Language Selection

English French German Italian Portuguese Spanish

Security

Security: DNS, Windows, Kaspersky and Lethal USB

Filed under
Security
  • The wave of domain hijackings besetting the Internet is worse than we thought

    The report was published Wednesday by Cisco’s Talos security group. It indicates that three weeks ago, the highjacking campaign targeted the domain of Sweden-based consulting firm Cafax. Cafax’s only listed consultant is Lars-Johan Liman, who is a senior systems specialist at Netnod, a Swedish DNS provider. Netnod is also the operator of i.root, one of the Internet’s foundational 13 DNS root servers. Liman is listed as being responsible for the i-root. As KrebsOnSecurity reported previously, Netnod domains were hijacked in December and January in a campaign aimed at capturing credentials. The Cisco report assessed with high confidence that Cafax was targeted in an attempt to re-establish access to Netnod infrastructure.

  • New Windows Zero-Day Vulnerability Grants Hackers Full Control Over PCs [Ed: The NSA already had these permissions. Now everyone has these.]

    According to the latest Kaspersky Lab Report, a Windows Zero-Day vulnerability is serving as a backdoor for hackers to take control of users’ PCs.

    The latest exploit utilizes a use-after-free attack and has a technical name CVE-2019-0895. The exploit is found in win32k.sys and grants hackers Local Privilege meaning they’re able to access resources usually outside of users’ capabilities.

  • New zero-day vulnerability CVE-2019-0859 in win32k.sys
  • AP Exclusive: Mysterious operative haunted Kaspersky critics

    He also asked Giles to repeat himself or speak louder so persistently that Giles said he began wondering “whether I should be speaking into his tie or his briefcase or wherever the microphone was.”

    “He was drilling down hard on whether there had been any ulterior motives behind negative media commentary on Kaspersky,” said Giles, a Russia specialist with London’s Chatham House thinktank who often has urged caution about Kaspersky’s alleged Kremlin connections. “The angle he wanted to push was that individuals — like me — who had been quoted in the media had been induced by or motivated to do so by Kaspersky’s competitors.”

  • Feds: Saint Rose grad used 'killer' device to fry computers

    In 2016, College of Saint Rose graduate assistant Vishwanath Akuthota said he believed there was a "lot of opportunity" for him at the school.

    On Monday, federal prosecutors said he took advantage of a different kind of opportunity — access to campus — when he destroyed dozens of computers at a cost of more than $50,000.

  • Student Uses “USB Killer” To Fry $58,000 Worth of Computers

OpenSSH 8.0 released

Filed under
Security
BSD

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Read more

Security: Updates, Oracle, Cisco, Buzzwords and Wi-Fi 'Hacking'

Filed under
Security

Gentoo News: Nitrokey partners with Gentoo Foundation to equip developers with USB keys

Filed under
Gentoo
Security

The Gentoo Foundation has partnered with Nitrokey to equip all Gentoo developers with free Nitrokey Pro 2 devices. Gentoo developers will use the Nitrokey devices to store cryptographic keys for signing of git commits and software packages, GnuPG keys, and SSH accounts.

Thanks to the Gentoo Foundation and Nitrokey’s discount, each Gentoo developer is eligible to receive one free Nitrokey Pro 2. To receive their Nitrokey, developers will need to register with their @gentoo.org email address at the dedicated order form.

A Nitrokey Pro 2 Guide is available on the Gentoo Wiki with FAQ & instructions for integrating Nitrokeys into developer workflow.

Read more

The Ecuadorean Authorities Have No Reason to Detain Free Software Developer Ola Bini

Filed under
Development
OSS
Security

Hours after the ejection of Julian Assange from the London Ecuadorean embassy last week, police officers in Ecuador detained the Swedish citizen and open source developer Ola Bini. They seized him as he prepared to travel from his home in Quito to Japan, claiming that he was attempting to flee the country in the wake of Assange’s arrest. Bini had, in fact, booked the vacation long ago, and had publicly mentioned it on his twitter account before Assange was arrested.

Ola’s detention was full of irregularities, as documented by his lawyers. His warrant was for a “Russian hacker” (Bini is neither); he was not read his rights, allowed to contact his lawyer nor offered a translator.

The charges against him, when they were finally made public, are tenuous. Ecuador’s general prosecutor has stated that Bini was accused of “alleged participation in the crime of assault on the integrity of computer systems” and attempts to destabilize the country. The “evidence” seized from Ola’s home that Ecuadorean police showed journalists to demonstrate his guilt was nothing more than a pile of USB drives, hard drives, two-factor authentication keys, and technical manuals: all familiar property for anyone working in his field.

Ola is a free software developer, who worked to improve the security and privacy of the Internet for all its users. He has worked on several key open source projects, including JRuby, several Ruby libraries, as well as multiple implementations of the secure and open communication protocol OTR. Ola’s team at ThoughtWorks contributed to Certbot, the EFF-managed tool that has provided strong encryption for millions of websites around the world.

Like many people working on the many distributed projects defending the Internet, Ola has no need to work from a particular location. He traveled the world, but chose to settle in Ecuador because of his love of that country and of South America in general. At the time of his arrest, he was putting down roots in his new home, including co-founding Centro de Autonomia Digital, a non-profit devoted to creating user-friendly security tools, based out of Ecuador’s capital, Quito.

Read more

Security: Updates, Spectre/Meltdown and Why Not to Install Software Packages From the Internet

Filed under
Security
  • Security updates for Tuesday
  • Revised Patches Out For New Kernel "mitigations=" Option For Toggling Spectre/Meltdown [Ed: Profoundly defective chips aren't being recalled/replaced (or even properly fixed). All the cost is being passed to the victim, the client, who should instead be compensated. Corporate greed has no bounds. They also hide NSA back doors in these chips. Imperial.]

    The effort to provide a more convenient / easy to remember kernel option for toggling Spectre/Meltdown mitigations is out with a second revision and they have also shortened the option to remember.

    See the aforelinked article if the topic is new to you, but this is about an arguably long overdue ability to easily control the Spectre/Meltdown behavior -- or configurable CPU mitigations in general to security vulnerabilities -- via a single kernel flag/switch. For the past year and a half of Spectre/Meltdown/L1TF mitigations there has been various different flags to tweak the behavior of these mitigations but not offering a single, easy-to-remember switch if say wanting to disable them in the name of restoring/better performance.

  • Why Not Install Software Packages From The Internet

    Someone from the Internet has told you not to execute random scripts you find on the Internet and now you're reading why we shouldn't install software packages from the Internet. Or more specifically, the aim of this article is why it's wise to stick to distribution maintained packages and not those latest software packages we find out there on the Internet even if it's distributed by the official brand's page.
    However, it's okay to download software packages that are not available on the distribution repository but not vice versa. Read on below to learn more about why.

Debian Web Team, Debian Long Term Support, and Security Leftovers

Filed under
Security
Debian
  • Debian Web Team Sprint 2019

    The Debian Web team held a sprint for the first time, in Madrid (Spain) from March 15th to March 17th, 2019.

    We discussed the status of the Debian website in general, review several important pages/sections and agreed on many things how to improve them.

  • Freexian’s report about Debian Long Term Support, March 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, March 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Your Favorite Ad Blocker Can Be Exploited To Infect PCs With Malicious Code

    In July 2018, the popular Adblock Plus software released its version 3.2 that brought a new feature called $rewrite. This feature allowed one to change the filter rules and decide which content got blocked and which didn’t. It was said that often there are content elements that are difficult to block. This feature was soon implemented by AdBlock as well as uBlock.

    In a troubling development, it has been revealed that this filter option can be exploited by notorious actors to inject arbitrary code into the web pages. With more than 100 million users of these ad blocking tools, this exploit has great potential to harm the web users.

  • Adblock Plus filter lists may execute arbitrary code in web pages

    A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released support for the new filter option. uBlock, being owned by AdBlock, also implemented the feature.

    Under certain conditions the $rewrite filter option enables filter list maintainers to inject arbitrary code in web pages.

    The affected extensions have more than 100 million active users, and the feature is trivial to exploit in order to attack any sufficiently complex web service, including Google services, while attacks are difficult to detect and are deployable in all major browsers.

  • Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.

    The disputes ares playing out in court. In a closely watched legal battle, Mondelez sued Zurich Insurance last year for a breach of contract in an Illinois court, and Merck filed a similar suit in New Jersey in August. Merck sued more than 20 insurers that rejected claims related to the NotPetya attack, including several that cited the war exemption. The two cases could take years to resolve.

    The legal fights will set a precedent about who pays when businesses are hit by a cyberattack blamed on a foreign government. The cases have broader implications for government officials, who have increasingly taken a bolder approach to naming-and-shaming state sponsors of cyberattacks, but now risk becoming enmeshed in corporate disputes by giving insurance companies a rationale to deny claims.

Security: DARPA, Updates, Microsoft Windows Incidents and Outlook Fiasco

Filed under
Security
  • DARPA Making An Anonymous And Hack-Proof Mobile Communication System

    The United States’ Defense Advanced Research Projects Agency, or DARPA, develops technologies that are deployed by the US army and sometimes the agency makes the technologies available for civilians as well. DARPA is behind many breakthrough technologies, including the internet itself, GPS, Unix, and Tor.

    Now, DARPA is currently working on an anonymous, end-to-end mobile communication system that would be attack-resilient and reside entirely within a contested network environment.

  • Security updates for Monday
  • Passwords and Policies | Roadmap to Securing Your Infrastructure
  • Adblock Plus filter lists may execute arbitrary code
  • FBI now investigating "RobinHood" ransomware attack on Greenville computers [Ed: Microsoft Windows TCO]
  • RobinHood Ransomware Is “Honest” And Promises To “Respect Your Privacy”

    The world of cybersecurity is full of surprises. From using Game of Thrones torrents to exploiting popular porn websites — notorious cybercriminals keep coming up with new ways to cause you harm.

    In a related development, a ransomware called RobinHood is spreading havoc in North Carolina, where the ransomware has crippled most city-owned PCs. The FBI is currently investigating the issue along with local authorities.

  • Purism at SCaLE 2019 – Retrospective on Secure PureBoot

    Once again, we were so busy we barely had the time to leave our booth: people were very interested in the Librem 5 devkit hardware, in the latest version of the Librem laptops and PureOS, on having the same apps for the Librem laptops and the Librem 5 phone… so we got to do the full pitch. On a less technical note, our swag was quite a success. People told us they loved our paper notebook and carpenter pencil, and asked questions about the pencils – which, according to Kyle Rankin, Chief Security Officer of Purism, have a section that is “kind of shaped like our logo”, and being carpenter pencils “are designed so you can sharpen them without having to use a proprietary pencil sharpener.” Visitors (and team) loved them for being beautiful, unusual and useful.

  • Hackers could read non-corporate Outlook.com, Hotmail for six months

    Late on Friday, some users of Outlook.com/Hotmail/MSN Mail received an email from Microsoft stating that an unauthorized third party had gained limited access to their accounts and was able to read, among other things, the subject lines of emails (but not their bodies or attachments, nor their account passwords), between January 1 and March 28 of this year. Microsoft confirmed this to TechCrunch on Saturday.

    The hackers, however, dispute this characterization. They told Motherboard that they can indeed access email contents and have shown that publication screenshots to prove their point. They also claim that the hack lasted at least six months, doubling the period of vulnerability that Microsoft has claimed. After this pushback, Microsoft responded that around 6 percent of customers affected by the hack had suffered unauthorized access to their emails and that these customers received different breach notifications to make this clear. However, the company is still sticking to its claim that the hack only lasted three months.

    Not in dispute is the broad character of the attack. Both hackers and Microsoft's breach notifications say that access to customer accounts came through compromise of a support agent's credentials. With these credentials, the hackers could use Microsoft's internal customer support portal, which offers support agents some level of access to Outlook.com accounts. The hackers speculated to Motherboard that the compromised account belonged to a highly privileged user and that this may have been what granted them the ability to read mail bodies. The compromised account has subsequently been locked to prevent any further abuse.

  • Three encryption tools for the cloud

    Safeguard your cloud storage with some preemptive file encryption. Here are three open source tools that get the job done in Linux.

    From a security perspective, cloud storage ought never to have happened. The trouble is, it relies on the ability of users to trust the provider, yet often the only assurance available is the provider’s word. However, the convenience of cloud storage is too great for many companies and individuals to avoid it. Fortunately, security can be regained by users storing only encrypted files.

    Numerous tools exist for encrypting in the cloud. Some are proprietary. However, these solutions also require trust -- they only shift the trust requirement to a third party, and basic security requires the user to verify security for themselves.

Windows Security Circus

Filed under
Microsoft
Security
  • ApparitionSec

    Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995.

  • Internet Explorer Flaw Lets Hackers Steal Your Files Even If You Don’t Use It

    Internet Explorer was already useless for most of us, but now it is dangerous to have the obsolete browser on your computer. A security researcher, John Page, found a new security flaw in Internet Explorer that allows hackers to steal data.

  • Internet Explorer exploit lets hackers steal your data even if you never use it

    Finally stopped using Internet Explorer? Good! But, now it’s time to completely delete it from your computer, too. Security researcher John Page has discovered a new security flaw that allows hackers to steal Windows users’ data thanks to Internet Explorer. The craziest part: Windows users don’t ever even have to open the now-obsolete web browser for malicious actors to use the exploit. It just needs to exist on their computer.

FlexiWAN Adopts an 'Open' Slant

Filed under
OSS
Security
  • Stealthy Start-Up Portends 'Second Wave of SD-WAN'
  • The First SD-WAN Open Source Driving the Second Wave of SD-WAN by flexiWAN
  • flexiWAN Launches With Open Source SD-WAN Architecture

    Will open source usher in the second-wave of SD-WAN? Startup flexiWAN's co-founder and CEO Amir Zmora thinks so.

  • FlexiWAN soft launches SD-WAN software based on open source architecture

    Israel-based start-up FlexiWAN has started conducting proof-of-concept trials to test its SD-WAN software product, which aims to use open source architecture as a differentiator. With this approach, the company hopes to attract IT managers by providing more control over the capabilities and elements within their networks.

  • FlexiWAN pushes SD-WAN into an open source architecture

    Among the goals of flexiWAN co-founder and CEO Amir Zmora is to give enterprises and service providers the ability to differentiate their SD-WAN services instead of relying on SD-WAN vendors to define them.

    After years of working in the VoIP space, and after attending numerous industry conferences where SD-WAN was a hot topic, Zmora said that he came to the realization that SD-WAN solutions were closed black boxes that didn't enable innovation.

    [...]

    Chua said he has been waiting to see an open-source approach to SD-WAN. He said there were two elements to SD-WAN; the SD-WAN element and the universal CPE element.

    "So, on the SD-WAN side of things, which is, I think, where he's (Zmora) starting, there are elements in place in open source where you can try to cobble things together to make an SD-WAN solution," Chua said. "So, there's IPSec or an open SSL VPN, firewalls, things like that.

    "What's missing is that cloud control policy elements that aren't quite there. So, there's no open source equivalent, that I know of, on the whole cloud control side for the centralized policies, centralized configuration and of all the different SD-WAN components out there."

Syndicate content

More in Tux Machines

Nebra Anybeam turns your Raspberry Pi into a pocket home cinema projector

TVs are available to buy in truly huge sizes these days, and with 4K (and upwards) resolution, movies and TV shows really come to life. But there’s something even more magical about watching a film projected onto a screen or a wall. With the right setup, it can be like having a cinema in your home. You don’t necessarily need to spend a fortune on a projector though. Nebra Anybeam can turn your Raspberry Pi into a cinema projector that you can slip into your pocket and take anywhere. Read more Also: Nebra AnyBeam - world's smallest pocket cinema projectors

Back in the Day: UNIX, Minix and Linux

I don't remember my UCSD email address, but some years later, I was part of the admin team on the major UUCP hub hplabs, and my email address was simply hplabs!taylor. Somewhere along the way, networking leaped forward with TCP/IP (we had TCP/IP "Bake Offs" to test interoperability). Once we had many-to-many connectivity, it was clear that the "bang" notation was unusable and unnecessarily complicated. We didn't want to worry about routing, just destination. Enter the "@" sign. I became taylor@hplabs.com. Meanwhile, UNIX kept growing, and the X Window System from MIT gained popularity as a UI layer atop the UNIX command line. In fact, X is a public domain implementation of the windowing system my colleagues and I first saw at the Xerox Palo Alto Research Center. PARC had computers where multiple programs were on the screen simultaneously in "windows", and there was a pointer device used to control them—so cool. Doug Englebart was inspired too; he went back to Stanford Research Institute and invented the mouse to make control of those windows easier. At Apple, they also saw what was being created at PARC and were inspired to create the Macintosh with all its windowing goodness. Still, who doesn't love the command line, as Ritchie and Kernighan had originally designed it in the early days of UNIX? (UNIX, by the way, is a wordplay on a prior multiuser operating system called Multics, but that's another story.) Read more

Python Programming Leftovers

GNU/Linux Leftovers

  • USB Support In Chrome OS 75 Will Make Linux Incredibly Versatile
    Chrome OS Linux instances are on the cusp of becoming immensely more useful and versatile based on a recent change spotted by Keith I Myers in the beta-specific Developer Channel following an update to version 75.0.3759.4. That's because while the update inevitably introduced some new bugs that will need to be squashed before a final release, it also included full support for USB devices on the Crostini side of the equation.
  • Old computer? Linux can give it a new lease on life
    The operating system is called Linux and was created in 1991 by Finnish student Linus Torvalds. He released Linux as open source which meant that any good programmer could tinker with it and improve upon the original. Today Linux is a popular free alternative for Windows and Mac computers and used by millions of people. The beauty is that Linux requires much less processing power and memory than Windows and is perfect for older computers.
  • At Least 27% Of Gentoo's Portage Can Be Easily LTO Optimized For Better Performance
    entooLTO is a configuration overlay for Gentoo's overlay to make it easy to enable Link Time Optimizations (LTO) and other compiler optimizations for enabling better performance out of the Gentoo packages. GentooLTO appears to be inspired in part by the likes of Clear Linux who employ LTO and other compiler optimization techniques like AutoFDO for yielding better performance than what is conventionally shipped by Linux distributions. The GentooLTO developers and users have wrapped up their survey looking at how practical this overlay configuration is on the massive Portage collection.  The initial GentooLTO survey has been going on since last October and they have collected data from more than 30 users. The survey found that of the Gentoo Portage 18,765 packages as of writing, at least 5,146 of them are working with the GentooLTO configuration.