Language Selection

English French German Italian Portuguese Spanish

Security

System76 will disable Intel Management engine on its Linux laptops

Filed under
GNU
Linux
Security

System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware.

Intel recently confirmed a major security vulnerability affecting those chips and it’s working with PC makers to patch that vulnerability.

But System76 is taking another approach: it’s going to roll out a firmware update for its recent laptops that disables the Intel Management Engine altogether.

Read more

Security: Uber, Amazon, Updates, Reproducible Builds, Mirai and Tizi

Filed under
Security

Security: WordPress, Apple, NSA, Microsoft and Uber

Filed under
Security

Security: KAISER, Coppersmith Attack, Updates, and Web Threats

Filed under
Security
  • KAISER: hiding the kernel from user space

    Since the beginning, Linux has mapped the kernel's memory into the address space of every running process. There are solid performance reasons for doing this, and the processor's memory-management unit can ordinarily be trusted to prevent user space from accessing that memory. More recently, though, some more subtle security issues related to this mapping have come to light, leading to the rapid development of a new patch set that ends this longstanding practice for the x86 architecture.

  • Security updates for Wednesday
  • ROCA: Return Of the Coppersmith Attack

    On October 30, 2017, a group of Czech researchers from Masaryk University presented the ROCA paper at the ACM CCS Conference, which earned the Real-World Impact Award. We briefly mentioned ROCA when it was first reported but haven't dug into details of the vulnerability yet. Because of its far-ranging impact, it seems important to review the vulnerability in light of the new results published recently.

  • Some Websites Are Mining Cryptocurrency Using Your CPU Even When You Close Browser

    The advent of cryptocurrencies was bound to spark the interest of cybercriminals who are always looking to exploit some technology to steal some clicks or install malware. In the recent times, we’ve come across reports of a huge number of websites using your PCU power to mine cryptocurrency; the browser extensions and Android apps aren’t untouched by this epidemic. Developers have also come up with different options to ban this practice altogether.

    In the previous research work conducted by security firms, it was found that a miner could be run as long as the browser was running; close the browser and mining activity stops. However, as per the latest technique spotted by Malwarebytes, some dubious website owners can mine digital coins like Monero even after browser window is closed.

  • Top 10 Common Hacking Techniques You Should Know About

    Using simple hacks, a hacker can know about your personal unauthorized information which you might not want to reveal. Knowing about these common hacking techniques like phishing, DDoS, clickjacking etc., could come handy for your personal safety.

Security: SEC, Intel, Apple, Entropy, and Yahoo

Filed under
Security
  • SEC hack [sic] was preceded by years of warnings about lax cybersecurity

    After the Securities and Exchange Commission (SEC) disclosed in September that its EDGAR corporate filing system had been hacked [sic] a year earlier, Chairman Jay Clayton declared cybersecurity one of his agency's top priorities.

  • Intel's "Management Engine"

    Concern about the ME goes back further. Sparked by a talk given at the Chaos Computer Conference by [Joanna Rutkowska] of the Qubes OS project, back in January 2016 Brian Benchoff at Hackaday wrote:

    Extremely little is known about the ME, except for some of its capabilities. The ME has complete access to all of a computer’s memory, its network connections, and every peripheral connected to a computer. It runs when the computer is hibernating, and can intercept TCP/IP traffic. Own the ME and you own the computer.

  • Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password

    A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

    Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password.

  • Anyone Can Hack [sic] MacOS High Sierra Just by Typing "Root"
  • Major Apple security flaw grants admin access on macOS High Sierra without password

    However, The Verge has been able to confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Apple ID email addresses tied to users on the Mac can be removed and altered, as well. There are likely many more ways that someone taking advantage of the issue could wreak havoc on a Mac desktop or laptop.

  • How Robust is the Randomness?
  • Hacker pleads guilty to huge Yahoo hack, admits helping Russia’s FSB

    A Canadian man has pleaded guilty to hacking charges related to a 2014 spear-phishing operation of Yahoo employees. The hack ultimately compromised 500 million Yahoo accounts.

    The operative, Karim Baratov, appeared in a San Francisco federal court on Tuesday afternoon. He also admitted that his role was to "hack webmail accounts of individuals of interest to the FSB," the Russian internal security service. Baratov then sent those passwords to his alleged co-conspirator, Dmitry Aleksandrovich Dokuchaev.

Security: NSA Leaks, Linux 'Distro' Accidentally Uploaded, and Magento Patches

Filed under
Security
  • Researcher discovers classified Army intel app, data on open public AWS bucket

    After uncovering a massive trove of social media-based intelligence left on multiple Amazon Web Services S3 storage buckets by a Defense Department contractor, the cloud security firm UpGuard has disclosed yet another major cloud storage breach of sensitive intelligence information. This time, the data exposed includes highly classified data and software associated with the Distributed Common Ground System-Army (DCGS-A), an intelligence distribution platform that DOD has spent billions to develop. Specifically, the breach involves software for a cloud-based component of DCGS-A called "Red Disk."

  • Latest NSA Leak Reveals Secret Army Intelligence Project

    The program, led by U.S. Army Intelligence and Security Command, a division of the National Security Agency, was supposed to help the Pentagon get real-time information about what was happening on the ground in Afghanistan in 2013 by collecting data from U.S. computer systems on the ground, according to tech news site ZDNet. But the agency killed the initiative in 2014 because of technical problems that it described in the leaked documents as “a major hindrance to operations.”

  • Top secret Army, NSA data found on public internet due to misconfigured AWS server
  • New details of NSA's Ragtime program appear in leaked files

    A leaked document shines new light on a surveillance program developed by the National Security Agency.

    The program, known as Ragtime, collects the contents of communications, such as emails and text messages, of foreign nationals under the authority of several US surveillance laws.

  • Magento Releases Security Updates for Commerce and Open Source 1.x

    Magento Released two updates today to address some security concerns with Magento 1.x installations. While 2.x received some recent security updates, this is the first 1.x in some time.

Security: Apple, Microsoft, and Human Error (GNU/Linux)

Filed under
Security

KDE’s Goal: Privacy

Filed under
KDE
Security

In the past, KDE software has come a long way in providing privacy tools, but the tool-set is neither comprehensive, nor is privacy its implications widely seen as critical to our success in this area. Setting privacy as a central goal for KDE means that we will put more focus on this topic and lead to improved tools that allow users to increase their level of privacy. Moreover, it will set an example for others to follow and hopefully increase standards across the whole software ecosystem. There is much work to do, and we’re excited to put our shoulder under it and work on it.

Read more

Security: Updates, Uber Crack, NSA Breach, Windows Ransom, Barracuda Networks, US Department of Education

Filed under
Security
  • Security updates for Tuesday
  • Chicago: Uber’s claim that hackers fully deleted stolen data is “nonsensical”

    It has now been a full week since the jaw-dropping revelations that Uber sustained a massive data breach in 2016, which affected more than 57 million people.

    Since November 21, the company has been hit with 10 federal lawsuits (including the two Ars reported on last week). On Monday, the city of Chicago and Cook County also sued Uber in Illinois state court, while numerous senators are now demanding answers as well.

  • Yet another NSA intel breach discovered on AWS. It’s time to worry.

    Once again the US government displays a level of ineptitude that can only be described as ‘Equifaxian‘ in nature. An AWS bucket with 47 viewable files was found configured for “public access,” and containing Top Secret information the government designated too sensitive for our foreign allies to see.

  • Classified US Army and NSA data was stored on an unprotected server
  • New NSA leak exposes Red Disk, the Army's failed intelligence system

    The disk image, when unpacked and loaded, is a snapshot of a hard drive dating back to May 2013 from a Linux-based server that forms part of a cloud-based intelligence sharing system, known as Red Disk. The project, developed by INSCOM's Futures Directorate, was slated to complement the Army's so-called distributed common ground system (DCGS), a legacy platform for processing and sharing intelligence, surveillance, and reconnaissance information.

    Each branch of the military has its own version of the intelligence sharing platform -- the Army's is said to be the largest -- but the Army's system struggled to scale to the number of troops who need it.

    Red Disk was envisioned as a highly customizable cloud system that could meet the demands of large, complex military operations. The hope was that Red Disk could provide a consistent picture from the Pentagon to deployed soldiers in the Afghan battlefield, including satellite images and video feeds from drones trained on terrorists and enemy fighters, according to a Foreign Policy report.

  • World’s Biggest Botnet “Necurs” Sends 12.5 Million Scarab Ransomware Emails

    Once the ransomware infects a machine, it encrypts files and adds “[[email protected]].scarab” extension to affected files. A ransom note with filename “IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT” is also dropped in the affected directory.

  • Barracuda Networks Acquired by Thoma Bravo in $1.6B Deal
  • Federal student aid site offers one-stop shopping for ID thieves?

    The arrival of the holidays heralds another season soon to arrive: the tax season and, with it, the tax-return fraud season. And while the Internal Revenue Service has made some moves toward stanching the flow of fraudulent tax returns filed by cyber-criminals, another government agency may be offering up fresh fuel to fraudsters' efforts: the US Department of Education.

Security: Intel's Management Engine (ME) and UPS Backdoor Malware

Filed under
Security
  • Potential impact of the Intel ME vulnerability

    Intel's Management Engine (ME) is a small coprocessor built into the majority of Intel CPU chipsets[0]. Older versions were based on the ARC architecture[1] running an embedded realtime operating system, but from version 11 onwards they've been small x86 cores running Minix. The precise capabilities of the ME have not been publicly disclosed, but it is at minimum capable of interacting with the network[2], display[3], USB, input devices and system flash. In other words, software running on the ME is capable of doing a lot, without requiring any OS permission in the process.

    Back in May, Intel announced a vulnerability in the Advanced Management Technology (AMT) that runs on the ME. AMT offers functionality like providing a remote console to the system (so IT support can connect to your system and interact with it as if they were physically present), remote disk support (so IT support can reinstall your machine over the network) and various other bits of system management. The vulnerability meant that it was possible to log into systems with enabled AMT with an empty authentication token, making it possible to log in without knowing the configured password.

    This vulnerability was less serious than it could have been for a couple of reasons - the first is that "consumer"[4] systems don't ship with AMT, and the second is that AMT is almost always disabled (Shodan found only a few thousand systems on the public internet with AMT enabled, out of many millions of laptops). I wrote more about it here at the time.

  • Chinese nationals indicted on federal computer hacking [sic] charges

     

    Beginning in at least 2013, the defendants “and others known and unknown to the grand jury” used spearphishing emails containing malicious attachments or customized malware to hack into networks used by U.S. and foreign businesses, according to the indictment.  

  • Security firm was front for advanced Chinese hacking operation, Feds say

    Wu Yingzhuo, Dong Hao, and Xia Lei face federal charges that they conspired to steal hundreds of gigabytes of data belonging to Siemens AG, Moody’s Analytics, and the GPS technology company Trimble. The indictment, which was filed in September and unsealed on Monday, said the trio used spear phishing e-mails with malicious attachments or links to infect targeted end users. The defendants used customized tools collectively known as the UPS Backdoor Malware to gain and maintain unauthorized access to the targeted companies' networks.

Syndicate content

More in Tux Machines

5 Kubernetes must-reads: Tips and trends

Kubernetes is having a moment – but don’t look for its popularity to wane anytime soon. As enterprises move beyond experimenting and start working in earnest with containers, the number of containers multiply: So do the manual chores. Orchestration tools like Kubernetes add automated help. “Running a few standalone containers for development purposes won’t rob your IT team of time or patience: A standards-based container runtime by itself will do the job,” Red Hat technology evangelist Gordon Haff recently noted. “But once you scale to a production environment and multiple applications spanning many containers, it’s clear that you need a way to coordinate those containers to deliver the individual services. As containers accumulate, complexity grows. Eventually, you need to take a step back and group containers along with the coordinated services they need, such as networking, security, and telemetry.” (See Haff’s full article, How enterprise IT uses Kubernetes to tame container complexity.) Read more

Australian Securities Exchange completes Red Hat migration

The Australian Securities Exchange (ASX) has completed the migration of "mission-critical" legacy applications to the Red Hat JBoss Enterprise Application Platform (JBoss EAP). ASX first deployed JBoss EAP in 2011 to modernise its legacy technologies and to facilitate the introduction of new web applications after it realised its legacy application server platform was becoming increasingly inconsistent, unstable, and expensive. After the initial ASX Online Company migration was complete in 2012, ASX used JBoss EAP to build the ASX.com API, as well as its Sharemarket Game, which gives players the opportunity to learn how the share market works. Read more

Programming/Development: GAPID 1.0 and Atom 1.23

  • Diagnose and understand your app's GPU behavior with GAPID
  • GAPID 1.0 Released As Google's Cross-Platform Vulkan Debugger
    Back in March we wrote about GAPID as a new Google-developed Vulkan debugger in its early stages. Fast forward to today, GAPID 1.0 has been released for debugging Vulkan apps/games on Linux/Windows/Android as well as OpenGL ES on Android. GAPID is short for the Graphics API Debugger and allows for analyzing rendering and performance issues with ease using its GUI interface. GAPID also allows for easily experimenting with code changes to see their rendering impact and allows for offline debugging. GAPID has its own format and capturetrace utility for capturing traces of Vulkan (or GLES on Android too) programs for replaying later on with GAPID.
  • Hackable Text Editor Atom 1.23 Adds Better Compatibility for External Git Tools
    GitHub released Atom 1.23, the monthly update of the open-source and cross-platform hackable text editor application loved by numerous developers all over the world. Including a month's worth of enhancements, Atom 1.23 comes with the ability for packages to register URI handler functions, which can be invoked whenever the user visits a URI that starts with "atom://package-name/," and a new option to hide certain commands in the command palette when registering them via "atom.commands.add." Atom 1.23 also improves the compatibility with external Git tools, as well as the performance of the editor by modifying the behavior of several APIs to no longer make callbacks more than once in a text buffer transaction. Along with Atom 1.23, GitHub also released Teletype 0.4.0, a tool that allows developers to collaborate simultaneously on multiple files.

Red Hat GNU/Linux and More