TGS, KDC or Golden ticket sound strange to you, you should definitely check the article “How does Kerberos works?” or any related Kerberos’ introduction.

GNOME 3.34.4 Released with Various Improvements and Bug Fixes

Filed under
GNOME
Security

Released on September 2019, the GNOME 3.34 “Thessaloniki” desktop environment is the first to adopt a new release cycle with extended maintenance updates. Previous GNOME releases only received two maintenance updates during their support cycle.

Therefore, GNOME 3.34.4 is here as a minor bugfix release to GNOME 3.34, addressing various issues, as well as updating translations across several components and applications. Among the changes, there’s a big GTK update with better Wayland support, VP8 encoding for the built-in screen-recorder, and another major Vala update.

Read more

Critical Sudo Vulnerability Now Patched in CentOS 7 and RHEL 7

Filed under
Red Hat
Security

A critical vulnerability (CVE-2019-18634) was discovered earlier this month by Joe Vennix in the Sudo package, a program that lets users run programs in a UNIX system with the security privileges of another user. The flaw could allow an unprivileged user to obtain full root privileges.

Affected Sudo versions included all releases from v1.7.1 to v1.8.25p1. However, it was discovered that it doesn’t affect systems that did not had the pwfeedback option enabled in the /etc/sudoers file. For more details you can check out our previous report.

Read more

Linux and Security

Filed under
Linux
Security
  • Why Not WireGuard

    The latest thing that is getting a lot of attention is WireGuard - the new shooting star in terms of VPN. But is it as great as it sounds? I would like to discuss some thoughts, have a look at the implementation and tell you why WireGuard is not a solution that will replace IPsec or OpenVPN.

    In this article I would like to debunk the myths. It is a long read. If you are in need of a tea of coffee, now is the time to make it. Thanks to Peter for proof-reading my chaotic thoughts.

    I do not want to discredit the developers of WireGuard for their efforts or for their ideas. It is a working piece of technology, but I personally think that it is being presented as something entirely different - as a replacement for IPsec and OpenVPN which it simply is not.

    As a side-note, I think that the media is responsible for this and not the WireGuard project itself.

    There has not been much positive news around the Linux kernel recently. They have reported of crushing processor vulnerabilities that have been mitigated in software, Linus Torvalds using too harsh language and just boring developer things. The scheduler or a zero-copy network stack are not very approachable topics for a glossy magazine. WireGuard is.

  • Kees Cook: security things in Linux v5.4

    Linux kernel v5.4 was released in late November. The holidays got the best of me, but better late than never!

Security: Patches, Core Infrastructure Initiative (CII), Crypto AG, More Issues

Filed under
Linux
Security
  • Security updates for Tuesday

    Security updates have been issued by Arch Linux (systemd and thunderbird), Debian (clamav, libgd2, php7.3, spamassassin, and webkit2gtk), Fedora (kernel, kernel-headers, and sway), Mageia (firefox, kernel-linus, mutt, python-pillow, sphinx, thunderbird, and webkit2), openSUSE (firefox, nextcloud, and thunderbird), Oracle (firefox and ksh), Red Hat (curl, java-1.7.0-openjdk, kernel, and ruby), Scientific Linux (firefox and ksh), SUSE (sudo and xen), and Ubuntu (clamav, php5, php7.0, php7.2, php7.3, postgresql-10, postgresql-11, and webkit2gtk).

  • The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security

    The Linux Foundation’s Core Infrastructure Initiative (CII), a project that helps support best practices and the security of critical open source software projects, and the Laboratory for Innovation Science at Harvard (LISH), today announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`

    This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

    “The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. “The report begins to give us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software.”

  •                    

  • [Attackers] are demanding nude photos to unlock files in a new ransomware scheme targeting women

                         

                           

    The malware doesn’t appear to be the first to demand explicit images: In 2017, security firm Kaspersky reported another type of ransomware that demanded nude photos in exchange for unlocking access to infected computers. In other cases, scammers on dating apps have requested nude photos from would-be suitors, then held them for ransom by threatening to leak the photos.

  • Alarming ‘Hidden’ Cyber Attack Leaves Millions Of Windows And Linux Systems Vulnerable [Ed: Misleading headline from decades-long Microsoft booster. This isn't an OS level issue.]

    Vulnerabilities that can be hidden away out of sight are amongst the most-coveted by cyber-criminals and spooks alike. That's why zero-day vulnerabilities are deemed so valuable, and cause so much high-level concern when they are exposed. It's also why the CIA secretly purchased an encryption equipment provider to be able to hide backdoors in the products and spy upon more than 100 governments.

    While we are almost accustomed to reading government warnings about vulnerabilities in the Windows operating system, Linux cybersecurity threat warnings are less common. Which is partly why this report on the hidden exploit threat within both Linux and Windows systems caught my eye. The Eclypsium researchers concentrated on unsigned firmware as this is a known attack vector, which can have devastating implications, yet one in which vendors have appeared to be slow taking seriously enough. The unsigned firmware in question was found in peripherals used in computers from Dell, Lenovo and HP as well as other major manufacturers. They also demonstrated a successful attack using a network interface card with, you guessed it, unsigned firmware that is used by the big three server manufacturers. "Despite previous in-the-wild attacks," the report said, "peripheral manufacturers have been slow to adopt the practice of signing firmware, leaving millions of Windows and Linux systems at risk of firmware attacks that can exfiltrate data, disrupt operations and deliver ransomware."

    The truth is that, as far as cybersecurity is concerned, much of the defensive effort is focused on the operating system and applications. Hardly surprising, given these are the most visible attack surfaces. By not adding firmware into the threat prevention model, however, organizations are leaving a gaping hole just waiting to be filled by threat actors. "This could lead to implanted backdoors, network traffic sniffing, data exfiltration, and more," says Katie Teitler, a senior analyst at TAG Cyber. "Unfortunately, though, firmware vulnerabilities can be harder to detect and more difficult to patch," she says, "best practice is to deploy automated scanning for vulnerabilities and misconfigurations at the component level, and continuously monitor for new issues or exploits."

  • The Week in Internet News: CIA Had Encryption Backdoor for Decades

    The U.S. CIA secretly had an ownership stake in Swiss encryption company Crypto AG for decades and was able to read encrypted messages sent using the company’s technology, the Washington Post reports. West German intelligence agencies worked with the CIA. Forbes columnist Jody Westby called for a congressional investigation.

  • Insights from Avast/Jumpshot data: Pitfalls of data anonymization

    There has been a surprising development after my previous article on the topic, Avast having announced that they will terminate Jumpshot and stop selling users’ data. That’s not the end of the story however, with the Czech Office for Personal Data Protection starting an investigation into Avast’s practices. I’m very curious to see whether this investigation will confirm Avast’s claims that they were always fully compliant with the GDPR requirements. For my part, I now got a glimpse of what the Jumpshot data actually looks like. And I learned that I massively overestimated Avast’s success when anonymizing this data.

    [...]

    The data I saw was an example that Jumpshot provided to potential customers: an excerpt of real data for one week of 2019. Each record included an exact timestamp (milliseconds precision), a persistent user identifier, the platform used (desktop or mobile, which browser), the approximate geographic location (country, city and ZIP code derived from the user’s IP address), a guess for user’s gender and age group.

    What it didn’t contain was “every click, on every site.” This data sample didn’t belong to the “All Clicks Feed” which has received much media attention. Instead, it was the “Limited Insights Pro Feed” which is supposed to merely cover user’s shopping behavior: which products they looked at, what they added to the cart and whether they completed the order. All of that limited to shopping sites and grouped by country (Germany, UK and USA) as well as product category such as Shoes or Men’s Clothing.

    This doesn’t sound like there would be all too much personal data? But there is, thanks to a “referrer” field being there. This one is supposed to indicate how the user came to the shopping site, e.g. from a Google search page or by clicking an ad on another website. Given the detailed information collected by Avast, determining this referrer website should have been easy – yet Avast somehow failed this task. And so the supposed referrer is typically a completely unrelated random web page that this user visited, and sometimes not even a page but an image or JSON data.

    If you extract a list of these referrers (which I did), you see news that people read, their web mail sessions, search queries completely unrelated to shopping, and of course porn. You get a glimpse into what porn sites are most popular, what people watch there and even what they search for. For each user, the “limited insights” actually contain a tiny slice of their entire browsing behavior. Over the course of a week this exposed way too much information on some users however, and Jumpshot customers watching users over longer periods of time could learn a lot about each user even without the “All Clicks Feed.”

  • Byos Cautions RSA Conference 2020 Attendees, Travelers and General Public to “Dirty Half-Dozen” Public Wi-Fi Risks

    Byos, Inc., an endpoint security company focused on concept of Endpoint Microsegmentation through Hardware-Enforced Isolation, recommends caution for attendees of major conferences and events such as the RSA Conference 2020, a leading cybersecurity conference in San Francisco, February 24-28, and travelers in general risks of Free Wi-Fi. Many attendees will access the Internet via multiple free Wi-Fi connection points from Hotels, Airports, Coffee Shops and the Conference itself, and every free Wi-Fi access presents security risks for users that Byos calls “The Dirty Half-Dozen.”

    [...]

    The Dirty Half-Dozen risks are:

    Scanning, enumerating, and fingerprinting
    Eavesdropping
    Evil-Twin Wi-Fi
    Exploits
    Lateral network infections
    DNS hijacking

Gpg4KDE & GPG4win Approved for Transmission & Processing of National Classified Information

Filed under
KDE
Security

Something that may have slipped you by: Back in November, the German Federal Office for Information Security approved Gpg4KDE and Gpg4win for the transmission and processing of national classified information.

Gpg4KDE is the encryption system that you use each time you encrypt and sign messages in KMail. Gpg4win, used for encrypting and signing emails on Windows, is built upon KDE's certificate manager Kleopatra. The German Government has now ranked both secure enough to be used when transmitting messages with VS-ONLY FOR SERVICE USE (VS-NfD), EU RESTRICTED and NATO RESTRICTED levels of confidentiality.

In view of the recent Rubicon/Crypto AG/CIA scandal, this is further evidence that FLOSS encryption technology is the only reliable encryption technology.

Read more

Security and FUD Leftovers

Filed under
Linux
Security
  • Fwupd 1.3.8 Brings More Improvements For Firmware Updating On Linux Systems

    Red Hat's Richard Hughes has released Fwupd 1.3.8 as the latest version of this Linux utility for performing firmware updates of various system components.

    With the meteoric rise of Fwupd and LVFS, more Fwupd releases are having to deal with quirks and other peculiarities of different hardware components seeing Fwupd support and v1.3.8 is no different. Fwupd 1.3.8 adds a plug-in to support updating the power delivery controllers by Fresco Logic, a fix for Synaptics multi-stream transport devices, various EFI fixes/improvements, more parent devices are detected for different Lenovo USB hubs, support for GNUEFI file locations, and other fixes.

  • Cyber-gangs using SSH identities to sell on the black market [Ed: How to associate secure shell, SSH, with "black market", skull and bones, just because of machines that are already cracked because of something totally unrelated]

    Malware campaigns equipped with the capability to exploit powerful, hidden backdoors are becoming commoditised, researchers from Venafi have warned.

    The research shows several high-profile hacker campaigns are integrating the misuse of SSH machine identities capabilities into their attacks.

    Now, any attacker with access to the dark web can gain access to the same techniques that took down the Ukrainian power grid against every business and government agency.

    Malware can target common SSH machine identities used to access and automate Windows, Linux and MacOS in the enterprise and out to the cloud.

  • SAMM v2 – OWASP releases revamped security assurance framework

    A revamped version of OWASP’s Software Assurance Maturity Model (SAMM) adds automation along with maturity measurements to the open source security-related framework.

    OWASP SAMM v2 – released on Tuesday after three years of refinement – is geared towards helping organizations that develop software to travel down the path towards becoming more secure.

    The approach is based on a community-led open source framework that “allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational software development lifecycle”.

    [...]

    The OWASP SAMM community includes security knowledgeable volunteers from both businesses and educational organizations. The global community works to create “freely-available articles, methodologies, documentation, tools, and technologies”.

  • Smack: Some more busy nights and 12 bytes of IV

    Anu brought up the fact that the OMEMO XEP is not totally clear on the length of initialization vectors used for message encryption. Historically most clients use 16 bytes length, while normally you would want to use 12. Apparently some AES-GCM libraries on iOS only support 12 bytes length, so using 12 bytes is definitely desirable. Most OMEMO implementations already support receiving 12 bytes as well as 16 bytes IV.

Syndicate content

More in Tux Machines

Android Leftovers

Supporting an open source operating system: a Q&A with the FreeBSD Foundation

When discussing alternative operating systems to Microsoft’s Windows or Apple’s macOS, Linux often comes to mind. However, while Linux is a recreation of UNIX, FreeBSD is more of a continuation. The free and open source operating system was initially developed by students at the University of California at Berkeley which is why the BSD in its name stands for Berkeley Software Distribution. FreeBSD runs on its own kernel and all of the operating system’s key components have been developed to be part of a single whole. This is where it differs the most from Linux because Linux is just the kernel and the other components are supplied by third parties. To learn more about FreeBSD and its ongoing development, TechRadar Pro spoke to the executive director of the FreeBSD Foundation, Deb Goodkin. Read more

Linux-driven ADAS computer features 6x FAKRA cameras

VIA’s rugged “VIA Mobile360 M810” in-vehicle computer runs Linux on a Snapdragon 820E and offers 6x FAKRA camera ports plus software for ADAS, driver monitoring, surround view, and DVR. Taiwan-based VIA Technologies, which appears to be increasingly focused on automotive and other vision processing applications, has launched an ADAS (Advanced Driver Assistance System) computer primarily aimed at bus fleets, but also available for trucks and delivery vans. The VIA Mobile360 M810 follows earlier Mobile360 systems such as the VIA Mobile360 D700 Drive Recorder, which runs Linux on a dual -A53 Novatek NT96685T SoC, and the VIA Mobile360 Surround View Sample Kit, which runs Android 5.0 on an unnamed octa-core SoC. Read more

KDE’s Plasma Mobile Is Shaping Up Nicely on the PinePhone

Last month, we took a closer look at how UBports’ Ubuntu Touch mobile OS progressed on the PinePhone, thanks to a video shared by developer Marius Gripsgård. Now, we have a sneak peek at another great system for the PinePhone, KDE’s Plasma Mobile. Unlike Ubuntu Touch, which is a full-fledged mobile operating system, Plasma Mobile is actually a user interface (UI) for mobile devices running on top of a GNU/Linux distribution, such as KDE neon or the Alpine Linux-based postmarketOS. Read more