Language Selection

English French German Italian Portuguese Spanish


Security Leftovers

Filed under
  • Chinese hackers [sic] stole sensitive data from Navy contractor: report
  • John Kelly's phone was hacked [sic]

    Citing 2 unnamed U.S. officials, Politico says White House officials have narrowed down the time and likely location of the hack [sic]: President Donald Trump’s Washington transition headquarters, in late 2016.

  • Marcus Hutchins, WannaCry-killer, hit with four new charges by the FBI

    "Spend months and $100k+ fighting this case, then they go and reset the clock by adding even more bullshit charges like 'lying to the FBI,'" Hutchins wrote on his Twitter, calling for donations by adding a quote from Starcraft video game: "We require more minerals."

  • US Government Probes Airplane Vulnerabilities, Says Airline Hack [sic] Is ‘Only a Matter of Time’

    According to DHS and other US government documents obtained by Motherboard, the DHS is continuing to investigate how insecure commercial aircraft are to cyber attacks, with one research lab saying hacking a plane may lead to a "catastrophic disaster."

  • Stymied by browsers, attackers embed Flash 0-day inside MS Office document

    On Thursday, Adobe published a patch for the critical vulnerability, indexed as CVE-2018-5002. The stack-based buffer overflow was being triggered in an Office document that embedded a link to a Flash file stored on Once executed, the malicious file then downloaded a malicious payload from the same domain. That’s according to researchers from security firms Icebrg and Qihoo 360, which independently discovered the attacks and privately reported them to Adobe and wrote about it here and here.

  • In a blow to e-voting critics, Brazil suspends use of all paper ballots

    In an 8-2 majority, justices on Wednesday sided with government arguments that the paper trails posed a risk to ballot secrecy, Brazil’s Folha De S.Paulo newspaper reported on Thursday. In so doing, the justices suspended a requirement that 5 percent of Brazil’s ballot boxes this year use paper. That requirement, by Brazil’s Supreme Electoral Court, already represented a major weakening of an election reform bill passed in 2015.

Security: RedEye, ARM64, "DevSecOps Gains Enterprise Traction"

Filed under
  • RedEye Ransomware Destroys Your PC Files If Payment Isn’t Made

    Cyptojacking is the latest buzzword in the cybersecurity world. The notorious cybercriminals have taken the advantage of the growing cryptocurrency craze. Prior to that, ransomware like WannaCry didn’t leave any stone unturned in ruining the digital lives of many people.

  • RedEye ransomware: there's more than meets the eye
  • ARM64 Patches For Linux 4.18 Roll Out With Spectre V4 Mitigation

    The ARM64 (64-bit ARM / AArch64) architecture updates have been submitted today for the Linux 4.18 kernel.

    Arguably the most notable addition for ARM64 in Linux 4.18 is now having Spectre Variant Four mitigation after the ARM patches had been floating around in recent weeks. The ARM64 mitigation follows the x86 approach in Speculative Store Bypass Disable (SSBD) for addressing this recent CPU vulnerability. The ARM64 SSBD support relies upon an SMC firmware call to set a hardware chicken bit.

    The ARM64 pull also includes ACPI Processor Properties Topology Table (PPTT) support, which exposes processor and cache topology as part of the ACPI 6.2 specification. The ACPI PPTT ARM64 patches have been floating around since last year while now are merged.

  • arm64 patches for 4.18

    Please pull the arm64 updates for 4.18 below. Apart from the core arm64 and perf changes, the Spectre v4 mitigation touches the arm KVM code and the ACPI PPTT support touches drivers/ (acpi and cacheinfo). I should have the maintainers' acks in place.

  • DevSecOps Gains Enterprise Traction

Security: Updates, MyHeritage, Routers and

Filed under
  • Security updates for Friday
  • 92 million MyHeritage users had their data quietly swiped

    Email addresses and hashed passwords of more than 92 million MyHeritage users were exposed in a cybersecurity breach on October 26, 2017, the popular genealogy company reported Monday, June 4, 2018.

  • Global Russian-Linked Router Malware Even Worse Than Originally Stated

    Late last month, the FBI announced that hackers working for the Russian government had managed to infect roughly 500,000 routers in 54 countries with a particularly-nasty piece of malware known as VPN Filter. The malware, which infected routers from vendors like Linksys, MikroTik, Netgear, TP-Link, and certain network-attached storage devices from companies like QNAP, gave attackers the ability to track a victim's internet usage, launch attacks on other networks, and permanently destroy the devices upon command.

  • Hack Exposes 276,000 User Accounts is a free help and support forum for Linux distributions software, and computer hardware, which currently hosts more than 200,000 registered members. The website was launched back in 2001, and in 2008 it changed ownership, now being owned by MAS Media Inc.

    The data breach is a consequence of the forums using an old version of vBulletin (version 4.2.2, released back in October 2013), a proprietary Internet forum software. Along with the 276k unique email addresses, usernames, IP addresses and salted MD5 password hashes were also leaked. Using salted MD5 password hashes is a bad idea because... well, MD5 is very fast, so an attacker can try billions of password combinations per second.

  • Change your linuxforums dot org passwords

Security: Bugcrowd, Spectre, and VPNFilter

Filed under
  • Severe Flaws Drive Rise in Bug Bounty Payouts, Bugcrowd Reports

    Bugcrowd released its 2018 State of the Bug Bounty report on June 6, revealing key trends in the evolving market for bug bounties.

    Among the high-level findings in the report is that organizations are now paying more for vulnerability disclosures than they have in prior years. Across Bugcrowd's platform, the average bug bounty is now $781, which is a 73 percent increase over the company's 2017 report.

  • 32-bit ARM Finally Gets Mitigated For Spectre V1/V2 With Linux 4.18
  • A Tentative Linux Kernel Patch For Able AMD CPUs To Address Spectre V4 / SSBD

    Linux kernel developer veteran Konrad Rzeszutek Wilk at Oracle has posted a set of experimental/debug patches for dealing with AMD "Speculative Store Bypass Disable" (SSBD) support for mitigating the Spectre Variant Four vulnerability.

  • VPNFilter Update - VPNFilter exploits endpoints, targets new devices

    Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints. Talos recently published a blog about a broad campaign that delivered VPNFilter to small home-office network devices, as well as network-attached storage devices. As we stated in that post, our research into this threat was, and is, ongoing. In the wake of that post, we have had a number of partners step forward with additional information that has assisted us in our work. This post is an update of our findings over the past week.

  • VPNFilter Router Malware Is Still Alive: More Devices Infected, New Capabilities Added

Overhyped ZIP Bug and FlightSimLabs DRM

Filed under

Security: Updates, Zip, Android

Filed under
  • Security updates for Wednesday
  • Loose .zips sink chips: How poisoned archives can hack your computer

    Specifically, the flaws, dubbed "Zip Slip" by its discoverers at security outfit Snyk, is a path traversal flaw that can potentially be exploited to perform arbitrary code execution attacks. It affects certain tools that handle .zip, .tar, .war, .cpio, and .7z formats.

    The programming blunders are present in developer libraries made by Apache, Oracle, and others, which are used by thousands of applications. Patches are available for the libraries, and products and programs using the insecure code should be updated to bring in the fixes and then pushed out to the public so people can install them and be safe.

  • Why Viruses on Android Aren’t Really an Issue

    Android itself is a pretty secure operating system—a statement that has only gotten truer over the last few years. Right out of the box, all mainstream Android phones feature a locked bootloader to prevent access to the system partition. Optional “sideloading” of non-approved apps is also disabled by default.

Security: Free Software Tools, Reproducible Builds and Updates

Filed under
  • 10 Open Source Security Tools You Should Know

    The people, products, technologies, and processes that keep businesses secure all come with a cost — sometimes quite hefty. That is just one of the reasons why so many security professionals spend at least some of their time working with open source security software.

    Indeed, whether for learning, experimenting, dealing with new or unique situations, or deploying on a production basis, security professionals have long looked at open source software as a valuable part of their toolkits.

    However, as we all are aware, open source software does not map directly to free software; globally, open source software is a huge business. With companies of various sizes and types offering open source packages and bundles with support and customization, the argument for or against open source software often comes down to its capabilities and quality.

    For the tools in this slide show, software quality has been demonstrated by thousands of users who have downloaded and deployed them. The list is broken down, broadly, into categories of visibility, testing, forensics, and compliance. If you don't see your most valuable tool on the list, please add them in the comments.

  • Open Source Tools for Active Defense Security

    So, what can we do when this happens? One option is to employ free or open source tools in limited deployment. This choice can help demonstrate value and work as a proof point for future budget conversations — and can even work for a strategy like active defense.

  • Reproducible Builds: Weekly report #162
  • Security updates for Tuesday

Security: Updates, Security Podcast and Google Groups Misconfiguration

Filed under

Security Leftovers

Filed under
  • Sonic & Ultra signals can be used to crash Windows, Linux & hard drives [Ed: Overhyped nonsense. Like bit flippers.]

    It is quite common to have crashed hard drives, which is mainly caused by thermal stress due to excessive, repeated heating and cooling or the physical shock that results from being dropped or knocked. This is especially common in laptops.

  • Ethical hacker, 86, rises to Santander’s challenge

    An 86-year-old ethical hacker managed to create and distribute a fake phishing scam and hack a Wi-Fi hotspot in less than 17 minutes using online guides.

  • More kbuild for reproducible builds
  • Finnish hackers steal casino’s high-roller database by hacking an aquarium

    A casino in North America was recently hacked by a hacker or a group of hackers who used the casinos fish tank as their access point. According to Darktrace CEO, Nicole Eagan, the attackers used the aquarium in the lobby which was connected to a computer with access to the internet. The computer was being used to regulate the temperature and also check the cleanliness of the water in the aquarium.

  • State Websites Are Hackable [sic] — And That Could Compromise Election Security

    Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.

  • [Older] VPNFilter: New Router Malware with Destructive Capabilities

    A new threat which targets a range of routers and network-attached storage (NAS) devices is capable of knocking out infected devices by rendering them unusable. The malware, known as VPNFilter, is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot. VPNFilter has a range of capabilities including spying on traffic being routed through the device. Its creators appear to have a particular interest in SCADA industrial control systems, creating a module which specifically intercepts Modbus SCADA communications.

  • Back to basics: What sysadmins must know about logging and monitoring

    Without system logs, you’re not administering a system; you’re running a black box and hoping for the best. That’s no way to run servers, whether they are physical, virtual, or containerized.

    So, here are some of the basics to keep in mind as you approach server logging in the 21st century. These are all practices that I either use myself or picked up from other sysadmins, including many from the invaluable Reddit/sysadmin group.

  • YubiKey comes to the iPhone with Mobile SDK for iOS and LastPass support

Security Leftovers

Filed under
  • Security updates for Friday
  • 75% of public-facing Redis servers are infected with malware; here's how to fix it [Ed: These figures are extremely questionable and likely just a publicity stunt from Incapsula, which wants to sell its proprietary stuff]
  • Linux Fu: Counter Rotate Keys!

    If you’ve done anything with a modern Linux system — including most variants for the Raspberry Pi — you probably know about sudo. This typically allows an authorized user to elevate themselves to superuser status to do things.

    However, there is a problem. If you have sudo access, you can do anything — at least, anything the sudoers file allows you to do. But what about extremely critical operations? We’ve all seen the movies where launching the nuclear missile requires two keys counter-rotated at the same time and third firing key. Is there an equivalent for Linux systems?

    It isn’t exactly a counter-rotating key, but the sudo_pair project — a prelease open-source project from Square — gives you something similar. The project is a plugin for sudo that allows you to have another user authorize a sudo request. Not only do they authorize it, but they get to see what is happening, and even abort it if something bad is happening.

Syndicate content

More in Tux Machines

Red Hat News

  • An Open Source Load Balancer for OpenShift
    A highly-available deployment of OpenShift needs at least two load balancers: One to load balance the control plane (the master API endpoints) and one for the data plane (the application routers). In most on-premise deployments, we use appliance-based load balancers (such as F5 or Netscaler).
  • Red Hat Beefs Up Platform as a Service Suite
    Red Hat has begun shipping Red Hat Fuse 7, the next major release of its distributed, cloud-native integration solution, and introduced a new fully hosted low-code integration platform as a service (iPaaS) offering, Fuse Online. With Fuse 7, the vendor says expanding its integration capabilities natively to Red Hat OpenShift Container Platform, an enterprise Kubernetes platform. Fuse gives customers a unified solution for creating, extending and deploying containerized integration services across hybrid cloud environments.
  • Red Hat ‘Fuses’ Low Code Development and Data Integration
    Red Hat, a provider of open source solutions, has announced Red Hat Fuse 7, the next major release of its distributed, cloud-native integration solution, and introduced a new fully hosted low-code integration platform as a service offering, Fuse Online. With Fuse 7, Red Hat is expanding its integration capabilities natively to Red Hat OpenShift Container Platform, a comprehensive enterprise Kubernetes platform. Fuse gives customers a unified solution for creating, extending and deploying containerized integration services across hybrid cloud environments.
  • The GPL cooperation commitment and Red Hat projects
    As of today, all new Red Hat-initiated open source projects that opt to use GPLv2 or LGPLv2.1 will be expected to supplement the license with the cure commitment language of GPLv3. The cure language will live in a file in the project source tree and will function as an additional permission extended to users from the start. This is the latest development in an ongoing initiative within the open source community to promote predictability and stability in enforcement of GPL-family licenses. The “automatic termination” provision in GPLv2 and LGPLv2.x is often interpreted as terminating the license upon noncompliance without a grace period or other opportunity to correct the error in compliance. When the Free Software Foundation released GPLv2 in 1991, it held nearly all GPL-licensed copyrights, in part a consequence of the copyright assignment policy then in place for GNU project contributions. Long after the Linux kernel and many other non-GNU projects began to adopt the GPL and LGPL, the FSF was still the only copyright holder regularly engaged in license enforcement. Under those conditions, the automatic termination feature of GPLv2 section 4 may have seemed an appropriate means of encouraging license compliance.
  • Monness Believes Red Hat (NYSE: RHT) Still Has Room to Grow
  • Comparing Red Hat (RHT) & Autoweb (AUTO)
  • As Red Hat (RHT) Share Value Rose, Calamos Advisors Upped Its Position by $300,831; Chilton Capital Management Increases Stake in Equinix (EQIX)
  • Blair William & Co. IL Buys 23,279 Shares of Red Hat Inc (RHT)


Red Hat changes its open-source licensing rules

From outside programming circles, software licensing may not seem important. In open-source, though, licensing is all important. So, when leading Linux company Red Hat announces that -- from here on out -- all new Red Hat-initiated open-source projects that use the GNU General Public License(GPLv2) or GNU Lesser General Public License (LGPL)v2.1 licenses will be expected to supplement the license with GPL version 3 (GPLv3)'s cure commitment language, it's a big deal. Read more

Android Leftovers