Language Selection

English French German Italian Portuguese Spanish

Security

Security and Encryption: Revenge, CIA Cracks, FUD, Black Hat, LinuxKit and Docker, GCHQ on e2, and DRM

Filed under
Security
  • Who's got your hack back?

    The topic of hacking back keeps coming up these days. There's an attempt to pass a bill in the US that would legalize hacking back. There are many opinions on this topic, I'm generally not one to take a hard stand against what someone else thinks. In this case though, if you think hacking back is a good idea, you're wrong. Painfully wrong.

    Everything I've seen up to this point tells me the people who think hacking back is a good idea are either mistaken about the issue or they're misleading others on purpose. Hacking back isn't self defense, it's not about being attacked, it's not about protection. It's a terrible idea that has no place in a modern society. Hacking back is some sort of stone age retribution tribal law. It has no place in our world.

    [...]

    So this has me really thinking. Why would anyone want to hack back? There aren't many reasons that don't revolve around revenge. The way most attacks work you can't reliably know who is doing what with any sort of confidence. Hacking back isn't going to make anything better. It would make things a lot worse. Nobody wants to be stuck in the middle of a senseless feud. Well, nobody sane.

  • CIA has hacking tools, says Wikileaks

    The leaked papers have revealed that the agency turned to software which is named BothanSpy and Gyrfalcon to steal user credentials.

  • Linux Malware and Attacks on the Rise [Ed: This whole thing is based on a Microsoft ally from Seattle. Microsoft FUD by proxy, to distract from WannaCry Armageddon?]
  • Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years

    A major compromise of U.S. critical infrastructure will occur in the next couple of years, according to a majority of IT security professionals -- and most expect breaches of their own enterprise networks to occur even sooner.

    These serious concerns are among those registered by respondents to the 2017 Black Hat Attendee Survey, the results of which are being published Wednesday. The survey offers insights on the plans and attitudes of 580 experienced security professionals, including many cybersecurity leaders who work in critical-infrastructure industries.

  • LinuxKit and Docker Security

    Docker got its start not just as a container system, but also as a Linux container system. Since then, Docker has developed versions of its container management systems for other platforms, including widely used cloud service providers, as well as Windows and the Macintosh OS. Many of these platforms, however, either have considerable variation in the Linux features which are available, or do not natively supply a full set of Linux resources.

  • Former GCHQ boss backs end-to-end encryption

    Former GCHQ director Robert Hannigan has spoken out against building backdoors into end-to-end encryption (e2) schemes as a means to intercept communications by terrorists and other ne'er do wells.

    Home Secretary Amber Rudd has criticised mobile messaging services such as WhatsApp, that offer end-to-end encryption in the wake of recent terror outages, such as the Westminster Bridge attack, arguing that there should be no place for terrorists to hide.

    Hannigan, who led GCHQ between November 2014 and January 2017, struck a different tone in an interview with BBC Radio 4 flagship news programme Today on Monday morning, arguing there's no simple answer on the national security challenges posed by encryption.

  • How big is the market for DRM-Free?

     

    They reached a shocking conclusion: DVD players with even minimal circumvention features sell for about 50% more than similarly reviewed DVD players of similar vintage -- that means that in a commodity electronics category where the normal profit would be 2% or less, manufacturers that sell a model with just slightly different software (a choice that adds virtually nothing to the manufacturing costs) pocket 25 times the profits.  

Security: GnuPG Encryption, Wildcard Certificates, Stack Clash, BothanSpy and Gyrfalcon

Filed under
Security
  • Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library
  • Wildcard Certificates Coming January 2018

    Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.

    Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015. If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign.

  • Ripples from Stack Clash

    In one sense, the Stack Clash vulnerability that was announced on June 19 has not had a huge impact: thus far, at least, there have been few (if any) stories of active exploits in the wild. At other levels, though, this would appear to be an important vulnerability, in that it has raised a number of questions about how the community handles security issues and what can be expected in the future. The indications, unfortunately, are not all positive.

  • CIA programs to steal your SSH credentials (BothanSpy and Gyrfalcon)

Security: Cybersecurity Index. Security Updates, Vault 7, and CloudLinux

Filed under
Security

Security: Ransomware, BothanSpy, Gyrfalcon, and Grsecurity

Filed under
Security
  • Hackers {sic} Linked to NotPetya Ransomware Decrypted a File For Us
  • Vault 7: Documents detail implants for stealing SSH traffic

    The implant for Windows is called BothanSpy and targets versions 3,4 and 5 of the SSH client Xshell. It dates back to 2015. The Linux implant is known as Gyrfalcon and is aimed at OpenSSH; it dates back to 2013.

  • WikiLeaks: CIA steals SSH credentials from Windows and Linux with BothanSpy and Gyrfalcon tools

    The leaked documentation for the tools was updated as recently as March 2015, and the file relating to BothanSpy reveals that XShell needs to be installed as it itself installs as a Shellterm extension. There are smatterings of humor throughout the file, with a warning that: "It does not destroy the Death Star, nor does it detect traps laid by The Emperor to destroy Rebel fleets." There is also the introductory quip: "Many Bothan spies will die to bring you this information, remember their sacrifice."

  • Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers

    By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kern

Security: Black Duck FUD, Bitcoin Lapse, and Claims of libgcrypt Weakness

Filed under
Security
  • Open source to blame for rise of ransomware? [Ed: "Black Duck raises concerns" to smear FOSS again; A Microsoft-connected FUD firm.]
  • Hijacking Bitcoin: routing attacks on cryptocurrencies

    The Bitcoin network has more than 6,000 nodes, responsible for up to 300,000 daily transactions and 16 million bitcoins valued at roughly $17B.

    [...]

    BGP (Border Gateway Protocol) is the routing protocol that controls how packets are forwarded in the Internet. Routes are associated with IP prefixes, and are exchanged between neighbouring networks (Autonomous Systems, AS). The origin AS makes the original route announcement, and this then propagates through the network hop by hop.

  • Researchers open sliding window to completely break libgcrypt RSA-1024

    In their paper the researchers display a good sense of humour in calling the vulnerability 'sliding right into disaster'. That's because it exploits the fact that exponent bits leaked by the 'sliding window' process used by libgcrypt can be used to carry out a key recovery attack against RSA. This despite it previously being thought that even if the entire pattern of squarings and multiplications was observed courtesy of s side-channel attack, it wouldn't leak enough exponent bits to be of any real use.

Leak: CIA Targets SSH

Filed under
Security
  • BothanSpy

    Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

    BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

    Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

Security: Public Database Dumps, Default Passwords, Microsoft Breach, Back Doors, and OpenBSD

Filed under
Security
  • How 2,000 Unsecured Databases Landed on the Internet [Ed: System administrators made a serious error.]

    There is a simple explanation for why this particular filename was used: In the instructions for the widely used database software MySQL, the name is used in an explanatory example.

  • Linux systems under fire [Ed: Unchanged default passwords on a "Linux" system are not a GNU/Linux issue]

    There was a marked increase in the recorded attacks on Linux systems, which are often connected to the Internet unprotected.

  • Private not state hackers likely to have targeted UK parliament: sources [Ed: Microsoft system]

    A cyber attack on email accounts of British lawmakers last month is likely to have been by amateur or private hackers rather than state-sponsored, European government sources said.

    The private email accounts of up to 90 of the 650 members of Britain's House of Commons were targeted in late June, with some news reports suggesting that the attack was carried out by a foreign government, such as Russia.

    However, cyber security experts had found that the hackers only managed to access accounts of lawmakers who used primitive and easily discovered passwords, the sources, who are familiar with the investigations into the attacks, said.

  • Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak

    The third-party software updater used to seed last week's NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed.

    Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.

  • Moving Beyond Backdoors To Solve The FBI's 'Going Dark' Problem

    Former FBI Director James Comey stated on more than one occasion that he'd like to have an "adult conversation" about device encryption. He wasn't sincere. What he actually meant was he'd like to have all the "smart people" in the tech world solve his problems for him, either by capitulating to his requests for encryption backdoors or by somehow crafting the impossible: a secure backdoor.

    Comey is gone, but his legacy lives on. The FBI wants to keep the "going dark" narrative alive. Deputy Attorney General Rod Rosenstein has already asked Congress for $21 million in "going dark" money, supposedly to help the agency explore its options.

    The problem is, the options could be explored for a much lower price. Kevin Bankston offers up a few solutions -- or at least a few improved adult conversational gambits -- for the low price of $free over at Lawfare. The starting point is Comey's "adult conversation" talking point. Bankston points out you can't hold an adult conversation if you refuse to act like one.

  • OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows?

    A new feature added in test snapshots for OpenBSD releases will create a unique kernel every time an OpenBSD user reboots or upgrades his computer.

    This feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time.

    Currently, for stable releases, the OpenBSD kernel uses a predefined order to link and load internal files inside the kernel binary, resulting in the same kernel for all users.

Security: ZIP Bombs, Shadow Brokers, Linux Bashing Over Weak Passwords etc.

Filed under
Security
  • How to defend your website with ZIP bombs
  • Shadow Brokers translation

    As a service to non native English speakers I am translating the Shadow Brokers “Borat” into simple English. I am not going to do any analysis in this post, just simple translation for people who have difficulty with Shadow Brokers posts.

  • Feelin' safe and snug on Linux while the Windows world burns? Stop that [Ed: Well, with proprietary software the holes (or back doors) are sometimes intentional, unlike in GNU]

    The ransomware problems reported by The Reg over the past few weeks are enough to make you, er, wanna cry. Yet all that's happened is that known issues with Windows machines – desktop and server – have now come to everyone's attention and the bandwidth out of Microsoft's Windows Update servers has likely increased a bit relative to the previous few weeks.

  • Linux is not as safe as you think [Ed: Having default passwords on a router (or other device) is not as safe as you think]
  • IoT Fuels Growth of Linux Malware [Ed: John P. Mello Jr. is the latest among many to cite a Microsoft ally from Seattle to make Linux look terrible]

Security: Updates, Bounties, SS7 Attacks

Filed under
Security
  • Security updates for Wednesday
  • At $30,000 for a flaw, bug bounties are big and getting bigger

    Hackers are being paid as much as $30,000 for finding a single critical flaw in a company's systems, and the amount companies are willing to pay is increasing.

    While the use of such bug hunting programmes is still limited, some large organisations are offering hackers rewards for spotting flaws in their systems.

  • Windows ransomware found to be incredibly rare [Ed: Android and Linux basher Liam Tung seems to be doing some Microsoft PR today]
  • Linux and macOS malware threats tripled in 2016, according to report [Ed: Microsoft-linked sites like to the above]
  • Researchers Build Firewall to Deflect SS7 Attacks

    Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks.

    Mobile security software can do little to protect end users and BYOD workers when Signaling System 7 (SS7) vulnerabilities are exploited in mobile operotors' core mobile networks, according to security researchers.

    SS7 vulnerabilities, which can allow cybercriminals to hijack two-factor authentication codes texted to mobile phones, read and redirect text messages, eavesdrop on phone calls, and track a phone's location, have existed since 2014.

Security: Cyberweapons, Kaspersky, and Microsoft-Connected Linux FUD

Filed under
Security
  • When Cyberweapons Go Missing
  • Kaspersky Lab row: Russian minister warns of blowback

    Russian Communications Minister Nikolay Nikiforov said in a Bloomberg interview that Russia was using a "a huge proportion of American software and hardware solutions in the IT sphere, even in very sensitive areas".

    Microsoft and Cisco are said to be the American companies whose products have the highest usage in Russia.

  • Threats to Linux IoT devices on the rise [Ed: there are still puff pieces like these, citing Microsoft partner WatchGuard from Seattle, attacking perception of Linux security]

    Many of these devices, which often use old versions of Linux, have a default username and password which users often do not bother to change. Logging in with these credentials — which are easy to find on the Web — gives root access to the device in question.

  • Cybersecurity battleground shifting to Linux and web servers - report [Ed: another one of those; there have been half a dozen, mostly quoting the press release]
Syndicate content

More in Tux Machines

today's leftovers

  • [LabPlot] Improved data fitting in 2.5
    Until now, the fit parameters could in principle take any values allowed by the fit model, which would lead to a reasonable description of the data. However, sometimes the realistic regions for the parameters are known in advance and it is desirable to set some mathematical constrains on them. LabPlot provides now the possibility to define lower and/or upper bounds for the fit parameters and to limit the internal fit algorithm to these regions only.
  • [GNOME] Maps Towards 3.28
    Some work has been done since the release of 3.26 in September. On the visual side we have adapted the routing sidebar to use a similar styling as is used in Files (Nautilus) and the GTK+ filechooser.
  • MX 17 Beta 2
  • MiniDebconf in Toulouse
    I attended the MiniDebconf in Toulouse, which was hosted in the larger Capitole du Libre, a free software event with talks, presentation of associations, and a keysigning party. I didn't expect the event to be that big, and I was very impressed by its organization. Cheers to all the volunteers, it has been an amazing week-end!
  • DebConf Videoteam sprint report - day 0
    First day of the videoteam autumn sprint! Well, I say first day, but in reality it's more day 0. Even though most of us have arrived in Cambridge already, we are still missing a few people. Last year we decided to sprint in Paris because most of our video gear is stocked there. This year, we instead chose to sprint a few days before the Cambridge Mini-Debconf to help record the conference afterwards.
  • Libre Computer Board Launches Another Allwinner/Mali ARM SBC
    The Tritium is a new ARM single board computer from the Libre Computer Board project. Earlier this year the first Libre Computer Board launched as the Le Potato for trying to be a libre and free software minded ARM SBC. That board offered better specs than the Raspberry Pi 3 and aimed to be "open" though not fully due to the ARM Mali graphics not being open.
  • FOSDEM 2018 Will Be Hosting A Wayland / Mesa / Mir / X.Org Developer Room
    This year at the FOSDEM open-source/Linux event in Brussels there wasn't the usual "X.Org dev room" as it's long been referred to, but for 2018, Luc Verhaegen is stepping back up to the plate and organizing this mini graphics/X.Org developer event within FOSDEM.
  • The Social Network™ releases its data networking code
    Facebook has sent another shiver running up Cisco's spine, by releasing the code it uses for packet routing. Open/R, its now-open source routing platform, runs Facebook's backbone and data centre networks. The Social Network™ first promised to release the platform in May 2017. In the post that announced the release, Facebook said it began developing Open/R for its Terragraph wireless system, but since applied it to its global fibre network, adding: “we are even starting to roll it out into our data center fabrics, running inside FBOSS and on our Open Compute Project networking hardware like Wedge 100.”
  • Intel Icelake Support Added To LLVM Clang
    Initial support for Intel's Icelake microarchitecture that's a follow-on to Cannonlake has been added to the LLVM/Clang compiler stack. Last week came the Icelake patch to GCC and now Clang has landed its initial Icelake enablement too.
  • Microsoft's Surface Book 2 has a power problem
     

    Microsoft’s Surface Book 2 has a power problem. When operating at peak performance, it may draw more power than its stock charger or Surface Dock can handle. What we’ve discovered after talking to Microsoft is that it’s not a bug—it’s a feature.

Kernel: Linux 4.15 and Intel

  • The Big Changes So Far For The Linux 4.15 Kernel - Half Million New Lines Of Code So Far
    We are now through week one of two for the merge window of the Linux 4.15 kernel. If you are behind on your Phoronix reading with the many feature recaps provided this week of the different pull requests, here's a quick recap of the changes so far to be found with Linux 4.15:
  • Intel 2017Q3 Graphics Stack Recipe Released
    Intel's Open-Source Technology Center has put out their quarterly Linux graphics driver stack upgrade in what they are calling the latest recipe. As is the case with the open-source graphics drivers just being one centralized, universal component to be easily installed everywhere, their graphics stack recipe is just the picked versions of all the source components making up their driver.
  • Intel Ironlake Receives Patches For RC6 Power Savings
    Intel Ironlake "Gen 5" graphics have been around for seven years now since being found in Clarkdale and Arrandale processors while finally now the patches are all worked out for enabling RC6 power-savings support under Linux.

Red Hat: OpenStack and Financial News

Security: Google and Morgan Marquis-Boire

  • Google: 25 per cent of black market passwords can access accounts

    The researchers used Google's proprietary data to see whether or not stolen passwords could be used to gain access to user accounts, and found that an estimated 25 per cent of the stolen credentials can successfully be used by cyber crooks to gain access to functioning Google accounts.

  • Data breaches, phishing, or malware? Understanding the risks of stolen credentials

    Drawing upon Google as a case study, we find 7--25\% of exposed passwords match a victim's Google account.

  • Infosec star accused of sexual assault booted from professional affiliations
    A well-known computer security researcher, Morgan Marquis-Boire, has been publicly accused of sexual assault. On Sunday, The Verge published a report saying that it had spoken with 10 women across North America and Marquis-Boire's home country of New Zealand who say that they were assaulted by him in episodes going back years. A woman that The Verge gave the pseudonym "Lila," provided The Verge with "both a chat log and a PGP signed and encrypted e-mail from Morgan Marquis-Boire. In the e-mail, he apologizes at great length for a terrible but unspecified wrong. And in the chat log, he explicitly confesses to raping and beating her in the hotel room in Toronto, and also confesses to raping multiple women in New Zealand and Australia."