Language Selection

English French German Italian Portuguese Spanish

Security

Dumbo

Filed under
Microsoft
Security

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Read more

Security: Swedish Breach, 'Hacked' [sic], Black Hat and Defcon and WordPress Patches

Filed under
Security
  • Following security breach, Sweden shores up outsourcing rules

    The Swedish government is restricting outsourcing of privacy sensitive data, following the possible leak of all of its vehicle data, outsourced to IBM in 2015 without the proper security checks. The stricter limits on what may be outsourced, were announced at a press conference on 24 July by Prime Minister Stefan Löfven.

  • 12 signs you've been hacked -- and how to fight back [Ed: Microsoft employee describes the symptoms of knowing your PC is hijacked by someone (other than Microsoft)]

    In today's threatscape, anti-malware software provides little peace of mind. In fact, anti-malware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.

    To combat this, many antimalware programs monitor program behaviors, often called heuristics, to catch previously unrecognized malware. Other programs use virtualized environments, system monitoring, network traffic detection and all of the above at once in order to be more accurate. Still they fail us on a regular basis.

  • Security This Week: The Very Best Hacks From Black Hat and Defcon

    As they do every year, hackers descended on Las Vegas this week to show off the many ways they can decimate the internet's security systems. Here's a collection of some of our favorite talks from this week's Black Hat conference, including some we didn't get the chance to cover in depth.

  • WordPress 4.8.1 Maintenance Release

    After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.

    This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.

Security: Updates, DDOS, Russia, and 'The Darkening Web'

Filed under
Security
  • Security updates for Wednesday
  • Kaspersky says that DDoS attacks are back in fashion
  • Man used DDoS attacks on media to extort them to remove stories, FBI says

    A 32-year-old Seattle man is behind bars while awaiting a federal hacking trial for launching a DDoS attack. He is being held without bail on allegations that he attacked a US-based legal services website to force it to remove a link to a case citation about his past criminal conduct. The authorities also say the suspect launched distributed denial of service attacks on various overseas media outlets for not removing stories about his credit-card scam and other crimes.

    The FBI says that the day after a DDoS attack in January, 2015, the suspect sent an e-mail to Leagle.com pretending to be the hacking group Anonymous. The e-mail explained that the DDoS attack was launched because the defendant, Kamyar Jahanrakhshan, "is being unjustly victimised by you" for not abiding by his numerous requests to remove the link and even pay $100 in cash to get the job done.

  • White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner Called Them “Morons”

    The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

    This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

    But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

  • 'The Darkening Web' warns of destruction through cyber means

Security: Updates, Reproducible Builds, RSA and "Echo" Bugging Devices

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #118
  • Episode 57 - We may never see amazing security research ever again

    Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.

  • Q&A: Former RSA CEO's new venture takes on Linux container security

    The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.

  • How a hacked Amazon Echo could secretly capture your most intimate moments

    It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.

    To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.

Security: Updates, Windows Disasters, Swedish Cabinet, Sonatype, Vault 7, Firejail, DEF CON 25, Windows 10, Svpeng, TLS

Filed under
Security
  • Security updates for Monday
  • Ransomware: Claim that 22% SMBs shutting shop after attacks [iophk: "Windows TCO"]

     

    Ransomware attacks caused 22% of small and medium-sized businesses in seven countries, including Australia, to pack up for good, a report from the security firm Malwarebytes claims.  

  • Swedish Cabinet reshuffled in wake of IT security row

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

  • Active Management of Open Source Components Delivers Measurable Improvements Claims Sonatype Report

    In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). Analysis also showed that applications built by teams utilising automated governance tools reduced the percentage of defective components by 63%.

  • The CIA’s Aeris Malware Can Exfiltrate Data From Linux Systems

    Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.

  • Firejail A Namespace Separation Security Sandbox

    ​Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique. 

    ​Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

  • Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

     

    Nearly 20 years later, the country's voting security debt has mounted to incredible heights, and finally, just maybe, the security researchers are getting the hearing they deserve.  

  • Def Con hackers showed how easily voting machines can be hacked [Ed: Windows powered]

    At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.”

    And they did. Most of the voting machines were purchased via eBay, but some did come from government auctions. Despite the various different manufacturers of the voting equipment boxes, there was a common theme—they are “horribly insecure.”

    Granted, come election day, officials would likely notice if hackers were physically taking apart the machines. Tinkering with an external USB port on a computerized voting box and using it to upload malicious software may or may not get noticed. Yet those are not the only ways hackers could potentially influence votes and an election’s outcome; there’s the sneaky way of remotely accessing the machine from a laptop.

  • How DEF CON Securely Streams Video to Hackers [Author: "Linux Powered!"]

    The DEF CON 25 security conference is famous for its wide variety and number of security sessions and events. Not everyone can be in every session and some even choose to watch remotely, which is where DEF CON TV (DCTV) comes into play.

    DCTV streamed several sessions from the event, both to local hotels as well as the outside internet. Securely setting up and managing the DCTV streaming is no easy task, but it's one that DEF CON hackers put together rapidly.

  • Windows 10 default user profile is potentially writable by everyone

     

    Microsoft refuses to fix the issue properly because there is a "simple command everyone can execute" but has not (to my knowledge) told anyone about this command because everyone assumes the issue has been fixed by KB4022715 and KB4022725

  • [Older] The Internet of Things : A disaster for no good reason

     

    The reason I'm frustrated is because if these things were designed this way, I would WANT them. I really wish my washing machine would tell me when the wash is done because I am EXTREMELY bad at remembering to go check on it. But I can't buy that, I can't buy something that just has a $5 microprocessor with just enough intelligence to connect to the internet and send me an email or a push notification if the buzzer on the washer goes off. The only thing I can buy is a washing machine that's had a horrible, unreliable PC full of quarter-baked software crammed into it which will stop working when some godforsaken cloud service is "sunset", and which is so dependant on the reliability and trustworthiness of the software on the computer that if someone hacks it or the software has a bug, the washer can start spraying water at me when I have the loading door open.

  • 'Most dangerous' banking trojan gets update

     

    Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.  

  • Enterprise Network Monitoring Needs Could Hamper the Adoption of TLS 1.3

    The upcoming version of the Transport Layer Security (TLS) protocol promises to be a game changer for web encryption. It will deliver increased performance, better security and less complexity. Yet many website operators could shun it for years to come.

    TLS version 1.3 is in the final stages of development and is expected to become a standard soon. Some browsers, including Google Chrome and Mozilla Firefox, already support this new version of the protocol on an opt-in basis and Cloudflare enables it by default for all websites that use its content delivery network.

Security: Mirai, Microsoft Lets Zero-Day Remain, Sweden Still Shocked Over Swedish Transport Agency Leak

Filed under
Security
  • Hackers accidentally create network busting malware

     

    The malware is a variant of the Mirai botnet. Mirai infected internet-connected security cameras and coordinated them to repeatedly access the same server at the same time. The traffic would overwhelm the targeted server with requests and knock it offline. That type of attack is known as a distributed denial of service (DDoS).  

  • Mirai Goes Open-Source and Morphs into Persirai [Ed: Sure, sure... make it sound like an "open source" issue...]

    The Mirai malware has become notorious for recruiting Internet of Things devices to form botnets that have launched some of the largest distributed denial-of-service (DDoS) attacks recorded to date. Mirai came onto the scene in late 2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It's also purported to have been the basis of the attack in October 2016 that brought down sites including Twitter, Netflix, Airbnb and many others. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.

    When the research team at Imperva accessed the Incapsula logs after the Krebs attacks last fall, they found that, indeed, the Mirai botnet had been active well before the notorious September attack. Imperva discovered a botnet of nearly 50,000 Mirai-infected devices spread throughout 164 countries, with the top-infected countries identified as Vietnam, Brazil and the United States. But even before Mirai became public, the Imperva team saw vulnerable IoT devices as a problem in the making.

  • Microsoft refuses to fix 20-year-old SMB zero-day

     

    A 20-year-old flaw in the server message block protocol used in Windows has been uncovered by two researchers who presented the details of their finding at last week's DEFCON security conference in Las Vegas.  

  • Swedish Cabinet reshuffled in wake of IT security row

    IT scandal turns into political crisis for Swedish government following outsourcing of Swedish Transport Agency contract

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

Security: Tesla, Black Hat, Sweden, and Vault 7

Filed under
Security

Security: DDoS, Broadcom, Black Hat, Google Play, Vault 7 “Aeris”

Filed under
Security
  • Seattle man held over DDoS attacks in Australia, US and Canada

     

    The DDoS attacks took place in 2015 and many of the businesses were contacted by an individual who made unspecified demands from them.

  • Joint international operation sees US citizen arrested for denial of service attacks on IT systems [iophk: "no word yet on any arrests of those that deployed Microsoft systems and connected them  to the network in the first place"]

     

    A two and a half year joint operation between the Australian Federal Police (AFP), Federal Bureau of Investigation (FBI) and Toronto Police Department has resulted in a 37-year-old Seattle man being arrested in connection with serious offences relating to distributed denial of service attacks on IT systems.  

  • Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack

    It's not often that a security researcher devises an attack that can unleash a self-replicating attack which, with no user interaction, threatens 1 billion smartphones. But that's just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.

    At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm "Broadpwn."

  • Sounds bad: Researchers demonstrate “sonic gun” threat against smart devices

    At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS). A sonic "gun" could in theory be used to knock drones out of the sky, cause robots to fail, disorient virtual or augmented reality software, and even knock people off their "hoverboard" scooters. It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.

    Many of the commercial gyroscope sensors in electronic devices are tuning fork gyroscopes—MEMS devices that use the vibrations of two "proof masses" to track rotation and velocity. But an outside source of vibration matching the resonant frequency of the gyroscope could interfere with the sensor's stability and cause the sensor to send bad data to the device it is embedded in.

  • Stealthy Google Play apps recorded calls and stole e-mails and texts

    Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data.

  • For a security conference that everyone claims not to trust the wifi, there sure was a lot of wifi
  • WikiLeaks releases Manual for Linux Implant “Aeris”

Security: Updates, GCC Bug, Mt. Gox, Bad Taste, Vault 7, IPv6 Firewalls and More

Filed under
Security

Security: Updates, Swedish Government, Citadel Trojan, Anchore Navigator, Kaspersky, Budapest Transit Authority, Cryptography

Filed under
Security
  • Security updates for Wednesday
  • Swedish Government Scrambles to Contain Damage From Data Breach

    In addition, the identities of people working undercover for the Swedish police and the Swedish security service, known as Sapo, may have been revealed, along with names of people working undercover for the special intelligence unit of the Swedish armed forces.

  • How a Citadel Trojan Developer Got Busted

    Aquabox took the bait, and asked the FBI agents to upload a screen shot of the bug they’d found. As noted in this September 2015 story, the FBI agents uploaded the image to file-sharing giant Sendspace.com and then subpoenaed the logs from Sendspace to learn the Internet address of the user that later viewed and downloaded the file.

  • Anchore Navigator 2.0 beta now available - container analysis and security toolkit
  • Kaspersky Launches Free Antivirus For Everybody — Download It Here [Ed: Or don't. It's proprietary software and may contain secret back doors.]

    With the increasing rise in the intensity and volume of online threats, our computers and smartphones are becoming more prone to attacks. In such situations, it becomes necessary to look for a capable antivirus solution to make sure that your online life is safe and sound. Along the similar lines, Russian cybersecurity giant has released a free version of its antivirus named Kaspersky Free.

  • Teenager Reports Laughable Flaw In Budapest Transit Authority's Ticketing System And Is Promptly Arrested

    For some reason, this keeps happening and I will never understand why. For years, we have covered incidents where security researchers benignly report security flaws in the technology used by companies and governments, doing what can be characterized as a service to both the public and those entities providing the flawed tools, only to find themselves threatened, bullied, detained, or otherwise dicked with as a result. It's an incredibly frustrating trend to witness, with law enforcement groups and companies that should want to know about these flaws instead shooting the messenger in what tends to look like a fit of embarrassment.

  • SK Telecom makes light of random numbers for IoT applications

    Quantum random number generators aren't new, but one small enough to provide practical security for Internet of Things applications is interesting.

    That's what South Korean telco SK Telecom reckons its boffins have created, embedding a full quantum random number generator (QRNG) in a 5x5mm chip.

    The company's pitch is that QRNGs are large and (at least compared to IoT requirements) expensive, and it wants a commercial tie-up to make its research into an off-the-shelf device.

  • Post Quantum Cryptography

    Traditional computers are binary digital electronic devices based on transistors. They store information encoded in the form of binary digits each of which could be either 0 or 1. Quantum computers, in contrast, use quantum bits or qubits to store information either as 0, 1 or even both at the same time. Quantum mechanical phenomenons such as entanglement and tunnelling allow these quantum computers to handle a large number of states at the same time.

    Quantum computers are probabilistic rather than deterministic. Large-scale quantum computers would theoretically be able to solve certain problems much quicker than any classical computers that use even the best currently known algorithms. Quantum computers may be able to efficiently solve problems which are not practically feasible to solve on classical computers. Practical quantum computers will have serious implications on existing cryptographic primitives.

  • Rethinking the Stack Clash fix
Syndicate content

More in Tux Machines

OSS Leftovers

  • Canada’s Spy Agency Releases its Cyber-Defense Tool for Public
  • Canadian govt spooks open source anti-malware analytics tool
    The Communications Security Establishment (CSE) said the AssemblyLine tool is designed to analyse large volumes of files, and can automatically rebalance workloads.
  • Microservices served on blockchain, in open source
    Cloud application marketplace company Wireline is working with open source blockchain project developer Qtum The new union is intended to provide a conduit to consuming microservices at [web] scale using blockchain at the core. As we know, microservices offer the ability to create Application Programming Interfaces (APIs) without having to manage the underlying hardware and software infrastructure. [...] The Qtum a blockchain application platform combines the functions of Bitcoin Core, an account abstraction layer allowing for multiple virtual machines and a proof-of-stake consensus protocol aimed at tackling industry-use cases. The Qtum Foundation, headquartered in Singapore, is the decision-making body that drives the project’s development.
  • Rendering HTML5 video in Servo with GStreamer
    At the Web Engines Hackfest in A Coruña at the beginning of October 2017, I was working on adding some proof-of-concept code to Servo to render HTML5 videos with GStreamer. For the impatient, the results can be seen in this video here
  • Working Intel CET Bits Now Land In GCC8
    A few days back I wrote about Intel's work on Control-flow Enforcement Technology beginning to land in GCC. This "CET" work for future Intel CPUs has now landed in full for GCC 8. The bits wiring up this control-flow instrumentation and enforcement support are now all present in mainline GCC SVN/Git for next year's GCC 8.1 release.
  • Using Gitea and/or Github to host blog comments
    After having moved from FSFE’s wordpress instance I thought long about whether I still want to have comments on the new blog. And how I would be able to do it with a statically generated site. I think I have found/created a pretty good solution that I document below.

Security Leftovers

  • Where Did That Software Come From?
    The article explores how cryptography, especially hashing and code signing, can be use to establish the source and integrity. It examines how source code control systems and automated build systems are a key part of the software provenance story. (Provenance means “a record of ownership of a work of art or an antique, used as a guide to authenticity or quality.” It is increasingly being applied to software.)
  • Judge: MalwareTech is no longer under curfew, GPS monitoring [Updated]
    A judge in Milwaukee has modified the pre-trial release conditions of Marcus Hutchins, also known online as "MalwareTech," who was indicted two months ago on federal criminal charges. Under US Magistrate Judge William Duffin’s Thursday order, Hutchins, who is currently living in Los Angeles, will no longer be subject to a curfew or to GPS monitoring.
  • [Older] Leicester teen tries to hack CIA and FBI chiefs' computers
    A teenager attempted to hack senior US government officials' computers from his home. Kane Gamble, 18, from Coalville, Leicestershire, pleaded guilty to 10 charges relating to computer hacking. His targets included the then CIA director John Brennan and former FBI deputy director Mark Giuliano.

Debian: pk4, Freexian and More

Kernel and Graphics: ZenStates, AMDGPU, RADV, Vulkan, NVIDIA

  • ZenStates Allows Adjusting Zen P-States, Other Tweaking Under Linux
    ZenStates is an independent effort to offer P-States-based overclocking from the Linux desktop of AMD Ryzen processors and other tuning. ZenStates-Linux is an open-source Python script inspired by some available Windows programs for offering Ryzen/Zen CPU overclocking from the desktop by manipulating the performance states of the processor.
  • AMDGPU DC Gets A Final Batch Of Changes Before Linux 4.15
    The AMDGPU DC display code has a final batch of feature updates that were sent in this weekend for DRM-Next staging and is the last set besides fixes for the "DC" code for the 4.15 target.
  • Valve Developer Lands VK_EXT_global_priority For RADV Vulkan Driver
  • Vulkan 1.0.64 Adds In Another AMD-Developed Extension
    Vulkan 1.0.64 is out this weekend as the newest specification refinement to this high-performance graphics/compute API. As usual, most of the changes for this minor Vulkan revision are just documentation clarifications and corrections. This week's update brings just under a dozen fixes.
  • NVIDIA TX2 / Tegra186 Display Support Isn't Ready For Linux 4.15
    While the Jetson TX2 has been out since this past March and it's a phenomenal ARM development board, sadly the Direct Rendering Manager (DRM) driver support for it still isn't ready with the mainline Linux kernel. Thierry Reding of NVIDIA sent in the Tegra DRM driver changes for DRM-Next that in turn is staged for Linux 4.15. Reding commented that there is prepatory work for the TX2 (Tegra186) but it's not all ready for upstream yet.