Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Click Here to Kill Everyone

    With the Internet of Things, we’re building a world-size robot. How are we going to control it?

  • New open source project Trireme aims to secure containers

    A team made of former Cisco and Nuage Networks veterans has developed an open source project it released this week named Trireme that takes an application-centric approach to securing code written in containers.

  • An Introduction to the Shorewall Firewall Tool

    Linux is well known for being a highly secure platform. One of the reasons for said security is the Netfilter system. For those that don’t know, Netfilter is a framework, provided by the Linux kernel, that allows for various networking operations, such as packet filtering, network address translations, port translation, and the ability to block packets from reaching specific locations. For most distributions, Netfilter is implemented through the user-space application, iptables. Although many would agree that iptables is the most powerful security tool you can work with, along with that power comes a level of complexity that stumps many an IT administrator.

    That’s where the likes of Shorewall comes into play. Shorewall is an open source firewalling tool that not only makes the task of network security easier, it also allows for much easier handling of zones. Shorewall uses zones to define different portions of a network. Say, for instance, you want to create a private internal network that can only be accessed by specific machines, a guest network that can be accessed by anyone, a network dedicated to production machines, and a network that can be accessed from machines outside your Local Area Network (LAN). With Shorewall, you can easily do this.

Security News

Filed under
Security
  • Thursday's security advisories
  • The design of Chacha20

    Chacha20 is a secure, fast, and amazingly simple encryption algorithm. It's author Daniel J. Bernstein explains it well in his Salsa20 and Chacha20 design papers (which I recommend), but did not dwell on details experts already know. Filling the gap took me a while.

    Quick summary: Chacha20 is ARX-based hash function, keyed, running in counter mode. It embodies the idea that one can use a hash function to encrypt data.

  • Ransomware completely shuts down Ohio town government [iophk: “Microsoft = lost productivity”]

    These sorts of attacks are becoming more commonplace and, as mentioned before, can be avoided with good backup practices. Sadly not every computer in every hospital, county office or police department is connected to a nicely journaled and spacious hard drive, so these things will happen more and more. Luckily it improves cryptocurrency popularity as these small office finally give up and buy bitcoin to pay their ransom.

  • Windows DRM Social Engineering Attacks & TorBrowser

    HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to it’s proprietary media formats. Despite their prevalence we could not find many tools to misuse these formats. We found only a small number of blog posts [2] on identifying the files being used to spread malware. We observed some interesting behaviours during our analysis which we have shared here. DRM is a licensing technology that attempts to prevent unauthorised distribution and restrictive use of a media file. It works by encrypting the video and audio streams with an encryption key and requesting a license (decryption key) from a network server when the file is accessed. As it requires network connectivity it can cause users to make network requests without consent when opening a media file such as a video file or audio file. WMV is using Microsoft Advanced Systems Format (ASF) to store audio and video as objects. This file format consists of objects that are labelled by GUID and packed together to make a media package. A number of tools such as ffmpeg & ASFView support opening, viewing and browsing these objects. There are three objects with the following GUID’s which are of interest for these attacks.

Linux Kernel 3.12.70 Is a Big Patch with Over 220 Improvements, Security Fixes

Filed under
Linux
Security

Jiri Slaby is announcing the release of the 70th maintenance update to the long-term supported Linux 3.12 kernel series, which will be supported for a few more months in 2017.

Read more

Privacy-Focused Tails 2.10 Linux Includes Security Updates, New Tools

Filed under
Linux
Security

The Amnesic Incognito Live System, also known more simply as Tails, is a privacy-focused Linux distribution loaded with tools and features to help users stay somewhat anonymous on the internet. Tails first rose to prominence in 2013 as the Linux distribution used by U.S. National Security Agency (NSA) whistleblower Edward Snowden and reached the 1.0 milestone in April 2014. The latest Tails release is version 2.10, which became generally available Jan. 24, providing users with security patches and some incremental feature updates. Among the new features in the Tails 2.10 release is the Onion Share anonymous file-sharing tool. Staying anonymous online is a core element of Tails, thanks to the integration with the Tor (The Onion Router) network technology. Tor also is updated in the Tails 2.10 release, to version 0.2.9.9 and the included Tor Browser, which is based on Mozilla's Firefox, is updated to version 6.5. To help protect users against online tracking in advertisements, Tails 2.10 now includes the uBlock Origin plugin with the Tor Browser, replacing the AdBlock Plus plugin that had been in previous releases. This slide show examines the important features of the Tails 2.10 release.

Read more

Security News

Filed under
Security
  • Epic Fail: Linux Encryption App, Cryptkeeper, Has Universal Password "p"

    Cryptkeeper is a popular Linux encryption application that’s used to encrypt your valuable data. But, it’s not as safe as you think. A bug has was recently discovered that allows universal decryption using a single letter password “p.” Debian developer Simon McVittie has advised the dev team to take it out of Debian altogether.

  • AppArmor - or: Working for the enemy?

    Some weeks ago, someone asked on the opensuse-wiki mailinglist if it's acceptable to move documentation (in this case about Icecream) from the openSUSE wiki to the upstream repo on github.

  • Spotting vulnerabilities in your open source code [Ed: Inadequate title because the same issues occur in proprietary software and usually remain unfixed]

    ESET researchers have offered programmers a few tips for spotting vulnerable code and how to correct them before they make it into your system.

Security Leftovers

Filed under
Security

Security News

Filed under
Security

  • You're taking the p... Linux encryption app Cryptkeeper has universal password: 'p'

    Linux encryption app Cryptkeeper has a bug that causes it to use a single-letter universal decryption password: "p".

    The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem's command line interface: Cryptkeeper invokes encfs and attempts to enter paranoia mode with a simulated 'p' keypress – instead, it sets passwords for folders to just that letter.

  • Reproducible Builds: week 92 in Stretch cycle

    John Gilmore wrote an interesting mail about how Cygnus.com worked on reproducible builds in the early 1990s. (It's eye opening to see how the dealt with basically the very same problems we're dealing with today, how they solved them and then to realize that most of this has been forgotten and bit-rotted in the last 20 years. How will we prevent history repeating it)self here?)

  • MongoDB ransom attacks continue to plague administrators

    Earlier this month, Salted Hash reported on a surge in attacks against publicly accessible MongoDB installations.

    Since January 3, the day of that first report, the number of victims has climbed from about 200 databases to more than 40,000. In addition to MongoDB, those responsible for the attacks have started targeting Elasticsearch and CouchDB.

    No matter the platform being targeted, the message to the victim is the same; send a small Bitcoin payment to the listed address, or forever lose access to your files.

OPNsense 17.1 “Eclectic Eagle” Released

Filed under
Security
BSD

The OPNsense team is proud to announce the final availability of version 17.1, nicknamed “Eclectic Eagle”. This major release features FreeBSD 11.0, the SSH remote installer, new languages Italian / Czech / Portuguese, state-of-the-art HardenedBSD security features, PHP 7.0, new plugins for FTP Proxy / Tinc VPN / Let’s Encrypt, native PAM authentication against e.g. 2FA (TOTP), as well a rewritten Nano-style card images that adapt to media size to name only a few.

Read more

Security Leftovers

Filed under
Security
  • Linux.Proxy.10 infects thousands of devices with standard settings
  • 4 ways to improve your security online right now

    Regardless of how monumental a task digital security can seem, you can lay a strong foundation when you get started. Remember that being secure is an ongoing process, rather than a state of being. Keep the tools you use up to date and periodically check your habits and tools to ensure your security is the best it can be. Security doesn't have to be overly complex if you take it one step at a time.

  • Security advisories for Monday
  • Linux Security Threats: Attack Sources and Types of Attacks

    In part 1 of this series, we discussed the seven different types of hackers who may compromise your Linux system. White hat and black hat hackers, script kiddies, hacktivists, nation states, organized crime, and bots are all angling for a piece of your system for their own nefarious/various reasons.

  • OpenSSL issues new patches as Heartbleed still lurks [Ed: Dramatic sensationalism from IDG again, with FUD logo created by a Microsoft-connected firm]

    The OpenSSL Project has addressed some moderate-severity security flaws, and administrators should be particularly diligent about applying the patches since there are still 200,000 systems vulnerable to the Heartbleed flaw.

  • Linux: The 10 best privacy and security distributions

    Privacy has become an important issue for many users as corporations and governments stop at nothing to gather personal information. But Linux users do have some choices when it comes to distributions that help protect their privacy and security.

  • openssh authorized_keys "restrict" option lessens worries

    Starting with OpenSSH 7.2, a new “restrict” option for authorized_keys lines has become available. It sets all available restrictions that the current OpenSSH version can do (like no-agent-forwarding, no-x11-forwarding etc). One can individually turn on those features again by corresponding new options.

Security News

Filed under
Security
  • ATM ‘Shimmers’ Target Chip-Based Cards

    Several readers have called attention to warnings coming out of Canada about a supposedly new form of card skimming called “shimming” that targets chip-based credit and debit cards. Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Here’s a brief primer on shimming attacks, and why they succeed.

  • Senior journo slams 'frustrating' Windows 10 updates

    A senior editor at the American technology news website Cnet has slammed Microsoft over what he calls the most "frustrating" thing about Windows 10: the update process that happens automatically and cannot be stopped by users.

    Sean Hollister wrote about issues that he had faced and also problems encountered by a large number of Windows 10 users, all of whom had lost work or been forced to interrupt their schedules due to a Windows 10 update.

  • Does Trump's Old Android Phone Pose Major Security Threat?

    Donald Trump is a big fan of the phones in the White House. “These are the most beautiful phones I’ve ever used in my life,” he told the New York Times in an interview this week. It’s not their aesthetics he’s drawn to, but the security built into the system that ensures no one is tapping his calls.

  • President Trump's Insecure Android

    Once compromised, the phone becomes a bug—even more catastrophic than Great Seal—able to record everything around it and transmit the information once it reattaches to the network. And to be clear even a brand new, fully updated Android or iPhone is insufficient: The President of the United States is worth a great many multiples of expensive zero-day exploits.

  • Everything you know about security is wrong, stop protecting your empire!

    Let’s start with AV. A long time ago everyone installed an antivirus application. It’s just what you did, sort of like taking your vitamins. Most people can’t say why, they just know if they didn't do this everyone would think they're weird. Here’s the question for you to think about though: How many times did your AV actually catch something? I bet the answer is very very low, like number of times you’ve seen bigfoot low. And how many times have you seen AV not stop malware? Probably more times than you’ve seen bigfoot. Today malware is big business, they likely outspend the AV companies on R&D. You probably have some control in that phone book sized policy guide that says you need AV. That control is quite literally wasting your time and money. It would be in your best interest to get it changed.

    Usability vs security is one of my favorite topics these days. Security lost. It’s not that usability won, it’s that there was never really a battle. Many of us security types don’t realize that though. We believe that there is some eternal struggle between security and usability where we will make reasonable and sound tradeoffs between improving the security of a system and adding a text field here and an extra button there. What really happened was the designers asked to use the bathroom and snuck out through the window. We’re waiting for them to come back and discuss where to add in all our great ideas on security.

  • Reproducible Builds: week 91 in Stretch cycle

    Verifying Software Freedom with Reproducible Builds will be presented by Vagrant Cascadian at Libreplanet2017 in Boston, March 25th-26th.

  • Linux devices with standard settings infected by Linux.Proxy.10 malware

    Linux operating system was once known to be the most secure OS in the world, but things have changed since security researchers have found malware like Mirai and Bashlite infecting Linux-devices turning them into DDoS botnets. Now, another malware has been discovered targeting Linux.

Syndicate content

More in Tux Machines

Red Hat News

Kernel Space/Linux

today's howtos

Ten Years as Desktop Linux User: My Open Source World, Then and Now

I've been a regular desktop Linux user for just about a decade now. What has changed in that time? Keep reading for a look back at all the ways that desktop Linux has become easier to use -- and those in which it has become more difficult -- over the past ten years. I installed Linux to my laptop for the first time in the summer of 2006. I started with SUSE, then moved onto Mandriva and finally settled on Fedora Core. By early 2007 I was using Fedora full time. There was no more Windows partition on my laptop. When I ran into problems or incompatibilities with Linux, my options were to sink or swim. There was no Windows to revert back to. Read more