Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Is this a Ubuntu-based Botnet deploying Tor Relays and Bridges?
  • Microsoft Word 0-day was actively exploited by strange bedfellows

    A critical Microsoft Word zero-day that was actively exploited for months connected two strange bedfellows, including government-sponsored hackers spying on Russian targets and financially motivated crooks pushing crimeware.

  • Microsoft reduces Patch Tuesday to an incomprehensible mess
  • Nation-State Hackers Go Open Source [Ed: How to associate FOSS with crime? Hmmm… let us think. Our writer Kelly Jackson Higgins can take care of that…]

    Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.

    Nation-state hacking teams increasingly are employing open-source software tools in their cyber espionage and other attack campaigns.

  • New release: usbguard-0.7.0

    From all the bug fixes in this release, I’d like to point out one which required a backwards incompatible change and requires an update to existing policies. The Linux USB root hub devices use the kernel version as the bcdDevice attribute value. The value is part of the USB descriptor data which USBGuard uses for computing the device hash and therefore causes the device hash to change on every kernel update. This in turn makes USBGuard rules which rely on this hash to not match and block the device. And because it’s a root hub device that gets blocked, all the other devices get blocked too. The bug fix is simple, reset the bcdDevice value to zero before hashing (applied only for the Linux root hub devices).

Security Leftovers

Filed under
Security
  • Why creating an open-source ecosystem doesn’t mean you’re taking on security risks

    Anyone who uses technology benefits from open-source software. Most applications you use have implemented open-source code to varying degrees. This isn’t just small-time developers that use this code, either. Many large enterprises rely on this software to build their own products and solutions.

    Because of this, any CIO would be wise to have their developers follow the same blueprint. However, some developers have concerns about open-source. In an open environment where any contributor can drop potentially harmful code into the global library, is it safe — or wise — to lean heavily on these development resources?

  • Security updates for Wednesday
  • 9 Ways to Harden Your Linux Workstation After Distro Installation

    So far in this series, we’ve walked through security considerations for your SysAdmin workstation from choosing the right hardware and Linux distribution, to setting up a secure pre-boot environment and distro installation. Now it’s time to cover post-installation hardening.

Tor Security for Android and Desktop Linux

Filed under
Android
Linux
Security

Internet service providers in the United States have just been given the green light to sell usage history of their subscribers by S J Res 34, opening the gates for private subscriber data to become public. The law appears to direct ISPs to provide an "opt-out" mechanism for subscribers to retain private control of their usage history, which every subscriber should complete.

Read more

GnuTLS and reproducible builds

Filed under
GNU
Security
  • [Older] Improving by simplifying the GnuTLS PRNG

    One of the most unwanted baggages for crypto implementations written prior to this decade is the (pseudo-)random generator, or simply PRNG. Speaking for GnuTLS, the random generator was written at a time where devices like /dev/urandom did not come by default on widely used operating systems, and even if they did, they were not universally available, e.g., devices would not be present, the Entropy Gathering Daemon (EGD) was something that was actually used in practice, and was common for software libraries like libgcrypt to include code to gather entropy on a system by running arbitrary command line tools.

  • [Older] GNUtls: GnuTLS 3.5.10

    Released GnuTLS 3.5.11 which is a bug fix release in the stable branch.

  • [Older] Practical basics of reproducible builds

    One issue though: people have to trust me -- and my computer's integrity.
    Reproducible builds could address that.

    My release process is tightly controlled, but is my project reproducible? If not, what do I need? Let's check!

  • [Older] Practical basics of reproducible builds 2

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • Alleged Spam King Pyotr Levashov Arrested

    Levashov is currently listed as #7 in the the world’s Top 10 Worst Spammers list maintained by anti-spam group Spamhaus.

  • Oh my Microsoft Word: Dridex hackers exploit unpatched flaw

    Cybercrooks are actively exploiting an unpatched Microsoft Word vulnerability to distribute the Dridex banking trojan, claim researchers.

    Booby-trapped emails designed to spread the cyber-pathogen have been sent to hundreds of thousands of recipients across numerous organisations, according to email security firm Proofpoint.

    The switch to document exploits by the hackers represents a change of tactics by a group that previously leaned heavily on malicious macros to distribute their wares.

  • Critical Word 0-day is only 1 of 3 Microsoft bugs under attack

    A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild [...]

  • Cowardly Microsoft buries critical Hyper-V, WordPad, Office, Outlook, etc security patches in normal fixes

    Microsoft today buried among minor bug fixes patches for critical security flaws that can be exploited by attackers to hijack vulnerable computers.

    In a massive shakeup of its monthly Patch Tuesday updates, the Windows giant has done away with its easy-to-understand lists of security fixes published on TechNet – and instead scattered details of changes across a new portal: Microsoft's Security Update Guide.

  • Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)

    In this blog post we'll continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit giving us control over Broadcom’s Wi-Fi SoC, we are now left with the task of exploiting this vantage point in order to further elevate our privileges into the kernel.

Security Leftovers

Filed under
Security
  • Unraveling the Lamberts Toolkit

    Yesterday, our colleagues from Symantec published their analysis of Longhorn, an advanced threat actor that can be easily compared with Regin, ProjectSauron, Equation or Duqu2 in terms of its complexity.

    Longhorn, which we internally refer to as “The Lamberts”, first came to the attention of the ITSec community in 2014, when our colleagues from FireEye discovered an attack using a zero day vulnerability (CVE-2014-4148). The attack leveraged malware we called ‘BlackLambert’, which was used to target a high profile organization in Europe.

    Since at least 2008, The Lamberts have used multiple sophisticated attack tools against high-profile victims. Their arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers. Versions for both Windows and OSX are known at this time, with the latest samples created in 2016.

  • New malware gives CCTV DVRs amnesia
  • Amnesia malware turns DVRs into botnet slaves

    According to a blog post from IT security company Palo Alto Networks, a new variant of the IoT/Linux botnet Tsunami, which it calls Amnesia, targets an unpatched remote code execution vulnerability that was publicly disclosed over a year ago in DVR devices manufactured by TVT Digital and branded by over 70 vendors worldwide.

  • Canadian Web Hosting Deploys Imunify360 to Protect and Secure Linux Servers
  • Simple Server Hardening, Part II

    In my last article, I talked about the classic, complicated approach to server hardening you typically will find in many hardening documents and countered it with some specific, simple hardening steps that are much more effective and take a only few minutes. While discussing how best to harden SSH and sudo can be useful, in a real infrastructure, you also have any number of other services you rely on and also want to harden.

    So instead of choosing specific databases, application servers or web servers, in this follow-up article, I'm going to extend the topic of simple hardening past specific services and talk about more general approaches to hardening that you can apply to software you already have running as well as to your infrastructure as a whole. I start with some general security best practices, then talk about some things to avoid and finally finish up with looking at some areas where sysadmin and security best practices combine.

  • Solaris admins! Look out – working remote root exploit leaked in Shadow Brokers dump

    Now that the sulky Shadow Brokers gang has leaked its archive of stolen NSA exploits, security experts are trawling Uncle Sam's classified attack code – and the results aren't good for anyone using Oracle's Solaris.

    Matthew Hickey, cofounder of British security shop Hacker House, has been going through the dumped files, which once belonged to the spy agency's Equation Group and are now handily mirrored on GitHub. Hickey today identified two key programs – EXTREMEPARR and EBBISLAND – that can escalate a logged-in user's privileges to root, and obtain root access remotely over the network, on Solaris boxes running versions 6 to 10 on x86 and Sparc, and possibly also the latest build, version 11.

Security Leftovers

Filed under
Security
  • Hackers Set Off Dallas' 156 Warning Sirens Dozens Of Times

    So we've talked repeatedly how the shoddy security in most "internet of things" devices has resulted in increasingly-vulnerable home networks, as consumers rush to connect not-so-smart fridges, TVs and tea kettles to the home network. But this failure extends well beyond the home, since these devices have also resulted in historically-large DDoS attacks as this hardware is compromised and integrated into existing botnets (often in just a matter of minutes after being connected to the internet).

    Whether it's the ease in which a decidedly-clumsy ransomware attacker was able to shut down San Francisco's mass transit system, or the fact that many city-connected devices like speed cameras often feature paper mache security, you can start to see why some security experts are worried that there's a dumpster fire brewing that will, sooner rather than later, result in core infrastructure being compromised and, potentially, mass fatalities. If you ask security experts like Bruce Schneier, this isn't a matter of if -- it's a matter of when.

  • OLE 0day affects nearly all versions of Microsoft Word

    McAfee revealed some details of the attack just before the weekend

  • NATO warns of IPv6 security concerns that network intrusion detection systems may miss

    Namely, NIDS such as Bro, Moloch, Snort, and Suricata were found to be ineffective against the researchers’ proofs of concept.

  • Banks scramble to fix old systems as IT 'cowboys' ride into sunset

    The stakes are especially high for the financial industry, where an estimated $3 trillion in daily commerce flows through COBOL systems. The language underpins deposit accounts, check-clearing services, card networks, ATMs, mortgage servicing, loan ledgers and other services.

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • The obvious answer is never the secure answer

    One of the few themes that comes up time and time again when we talk about security is how bad people tend to be at understanding what's actually going on. This isn't really anyone's fault, we're expecting people to go against what is essentially millions of years of evolution that created our behaviors. Most security problems revolve around the human being the weak link and doing something that is completely expected and completely wrong.

    This brings us to a news story I ran across that reminded me of how bad humans can be at dealing with actual risk. It seems that peanut free schools don't work. I think most people would expect a school that bans peanuts to have fewer peanut related incidents than a school that doesn't. This seems like a no brainer, but if there's anything I've learned from doing security work for as long as I have, the obvious answer is always wrong.

  • BrickerBot malware zeroes in on Linux-based IoT devices

    In its 2017 malware forecast, SophosLabs warned that attackers would increasingly target devices connected to the Internet of Things (IoT) – everything from webcams to internet-connecting household appliances. Late last week, we saw another example of how the trend is playing out.

  • Brick House? New Malware Destroys Vulnerable IoT Devices
  • The New BrickerBot Internet of Things Malware
  • IoT malware starts showing destructive behavior
  • Georgia Tech finds subtle Linux vunerability

    Uninitialised variables are a critical attack vector that can be reliably exploited by hackers to launch privilege escalation attacks in the Linux kernel, according to research at the Georgia Institute of Technology.

  • The Root Cause of Input-Based Security Vulnerabilities – Don’t Fear the Grammar

    Input-based attacks like Buffer Overflows, Cross-Site Scripting (XSS), and XXE are common in today’s software. And they do not go away. But why is that? Shouldn’t one assume that existing frameworks handle input correctly, and free developers from struggling with correctly implementing input handling over and over again? Sadly, the answer is no.

Security Leftovers

Filed under
Security

More Security Leftovers

Filed under
Security
  • [Older] Dual-Use Software Criminal Case Not So Novel

    All of this may be moot if the government can’t win its case against Huddleston. The EFF’s Rumold said while prosecutors may have leverage in Shames’s conviction, the government probably doesn’t want to take the case to trial.

  • HOWTO: Fight Cyberwars and Lose

    Russia sought to advance their national interests by engaging in a conflict that was waged purely in the informatics sphere — the theatre of combat operations was entirely cyber. They won. The results of the conflict was a clear and decisive Russian success in multiple ways [...]

  • New IoT/Linux Malware Targets DVRs, Forms Botnet

    The Amnesia botnet targets an unpatched remote code execution vulnerability that was publicly disclosed over a year ago in March 2016 in DVR (digital video recorder) devices made by TVT Digital and branded by over 70 vendors worldwide (a listing of which can be found on the original vulnerability report we’ve linked to).

  • Booby-trapped Word documents in the wild exploit critical Microsoft 0day

    First, it bypasses most exploit mitigations: This capability allows it to work even against Windows 10, which security experts widely agree is Microsoft's most secure operating system to date. Second, unlike the vast majority of the Word exploits seen in the wild over the past few years, this new attack doesn't require targets to enable macros. Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened.

  • Hacking blamed for emergency sirens blaring across Dallas early Saturday

    We need to get to the bottom of it — what kind of vulnerabilities do we have?

  • Samsung's squashing of malicious Tizen smart TV bugs is turning messy

    After 40 critical vulnerabilities on Samsung's Tizen -- used in smart TVs and smartwatches -- were exposed this week by Israeli researcher Amihai Neiderman, the company is scrambling to patch them.

    But Samsung still doesn't know many of the bugs that need to be patched. It's also unclear when Tizen devices will get security patches, or if older Tizen devices will even get OS updates to squash the bugs.

Syndicate content

More in Tux Machines

Document Freedom Day 2017

  • Happy Document Freedom Day
    It is with great pleasure again that we are announcing Document Freedom Day celebration. As we mentioned we gave people 1 more month to prepare for the event and run it on Wednesday April 26th so it’s today! DFD is the international day to celebrate and raise awareness of Open Standards. Open Standards goes beyond essays and spreadsheets and covers all digital formats from artwork, sheet and recorded music, email, or statistics. They provide freedom from data lock-in and the subsequent supplier’s lock-in.
  • LibreOffice in The Matrix [m]

Why GPL Compliance Education Materials Should Be Free as in Freedom

I am honored to be a co-author and editor-in-chief of the most comprehensive, detailed, and complete guide on matters related to compliance of copyleft software licenses such as the GPL. This book, Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (which we often call the Copyleft Guide for short) is 155 pages filled with useful material to help everyone understand copyleft licenses for software, how they work, and how to comply with them properly. It is the only document to fully incorporate esoteric material such as the FSF's famous GPLv3 rationale documents directly alongside practical advice, such as the pristine example, which is the only freely published compliance analysis of a real product on the market. The document explains in great detail how that product manufacturer made good choices to comply with the GPL. The reader learns by both real-world example as well as abstract explanation. However, the most important fact about the Copyleft Guide is not its useful and engaging content. More importantly, the license of this book gives freedom to its readers in the same way the license of the copylefted software does. Specifically, we chose the Creative Commons Attribution Share-Alike 4.0 license (CC BY-SA) for this work. We believe that not just software, but any generally useful technical information that teaches people should be freely sharable and modifiable by the general public. Read more

Android Leftovers

today's leftovers

  • MPV 0.25.0 Open-Source Video Player Supports DVB-T2, MacBook Pro's Touch Bar
    It's been more than two months since the MPlayer-based MPV open-source video player received an update, and the development team is proud to announce the immediate availability for download of MPV 0.25.0. MPV 0.25.0 is a major milestone and comes with significant changes, such as the fact that starting with this release, all future versions of the player will be tagged on the master branch. Also, this is the first release of MPV to drop support for Mac OS X 10.7 and earlier builds.
  • KDE Plasma 5.9.5 Is the Last in the Series, KDE Plasma 5.10 Is Coming End of May
    As expected, today KDE announced the availability of the fifth maintenance update to the current stable, yet short-lived KDE Plasma 5.9 desktop environment for GNU/Linux operating systems, versioned 5.9.5. KDE Plasma 5.9.5 is here more than a month after the release of the KDE Plasma 5.9.4 update, which most probably many of you use on your favorite GNU/Linux distributions. But the time has come to update your installations to KDE Plasma 5.9.5, the last point release in the series, adding more than 60 improvements across various components.
  • What was Linux like ten years ago?
    Linux has improved by leaps and bounds over the last decade, and more and more people have come to appreciate its power and flexibility. But a redditor recently wondered what it was like to run Linux ten years ago, and he got some very interesting responses from Linux veterans.
  • Highlights of YaST development sprint 33
    It has been a long time since our last status update! The reason is the end of the previous sprint caught quite some of the YaST Team members on vacations and, when the vacation period was over, we were so anxious to jump into development to make YaST another little bit better that the blog post somehow fell behind. But it’s time to pay our (reporting) debts. So these are some of the highlights of the 33th development sprint that finished on April 11th.
  • StackIQ announces support for SUSE Linux Enterprise Server, Raspberry Pi and NetApp Storage Arrays in major new release, Stacki 4.0
  • Red Hat repackages its application management tech into software containers
    A year after buying application connectivity startup 3scale Inc., Red Hat Inc. is making the technology that it obtained through the deal available in a new form geared toward tech-savvy firms. Unveiled on Thursday, Red Hat 3scale API Management – On Premise runs on the company’s OpenShift Container Platform and is designed to be deployed inside Docker instances. It’s an alternative to the original cloud version of 3scale for organizations that wish to keep their operations behind the firewall. The software should be particularly appealing to government agencies and firms in regulated industries, which often can’t move certain workloads off-premises due to security obligations.
  • Ubuntu 17.10 Daily Build Downloads Now Available
    Ubuntu 17.10 daily build images are available to download.
  • This Script Can Make GNOME Shell Look like Windows, Mac, or Unity
    GNOME Shell’s stock experience is fairly vanilla, but with the right ingredients you can give it an entirely different flavour. GNOME Layout Manager is a new script in development that takes advantage of this malleability.
  • 96Boards Officially Launches The HiKey 960 ARM Board
    The 96Boards organization has announced the official launch and shipping of the HiKey 960.