Language Selection

English French German Italian Portuguese Spanish

Security

Security: Mirai, Vista 10, Starbucks, and Hacking Team Investigation

Filed under
Security
  • Mirai IoT Botnet Co-Authors Plead Guilty

    The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

  • Google Researcher Finds Flaw in Pre-Installed Windows 10 Password Manager

    Google security researcher Tavis Ormandy, who has previously discovered, reported, and disclosed several major bugs in Windows and its features, came across a new security vulnerability affecting Microsoft users.

    This time, the flaw exists in the Keeper password manager that comes pre-installed in some Windows 10 versions, with Ormandy explaining that it’s similar to a vulnerability that he discovered in August 2016.

    “I remember filing a bug a while ago about how they were injecting privileged UI into pages,” Ormandy explained on December 14. “I checked and, they're doing the same thing again with this version,” he continues.

  • Starbucks Wi-Fi Turned People’s Laptops into Cryptocurrency Miners

    The free Wi-Fi that the Buenos Aires Starbucks offers to its customers was being used to mine for cryptocurrency, and what’s worse, it used people’s laptops to do it.

    The whole thing was discovered by Stensul CEO Noah Dinkin who actually paid a visit to the store and wanted to browse the web using the free Wi-Fi, only to discover that his laptop was unknowingly converted into a cryptocurrency miner.

    He then turned to Twitter to ask Starbucks if they know about the what he described as bitcoin mining taking place without customers knowing about it.

    “Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand,” he said in his tweet.

  • Italian Prosecutor Makes Request to Close Hacking Team Investigation

    The damaging data breach that exposed the secrets of an infamous surveillance tech company might go unsolved forever. After more than two years, the Italian prosecutor who was investigating the attack on the Milan-based Hacking Team has asked the case to be dismissed, according to multiple sources.

    On Monday, the Milan prosecutor Alessandro Gobbis sent a notice to the people under investigation informing them that he had sent the judge a request to shut down the investigation, according to a copy of the document obtained by Motherboard.

Parrot Security 3.10 Ethical Hacking OS Adds Full Firejail/AppArmor Sandboxing

Filed under
Security
Debian

ParrotSec devs released today a new stable version of their Debian-based Parrot Security OS ethical hacking and penetration testing GNU/Linux distribution.

There are many enhancements implemented in the Parrot Security OS 3.10 release, but the biggest new feature is the introduction of a full Firejail and AppArmor sandboxing system that should proactively protect the operating system from attacks by isolating its components with the combination of various security techniques.

"The first experiments were already introduced in Parrot 3.9 with the inclusion of Firejail, but we took almost a month of hard work to make it even better with the improvement of many profiles, the introduction of the AppArmor support and enough time to make all the tests," reads today's announcement.

Read more

Also: Parrot 3.10 is out

Red Hat: Common Criteria Certification and Thunderbolt

Filed under
Red Hat
Security

Security: Bolt, Updates, NIST, Starbucks

Filed under
Security

Introducing bolt: Thunderbolt 3 security levels for GNU/Linux

Filed under
GNU
Linux
Security

Today I released the first version 0.1 (aka "Accidentally Working") of bolt, a system daemon that manages Thunderbolt 3 devices. It provides a D-Bus API to list devices, enroll them (authorize and store them in the local database) and forget them again (remove previously enrolled devices). It also emits signals if new devices are connected (or removed). During enrollment devices can be set to be automatically authorized as soon as they are connected. A command line tool, called boltctl, can be used to control the daemon and perform all the above mentioned tasks (see the man page of boltctl(1) for details).

Read more

Security: VLC Bug Bounty, Avast Tools, Intel ME

Filed under
Security
  • European Commission Kicks Off Open-Source Bug Bounty

    The European Commission has announced its first-ever bug bounty program, and is calling on hackers to find vulnerabilities in VLC, a popular open-source multimedia player loaded on every workstation at the Commission.

    The program has kicked off with a three-week, invitation-only session, after which it will be open to the public. Rewards include a minimum of $2,000 for critical severity bugs, especially remote code execution.

    High severity bugs such as code execution without user intervention, will start at $750. Medium severity bugs will start at a minimum of $300; these include code execution with user intervention, high-impact crashes and infinite loops. Low-severity bugs, like information leaks, crashes and the like, will pay out starting at $100.

  • Avast launches open-source decompiler for machine code

    Keeping up with the latest malware and virus threats is a daunting task, even for industry professionals. Any device connected to the Internet is a target for being infected and abused. In order to stop attacks from happening, there needs to be an understanding of how they work so that a prevention method can be developed.

    To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS.

  • Avast makes 'RetDec' machine-code decompiler open source on GitHub

    Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.

  • The Intel ME vulnerabilities are a big deal for some people, harmless for most

    (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)

    I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and it's not absolutely the worst case scenario but it's still pretty bad. The short version is that one of the (signed) pieces of early bringup code for the ME reads an unsigned file from flash and parses it. Providing a malformed file could result in a buffer overflow, and a moderately complicated exploit chain could be built that allowed the ME's exploit mitigation features to be bypassed, resulting in arbitrary code execution on the ME.

    Getting this file into flash in the first place is the difficult bit. The ME region shouldn't be writable at OS runtime, so the most practical way for an attacker to achieve this is to physically disassemble the machine and directly reprogram it. The AMT management interface may provide a vector for a remote attacker to achieve this - for this to be possible, AMT must be enabled and provisioned and the attacker must have valid credentials[1]. Most systems don't have provisioned AMT, so most users don't have to worry about this.

Cryptography in Ubuntu 16.04 and GTK2 Demotion

Filed under
GNOME
Security
Ubuntu
  • Canonical Announces Certified FIPS 140-2 Cryptographic Packages for Ubuntu 16.04

    Canonical announced on Wednesday the availability of officially certified FIPS 140-2 cryptographic packages for the long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system series through its Cryptographic Module Validation Program.

    Level 1 FIPS 140-2 cryptographic packages can now be purchased for your Ubuntu 16.04 LTS operating system through Canonical's Ubuntu Advantage service or as a separate, standalone product. Ubuntu Advantage subscribers can already find the FIPS-compliant modules in the Ubuntu Advantage private archive if they use Ubuntu 16.04 LTS (Xenial Xerus) on their PCs.

  • GTK2 demotion
  • Ubuntu Developers Working Towards The Eventual Demotion Of GTK2

    Not only are Ubuntu developers working towards demoting Python 2 on their Linux distribution but they are also working on being able to demote the GTK2 tool-kit from the main archive to universe followed by its eventual removal in the future.

    Matthias Klose is hoping to organize more work towards this slow demotion process of GTK2 and ideally to get some of the issues cleared up ahead of the Ubuntu 18.04 Long-Term Support release in April.

Security: Fuzzing, Windows, and ROBOT

Filed under
Security
  • Language bugs infest downstream software, fuzzer finds

    Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.

    That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi.

    As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee. Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”

  • Kaspersky Antivirus Engine Causing BSOD on Windows 10 Fall Creators Update

    Despite the criticism it received in the United States and in the United Kingdom, Kaspersky continues to be one of the leading security vendors for Windows users across the world, with its software protecting millions of systems powered by Microsoft’s OS.

    But it turns out that some of those whose computers were running the Windows 10 Fall Creators Update and Kaspersky Internet Security 2018 have been hit by a bug causing a Blue Screen of Death (BSOD) since earlier this month.

    BornCity reveals that the issue first appeared earlier this month when some users complained of a BSOD on Windows 10 build 16299.98, which indicates that these systems were running the latest version of the OS with cumulative update KB4051963.

  • ROBOT Attack

    ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

  • ROBOT Attack: 19-Year-Old Bug Returns With More Power To Target Facebook & Paypal

    The attack can compromise a website’s RSA encryption by decrypting the data using the private key of the TLS server. It was possible because of the vulnerability present in the RSA algorithm used in SSL protocol, exploited by Bleichenbacher.

Security: Patch Management, Windows Keyloggers, and Fingerprinting MySQL

Filed under
Security
  • Open Source Patch Management: Options for DIYers [Ed: "Linux comes with patch management," it says, which defeats much of the point of this article...]

    CVE-2017-5638 is the code vulnerability that will long live in the corporate memory of Equifax, the credit ratings agency. A simple patch management system might have kept that vulnerability from turning into one of the most high-profile data breaches in recent memory.

    CVE-2017-5638 is a remote code execution bug that affects the Jakarta Multipart parser in Apache Struts, an open source application framework for developing Java EE web applications. Remote code execution bugs are generally extremely serious, and for that reason, when the vulnerability was discovered, the Apache Foundation recommended that any developers or users of affected versions of Struts upgrade to later versions that had been patched to close the vulnerability.

  • HP laptops found to have hidden keylogger

    HP said more than 460 models of laptop were affected by the "potential [sic] security vulnerability".

    [...]

    In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.

  • Fingerprinting MySQL with scannerl

    The goal here is to identify the version of MySQL running on a remote host.

Security: NSA, Microsoft Debacles, and FOSS Updates

Filed under
Security
  • Script Recovers Event Logs Doctored by NSA Hacking Tool

    Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines.

    Last week, Fox-IT published a Python script that recovers event log entries deleted using the "eventlogedit" utility that's part of DanderSpritz, a supposed NSA cyber-weapon that was leaked online by a hacking group known as the Shadow Brokers.

    According to Fox-IT, they found a flaw in the DanderSpritz log cleaner when they realized the utility does not actually delete event log entries, but only unreferences them, merging entries together.

  • Pre-Installed Keylogger Discovered on Hundreds of HP Laptop Models

    A keylogger that can help record pretty much every keystroke on the computer has been discovered on HP’s devices, with a security researcher revealing that hundreds of laptop models come with this hidden software pre-installed.

    Michael Myng says in an analysis of the keylogger that the malicious code is hiding in the Synaptics Touchpad software and he actually discovered it when looking into ways to control the keyboard backlight on his laptop.

    According to his findings, the keylogger isn’t activated by default, but it can be turned on by any cybercriminals that get access to the system. The list of affected models includes hundreds of laptops like EliteBook, ProBook, Spectre, Zbook, Envy, and Pavilion.

  • Laptop touchpad driver included extra feature: a keylogger [Ed: This is the second time in recent times HP gets caught with keyloggers; This is no accident, it's intentional.]

    Flaws in software often offer a potential path for attackers to install malicious software, but you wouldn't necessarily expect a hardware vendor to include potentially malicious software built right into its device drivers. But that's exactly what a security researcher found while poking around the internals of a driver for a touchpad commonly used on HP notebook computers—a keystroke logger that could be turned on with a simple change to its configuration in the Windows registry.

  • Microsoft Needed 110 Days to Fix Critical Security Bug After First Ignoring It

    Microsoft needed more than 100 days to fix a critical credential leak in Dynamics 365 after the company originally ignored the bug report and only reacted after being warned that details could go public.

    Software engineer Matthias Gliwka explains in a long blog post that he discovered and reported a security flaw in Microsoft’s Customer Relationship Manager and Enterprise Resource Planning software in August, but the software giant refused to fix it on claims that administrator credentials would be required.

    Gliwka says he came across a wildcard transport layer security (TLS) certificate that also included the private key, which would in turn expose communications by anyone who could decrypt traffic. The developer says that extracting the certificate grants access to any sandbox environment, with absolutely no warning or message displayed to clients.

  • UK Spy Agency Finds Severe Flaw in Microsoft Antivirus in Kaspersky Bye-Bye Push
  • Security updates for Monday
Syndicate content

More in Tux Machines

today's howtos

Graphics: Texture Compression, Enlightenment Foundation Libraries (EFL), and AMD FreeSync

  • Unity Continues Crunching More Out Of Crunch Texture Compression
    Unity is one of the big public users of the open-source Crunch DXT texture compression library. While it's no longer maintained by Rich Geldreich / Binomial, Unity has continued advancing this open-source code to further improve the compression ratio and speed. For months Unity has been talking about their promising findings with Crunch. But this is the project that Rich Geldreich, the former Valve developer, previously expressed regret having open-sourced all of it. While he is on to working on better and more advanced technologies at his Binomial startup, Unity is working to squeeze more out of this open-source library.
  • Improving EFL Graphics With Wayland Application Redraws
    Under X, application redraws are tricky to do without tearing because content can be updated at any chosen time with no clear feedback as to when the compositor will read it. EFL uses some clever tricks to this end (check out the state of the art X redraw timing for yourself), but it’s difficult to get right in all cases. For a lot of people this just works, or they’re not sensitive to the issue when it doesn’t.
  • Improved Wayland Application Redraws Coming To Enlightenment's EFL
    Samsung's Open-Source Group has been working on making their Wayland support in the Enlightenment Foundation Libraries (EFL) even better. The latest Wayland work on the Enlightenment/EFL front has been improving the application redraw process. The EFL toolkit with the upcoming v1.21 release will now be hooking into Wayland's frame callbacks to better dealing with drawing, only drawing when necessary, and doing so without the possibility of tearing.
  • AMD FreeSync For Tear-Free Linux Gaming - Current State In 2017
    If you are thinking of gifting yourself (or someone else) a FreeSync-compatible monitor this holiday season, here's a look at how the AMD FreeSync support is working right now, the driver bits you need to be aware of, and how it's all playing out for those wanting to use this tear-free capability for Linux gaming.

KStars 2.8.9 is released!

Here comes the last KStars release for 2017! KStars v2.8.9 is available now for Windows, MacOS, and Linux. Robert Lancaster worked on improving PHD2 support with Ekos. This includes retrieving the guide star image, drift errors and RMS values, among other minor improvements and refactoring of the Ekos PHD2 codebase to support future extensions. Read more

Security: Mirai, Vista 10, Starbucks, and Hacking Team Investigation

  • Mirai IoT Botnet Co-Authors Plead Guilty

    The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

  • Google Researcher Finds Flaw in Pre-Installed Windows 10 Password Manager
    Google security researcher Tavis Ormandy, who has previously discovered, reported, and disclosed several major bugs in Windows and its features, came across a new security vulnerability affecting Microsoft users. This time, the flaw exists in the Keeper password manager that comes pre-installed in some Windows 10 versions, with Ormandy explaining that it’s similar to a vulnerability that he discovered in August 2016. “I remember filing a bug a while ago about how they were injecting privileged UI into pages,” Ormandy explained on December 14. “I checked and, they're doing the same thing again with this version,” he continues.
  • Starbucks Wi-Fi Turned People’s Laptops into Cryptocurrency Miners
    The free Wi-Fi that the Buenos Aires Starbucks offers to its customers was being used to mine for cryptocurrency, and what’s worse, it used people’s laptops to do it. The whole thing was discovered by Stensul CEO Noah Dinkin who actually paid a visit to the store and wanted to browse the web using the free Wi-Fi, only to discover that his laptop was unknowingly converted into a cryptocurrency miner. He then turned to Twitter to ask Starbucks if they know about the what he described as bitcoin mining taking place without customers knowing about it. “Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand,” he said in his tweet.
  • Italian Prosecutor Makes Request to Close Hacking Team Investigation
    The damaging data breach that exposed the secrets of an infamous surveillance tech company might go unsolved forever. After more than two years, the Italian prosecutor who was investigating the attack on the Milan-based Hacking Team has asked the case to be dismissed, according to multiple sources. On Monday, the Milan prosecutor Alessandro Gobbis sent a notice to the people under investigation informing them that he had sent the judge a request to shut down the investigation, according to a copy of the document obtained by Motherboard.