Language Selection

English French German Italian Portuguese Spanish

Security

Security: GnuPG Encryption, Wildcard Certificates, Stack Clash, BothanSpy and Gyrfalcon

Filed under
Security
  • Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library
  • Wildcard Certificates Coming January 2018

    Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.

    Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015. If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign.

  • Ripples from Stack Clash

    In one sense, the Stack Clash vulnerability that was announced on June 19 has not had a huge impact: thus far, at least, there have been few (if any) stories of active exploits in the wild. At other levels, though, this would appear to be an important vulnerability, in that it has raised a number of questions about how the community handles security issues and what can be expected in the future. The indications, unfortunately, are not all positive.

  • CIA programs to steal your SSH credentials (BothanSpy and Gyrfalcon)

Security: Cybersecurity Index. Security Updates, Vault 7, and CloudLinux

Filed under
Security

Security: Ransomware, BothanSpy, Gyrfalcon, and Grsecurity

Filed under
Security
  • Hackers {sic} Linked to NotPetya Ransomware Decrypted a File For Us
  • Vault 7: Documents detail implants for stealing SSH traffic

    The implant for Windows is called BothanSpy and targets versions 3,4 and 5 of the SSH client Xshell. It dates back to 2015. The Linux implant is known as Gyrfalcon and is aimed at OpenSSH; it dates back to 2013.

  • WikiLeaks: CIA steals SSH credentials from Windows and Linux with BothanSpy and Gyrfalcon tools

    The leaked documentation for the tools was updated as recently as March 2015, and the file relating to BothanSpy reveals that XShell needs to be installed as it itself installs as a Shellterm extension. There are smatterings of humor throughout the file, with a warning that: "It does not destroy the Death Star, nor does it detect traps laid by The Emperor to destroy Rebel fleets." There is also the introductory quip: "Many Bothan spies will die to bring you this information, remember their sacrifice."

  • Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers

    By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kern

Security: Black Duck FUD, Bitcoin Lapse, and Claims of libgcrypt Weakness

Filed under
Security
  • Open source to blame for rise of ransomware? [Ed: "Black Duck raises concerns" to smear FOSS again; A Microsoft-connected FUD firm.]
  • Hijacking Bitcoin: routing attacks on cryptocurrencies

    The Bitcoin network has more than 6,000 nodes, responsible for up to 300,000 daily transactions and 16 million bitcoins valued at roughly $17B.

    [...]

    BGP (Border Gateway Protocol) is the routing protocol that controls how packets are forwarded in the Internet. Routes are associated with IP prefixes, and are exchanged between neighbouring networks (Autonomous Systems, AS). The origin AS makes the original route announcement, and this then propagates through the network hop by hop.

  • Researchers open sliding window to completely break libgcrypt RSA-1024

    In their paper the researchers display a good sense of humour in calling the vulnerability 'sliding right into disaster'. That's because it exploits the fact that exponent bits leaked by the 'sliding window' process used by libgcrypt can be used to carry out a key recovery attack against RSA. This despite it previously being thought that even if the entire pattern of squarings and multiplications was observed courtesy of s side-channel attack, it wouldn't leak enough exponent bits to be of any real use.

Leak: CIA Targets SSH

Filed under
Security
  • BothanSpy

    Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

    BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

    Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

Security: Public Database Dumps, Default Passwords, Microsoft Breach, Back Doors, and OpenBSD

Filed under
Security
  • How 2,000 Unsecured Databases Landed on the Internet [Ed: System administrators made a serious error.]

    There is a simple explanation for why this particular filename was used: In the instructions for the widely used database software MySQL, the name is used in an explanatory example.

  • Linux systems under fire [Ed: Unchanged default passwords on a "Linux" system are not a GNU/Linux issue]

    There was a marked increase in the recorded attacks on Linux systems, which are often connected to the Internet unprotected.

  • Private not state hackers likely to have targeted UK parliament: sources [Ed: Microsoft system]

    A cyber attack on email accounts of British lawmakers last month is likely to have been by amateur or private hackers rather than state-sponsored, European government sources said.

    The private email accounts of up to 90 of the 650 members of Britain's House of Commons were targeted in late June, with some news reports suggesting that the attack was carried out by a foreign government, such as Russia.

    However, cyber security experts had found that the hackers only managed to access accounts of lawmakers who used primitive and easily discovered passwords, the sources, who are familiar with the investigations into the attacks, said.

  • Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak

    The third-party software updater used to seed last week's NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed.

    Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.

  • Moving Beyond Backdoors To Solve The FBI's 'Going Dark' Problem

    Former FBI Director James Comey stated on more than one occasion that he'd like to have an "adult conversation" about device encryption. He wasn't sincere. What he actually meant was he'd like to have all the "smart people" in the tech world solve his problems for him, either by capitulating to his requests for encryption backdoors or by somehow crafting the impossible: a secure backdoor.

    Comey is gone, but his legacy lives on. The FBI wants to keep the "going dark" narrative alive. Deputy Attorney General Rod Rosenstein has already asked Congress for $21 million in "going dark" money, supposedly to help the agency explore its options.

    The problem is, the options could be explored for a much lower price. Kevin Bankston offers up a few solutions -- or at least a few improved adult conversational gambits -- for the low price of $free over at Lawfare. The starting point is Comey's "adult conversation" talking point. Bankston points out you can't hold an adult conversation if you refuse to act like one.

  • OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows?

    A new feature added in test snapshots for OpenBSD releases will create a unique kernel every time an OpenBSD user reboots or upgrades his computer.

    This feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time.

    Currently, for stable releases, the OpenBSD kernel uses a predefined order to link and load internal files inside the kernel binary, resulting in the same kernel for all users.

Security: ZIP Bombs, Shadow Brokers, Linux Bashing Over Weak Passwords etc.

Filed under
Security
  • How to defend your website with ZIP bombs
  • Shadow Brokers translation

    As a service to non native English speakers I am translating the Shadow Brokers “Borat” into simple English. I am not going to do any analysis in this post, just simple translation for people who have difficulty with Shadow Brokers posts.

  • Feelin' safe and snug on Linux while the Windows world burns? Stop that [Ed: Well, with proprietary software the holes (or back doors) are sometimes intentional, unlike in GNU]

    The ransomware problems reported by The Reg over the past few weeks are enough to make you, er, wanna cry. Yet all that's happened is that known issues with Windows machines – desktop and server – have now come to everyone's attention and the bandwidth out of Microsoft's Windows Update servers has likely increased a bit relative to the previous few weeks.

  • Linux is not as safe as you think [Ed: Having default passwords on a router (or other device) is not as safe as you think]
  • IoT Fuels Growth of Linux Malware [Ed: John P. Mello Jr. is the latest among many to cite a Microsoft ally from Seattle to make Linux look terrible]

Security: Updates, Bounties, SS7 Attacks

Filed under
Security
  • Security updates for Wednesday
  • At $30,000 for a flaw, bug bounties are big and getting bigger

    Hackers are being paid as much as $30,000 for finding a single critical flaw in a company's systems, and the amount companies are willing to pay is increasing.

    While the use of such bug hunting programmes is still limited, some large organisations are offering hackers rewards for spotting flaws in their systems.

  • Windows ransomware found to be incredibly rare [Ed: Android and Linux basher Liam Tung seems to be doing some Microsoft PR today]
  • Linux and macOS malware threats tripled in 2016, according to report [Ed: Microsoft-linked sites like to the above]
  • Researchers Build Firewall to Deflect SS7 Attacks

    Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks.

    Mobile security software can do little to protect end users and BYOD workers when Signaling System 7 (SS7) vulnerabilities are exploited in mobile operotors' core mobile networks, according to security researchers.

    SS7 vulnerabilities, which can allow cybercriminals to hijack two-factor authentication codes texted to mobile phones, read and redirect text messages, eavesdrop on phone calls, and track a phone's location, have existed since 2014.

Security: Cyberweapons, Kaspersky, and Microsoft-Connected Linux FUD

Filed under
Security
  • When Cyberweapons Go Missing
  • Kaspersky Lab row: Russian minister warns of blowback

    Russian Communications Minister Nikolay Nikiforov said in a Bloomberg interview that Russia was using a "a huge proportion of American software and hardware solutions in the IT sphere, even in very sensitive areas".

    Microsoft and Cisco are said to be the American companies whose products have the highest usage in Russia.

  • Threats to Linux IoT devices on the rise [Ed: there are still puff pieces like these, citing Microsoft partner WatchGuard from Seattle, attacking perception of Linux security]

    Many of these devices, which often use old versions of Linux, have a default username and password which users often do not bother to change. Logging in with these credentials — which are easy to find on the Web — gives root access to the device in question.

  • Cybersecurity battleground shifting to Linux and web servers - report [Ed: another one of those; there have been half a dozen, mostly quoting the press release]

Security: libgcrypt20, NSA, CIA, US Independence Day Updates, Reproducible Builds, and Debian LTS

Filed under
Security
  • GnuPG crypto library cracked, look for patches

    Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.

    The patch, which has landed in Debian and Ubuntu, is to address a side-channel attack published last week.

    The researchers published their work at the International Association for Cryptologic Research's e-print archive last week. The paper was authored by David Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom (who hail variously from the Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide).

  • It’s time for the NSA to speak up about its stolen cyber weapons [Not just that; it should be held accountable, along with accomplices like Microsoft]

    After a global ransomware attack extending from Russia to the U.S. hit computer systems last week, security analysts quickly realized the perpetrators were using stolen cyber weapons that were part of the National Security Agency’s (NSA) arsenal — for the second time in just six weeks.

    While the NSA has yet to acknowledge publicly that their hacking tools have fallen into the wrong hands, at least one congressman asked them to take action. “As a computer science major, my long-term fear — which is shared by security researchers — is that this is the tip of the iceberg and many more malware attacks will soon be released based on NSA’s hacking tools,” Rep. Ted Lieu, D-Calif., wrote in a letter to NSA Director Michael Rogers.

  • Linux malware: Leak exposes CIA's OutlawCountry hacking toolkit
  • Security updates for US Independence Day
  • Reproducible Builds: week 114 in Stretch cycle
  • My Free Software Activities in June 2017

    My monthly report covers a large part of what I have been doing in the free software world. I write it for my donors (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Syndicate content

More in Tux Machines

today's leftovers

Audiocasts: This Week in Linux and Freedom Penguin

today's howtos

icons and Themes: Vamox , Ashes, and DamaDamas

  • Vamox Icons Offers Three Color Variants for Linux Desktop
    Vamox icons were designed as a university thesis project by Emiliano Luciani and Darío Badagnani in 2008. The objective was to design a interface of a distro that the university could use for learning about design thin free software, From start these icons were developed for Ubuntu. Now these icons has three variants blue, orange and red, which are compatible with most of the Linux desktop environments such as: Gnome, Unity, Cinnamon, Mate, Xfce and so on. We have added these icons to our PPA for Ubuntu/Linux Mint and other related distributions, If you are using distribution other than Ubuntu/Linux Mint/its derivatives then download icons and install it in one of these "~/.icons" or "/usr/share/icons/" location. If you find any missing icons or problem with this icon set then report it to creator via linked page and hopefully it will get fixed soon.
  • Ashes Is A Light Theme For Your Linux Desktop
    Ashes theme is based on Adapta and Flat-Plat theme but it includes the mixture of blue and pink color scheme with gray search entity. Usually derived themes always try to make better and enhanced version by the person who forked it, to make desktop much perfect and elegant, same thing goes for this theme, it looks and feels great on almost every desktop. Mainly it is designed to work in Unity and Gnome desktop but it can also work in other desktops such as Cinnamon, Mate, and so on. For the Gnome desktop creator have added the dark title-bar/header-bar support, so you can enable Global-Dark-Theme using Gnome-Tweak-Tool, if you prefer dark title-bars. If you are using distribution other than Ubuntu/Linux Mint/its derivatives then download theme from here and install it "~/.themes" or "/usr/share/themes/" location. If you find any kind of bug or issue within this theme then report it to creator and since this theme is in active development hopefully it will be fixed soon.
  • DamaDamas Icons Looks Great And At The Same Time Give Windows Flavor
    If you have been searching for Windows icons for your Linux desktop then you are at the right place. The DamaDamas icons are from Pisi GNU/Linux and available for every Linux distribution, these icons give Windows look and feel to your desktop. There isn't much information available for these icons but the icons are SVG format and there are almost 4000+ icons packed in very fairly sized archive. We have added these icons to our PPA and these icons are compatible with almost every desktop environment such as: Gnome, Unity, Cinnamon, Xfce, Mate, KDE Plasma and so on. If you find any missing icons or problem with this icon set then report it to creator via linked page and hopefully it will get fixed soon.