Language Selection

English French German Italian Portuguese Spanish

Security

New Tor "The Onion Router" Anonymity Network Stable Branch Getting Closer

Filed under
Security

Nick Mathewson from the Tor Project announced on the 8th of November 2016, the release of yet another Alpha development snapshot towards the major Tor 0.2.9 "The Onion Router" release.

Read more

Security News

Filed under
Security
  • Security, Cyber, and Elections (part 1)

    The US election cycle has been quite heavily dominated by cyber security issues. A number of cyber security experts have even stepped forward to offer their solutions to how to keep safe. Everyone has problems with their proposals, that fundamentally they all stem from not understanding the actual threat.

    Achieving security is possible using counterintelligence principles, but it requires knowing what you want to protect, who you want to protect it from, and then implementing that plan. I expect this post to be deeply unpopular with everyone, but I’ll explain my position anyway.

  • DDoS attack halts heating in Finland amidst winter

    A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings.

    Both of the buildings where managed by Valtia. The company who is in charge of managing the buildings overall operation and maintenance. According to Valtia CEO, Simo Rounela, in both cases the systems that controlled the central heating and warm water circulation were temporarily disabled.

    In the city of Lappeenranta, there were at least two buildings whose systems were knocked down by the network attack. In a DDoS attack the network is overloaded by traffic from multiple locations with the aim of causing the system to fail.

  • Communications watchdog: Criminals behind home automation system cyber attack

    The Finnish communications regulator Ficora said it suspects criminal entities of coordinating a web attack that disrupted home automation systems in the southeastern city of Lappeenranta. However the agency said that the real target of the attack may not have been in Finland.

    "According to our information, the systems in question are not the intended targets in this case, but they were compromised in a cyber attack that focused on European entities. In other words, it seems that there was some criminal group behind it," said Jarkko Saarimäki, head of Ficora’s cyber security centre.

    Officials said that the event bore the hallmark of a denial of service (DoS) strike, which floods a service which so much web traffic that it is unable to provide services normally.

  • Researchers hack Philips Hue smart bulbs from the sky

    Security researchers in Canada and Israel have discovered a way to take over the Internet of Things (IoT) from the sky.

    Okay, that’s a little dramatic, but the researchers were able to take control of some Philips Hue lights using a drone. Based on an exploit for the ZigBee Light Link Touchlink system, white hat hackers were able to remotely control the Hue lights via drone and cause them to blink S-O-S in Morse code.

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • Security advisories for Monday
  • Reproducible Builds: week 80 in Stretch cycle

    Patches to GCC to generate reproducible output independently of the build-path were submitted by Ximin Luo.

  • Security considerations with github continuous integration

    Continuous integration (CI) support in github is a very useful addition. Not only can you utilize existing services like Travis CI, you can utilize the github API and roll your own, which is exactly what we did for libStorageMgmt. LibStorageMgmt needs to run tests for hardware specific plugins, so we created our own tooling to hook up github and our hardware which is geographically located across the US. However, shortly after getting all this in place and working it became pretty obvious that we provided a nice attack vector…

  • The perfect cybercrime: selling fake followers to fake people

    Hackers are recruiting the internet of things into a botnet. But this time they’re not trying to take down the internet. They’re just using them to make fake social media accounts – which they can then sell to online narcissists to make an easy buck.

    Masarah-Cynthia Paquet-Clouston, a criminologist with the University of Montreal, and Olivier Bilodeau, a cybersecurity researcher at Montreal-based company GoSecure, have uncovered a large botnet that recruits everyday devices such as connected toasters, fridges or even your grandmother’s router to help commit social media fraud. They think that this stealthy, lucrative scheme is a glimpse into the future of low-level cybercrime.

  • Yet Another E-voting Machine Vulnerability Found

    We've been talking about the ridiculousness of e-voting machines for well over a decade. If a machine doesn't include a paper trail for backup, it's suspect. That's been the case since e-voting machines have been on the market, and many of us have been pointing this out all along. And the big e-voting companies have a long history of not really caring, even as their machines are shown to be vulnerable in a variety of ways. So it come as little to no surprise to find out that security firm Cylance has announced that it's found yet another set of e-voting vulnerabilities in the Sequoia AVC Edge Mk1 voting machine. Sequoia especially has a long history of buggy, faulty machines.

Parsix GNU/Linux 8.15 and 8.10 Get Linux Kernel 4.4.30 LTS, New Security Updates

Filed under
GNU
Linux
Security

Users of the Debian-based Parsix GNU/Linux 8.15 "Nev" and Parsix GNU/Linux 8.10 "Erik" distributions are in for a treat this weekend, as a new kernel update and latest Debian Stable security updates landed in the software repositories.

Read more

Security Leftovers

Filed under
Security
  • Admins, update your databases to avoid the MySQL bug

    MySQL, MariaDB, and PerconaDB administrators need to check their database versions, as attackers can chain two critical vulnerabilities and completely take over the server hosting the database.

    The two critical vulnerabilities, which can lead to arbitrary code execution, root privilege escalation, and server compromise, affect MySQL and forks like Percona Server, Percona XtraDB Cluster, and MariaDB, according to security researcher Dawid Golunski, who provided details of the vulnerability on LegalHackers. Administrators should install the latest updates as soon as possible, or in cases where the patches cannot be applied, they should disable symbolic link support within the database server configuration by setting symbolic-links=0 in my.cnf.

  • OOPS! MySQL Falls Down…

    While programming, it’s easy to get tunnel-vision or to accept some “tiny” risk that things could go wrong at some point but write the code that way anyway. That’s what happened with MySQL and MariaDB. Creating a database should not create a vulnerability but it does, because a repair operation allows changing permissions of a file with a particular name which a bad guy could substitute with malicious code…

  • Talk Recap: Holistic Security for OpenStack Clouds

    Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona! I really enjoyed sharing some tips with the audience and it was great to meet some attendees in person afterwards.

    If you weren’t able to make it, don’t fret! This post will cover some of the main points of the talk and link to the video and slides.

  • [Older, out of paywall now] Dirty COW and clean commit messages
  • Book Review: PAM Mastery

    Linux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme. Also, authentication schemes differed between a variant of Unix systems. Porting was a nightmare. For example to use Windows Server (Active Directory) or LDAP for authentication you need to make changes to an application. Each application had its way of authenticating users. So Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM.

Security News

Filed under
Security
  • Security advisories for Friday
  • Netherlands to trial Internet voting [Ed: terrible idea, for many reasons.]

    The Dutch government will this year test the possibilities of voting via the Internet. The test will include citizens abroad: the pilot, by the Ministry of the Interior, will involve the city of The Hague, which manages the registration of citizens abroad.

    The city recently invited citizens to take part in the tests - a simulated election. Participants will be able to vote for fictitious political parties and candidates. The pilot is intended to test security measures, and to check if Internet voting reliable.

  • U.S. boosting cyber defenses, but not police presence, for election

    Federal and state authorities are beefing up cyber defenses against potential electronic attacks on voting systems ahead of U.S. elections on November 8, but taking few new steps to guard against possible civil unrest or violence.

    The threat of computer hacking and the potential for violent clashes is darkening an already rancorous presidential race between Democrat Hillary Clinton and Republican Donald Trump, amid fears that Russia or other actors could spread political misinformation online or perhaps tamper with voting.

  • 10 ways to make sure your remote workers are being safe

    With an ever-expanding mobile workforce, infosec teams are increasingly tasked with extending cybersecurity safeguards beyond the physical and virtual walls of their organizations. With endpoints not only increasing but on the move, the challenge is real. In addition to implementing the appropriate technical defenses, there is an important aspect to protecting corporate data and systems: Asking end-users to get involved.

  • Did the Mirai Botnet Really Take Liberia Offline?

    KrebsOnSecurity received many a missive over the past 24 hours from readers who wanted to know why I’d not written about widespread media reports that Mirai — a malware strain made from hacked “Internet of Things” (IoT) devices such as poorly secured routers and IP cameras — was used to knock the entire country of Liberia offline. The trouble is, as far as I can tell no such nationwide outage actually occurred.

    First, a quick recap on Mirai: This blog was taken offline in September following a record 620 Gpbs attack launched by a Mirai botnet. The source code for Mirai was leaked online at the end of September. Since then, the code has been forked several times, resulting in the emergence of several large Mirai-based botnets. In late October, many of the Internet’s top destinations went offline for the better part of a day when Mirai was used to attack Internet infrastructure firm Dyn.

Security News

Filed under
Security
  • Thursday's security updates
  • Why I don’t Use 2048 or 4096 RSA Key Sizes

    I have used non-standard RSA key size for maybe 15 years. For example, my old OpenPGP key created in 2002. With non-standard key sizes, I mean a RSA key size that is not 2048 or 4096. I do this when I generate OpenPGP/SSH keys (using GnuPG with a smartcard like this) and PKIX certificates (using GnuTLS or OpenSSL, e.g. for XMPP or for HTTPS). People sometimes ask me why. I haven’t seen anyone talk about this, or provide a writeup, that is consistent with my views. So I wanted to write about my motivation, so that it is easy for me to refer to, and hopefully to inspire others to think similarily. Or to provoke discussion and disagreement — that’s fine, and hopefully I will learn something.

  • Black Hat Europe: IoT devices can hack phones

    The Internet of things (IoT) has already been used to launch the biggest DDoS attacks ever, but now it represents a potential path for attackers to compromise cell phones.

    Flaws in Belkin WeMo devices - electrical switches, cameras, light bulbs, coffee makers, air purifiers, etc. – enabled Invincea Labs researchers to not only hack into the devices, but to use that access to attack an Android phone running the app that controls the WeMo devices.

    “This is the first instance we’ve seen of IoT hacking something else,” says researcher Scott Tenaglia, who pledges to look for other vulnerable devices that might be abused to carry out similar attacks.

  • Why Light Bulbs May Be the Next Hacker Target

    The so-called Internet of Things, its proponents argue, offers many benefits: energy efficiency, technology so convenient it can anticipate what you want, even reduced congestion on the roads.

    Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.

    Researchers report in a paper to be made public on Thursday that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats and many of the components of the much-ballyhooed “smart home” of the future.

    The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs, according to researchers at the Weizmann Institute of Science near Tel Aviv and Dalhousie University in Halifax, Canada.

  • Microsoft extends EMET end of life date

    Microsoft will continue to support and provide security patches for its Enhanced Mitigation Experience Toolkit security software for Windows until July 31 2018, after taking customer feedback into account.

    EMET is a security utility software popular with enterprise customers running supported versions of Windows. It uses mitigation techniques to block attackers from exploiting vulnerabilities in software.

Security News

Filed under
Security
  • Security advisories for Wednesday
  • ​Linux developers under denial of service attack

    According to James Bottomley, an IBM Research distinguished engineer and a member of the Linux Plumbers Conference committee, "Since yesterday we are being attacked from the outside. The attack follows us as we switch external IP and the team has identified at least one inside node which looks suspicious."

    The conference is not being attacked by some sophisticated Internet of Things distributed denial of service (DDoS) attack like the Dyn attack. No, it's being mugged by one of the oldest attacks in the DoS book: a SYN flood.

  • Computer Virus Cripples UK Hospital System [iophk: “dodges naming OS affected…does a lot of victim blaming”]

    Citing a computer virus outbreak, a hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities. The incident came as U.K. leaders detailed a national cyber security strategy that promises billions in cybersecurity spending, new special police units to pursue organized online gangs, and the possibility of retaliation for major attacks.

    In a “major incident” alert posted to its Web site, the National Health Service’s Lincolnshire and Goole trust said it made the decision to cancel surgeries and divert trauma patients after a virus infected its electronic systems on Sunday, October 30.

  • Breaking: NHS Trust crippled by cyberattack [iophk: "again, dodges naming the OS causing the malware"]

    Patients who had a scheduled operation on Tuesday November 1 have been told to presume it has been cancelled, unless they are contacted. A select number of services will continue; inpatients will continue to be looked after and patients who would be at “significant clinical risk should their treatment be delayed”, will also be treated. The trust is apparently reviewing the situation on an hourly basis.

    Few details have been released about the nature of the attack but the shutdown has affected Goole and District Hospital, Scunthorpe General Hospital and Diana, Princess of Wales Hospital.
    Ed Macnair, CEO of CensorNet told SCMagazineUK.com that the “NHS is one of the most advanced in the world in terms of digitisation, which clearly has its benefits, but also increases the impact of a cyber attack. The NHS holds hugely personal information about patients and the consequences of that getting into the wrong hands could be devastating.”

    Independent Security Evaluators (ISE) carried out a study into the cyber-resilience of the US healthcare industry last year, finding that security teams in the healthcare sector overemphasised protection of data and didn't focus on more advanced threats.

  • How Hackers Could Steal Your Cellphone Pictures From Your IoT Crock-Pot

    If you have an internet-connected home appliance, such as a crock-pot, a lightbulb, or a coffee maker, you can control it from the comfort of your smartphone. But a bug in the Android app that controls some of those devices made by a popular manufacturer also allowed hackers to steal all your cellphone photos and even track your movements.

    Security researchers found that the Android app for internet-connected gizmos made by Belkin had a critical bug that let anyone who was on the same network hack the app and get access to the user’s cellphone. This gave them a chance to download all photos and track the user’s position, according to new research by Scott Tenaglia and Joe Tanen, from Invincea Labs.

  • Reproducible Builds: week 79 in Stretch cycle

    Reproducible Debian Hackathon - A small hackathon organized in Boston, USA on December 3rd and 4th. If you are interested in attending, contact Valerie Young - spectranaut in the #debian-reproducible IRC channel on irc.oftc.net.

  • Linux/Moose: Still breathing

    Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can also infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to the botnet operator. In practice, these capabilities are used to steal HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate “follows”, “views” and “likes”.

  • Cyber security governance in public, private sectors falls short

    Cybercrime is the second most-reported economic crime in Australia and costs the economy an estimated $17 billion annually, but despite this there are widespread “frailities” in the governance of cyber security among executives in both the public sector and private enterprise, according to a newly published report.

    The survey of Australia's security preparedness by the Macquarie Telecom Group and the National Security College found that there is considerable variation in cyber-risk governance arrangements and an absence of cyber-risk knowledge at the executive/board level.

More Security News

Filed under
Security
  • Microsoft says Russia-linked hackers exploiting Windows flaw [Ed: So it says the back doors it gave the NSA are used by many others]

    Microsoft Corp (MSFT.O) said on Tuesday that a hacking group previously linked to the Russian government and U.S. political hacks was behind recent cyber attacks that exploited a newly discovered Windows security flaw.

    The software maker said in an advisory on its website there had been a small number of attacks using "spear phishing" emails from a hacking group known Strontium, which is more widely known as "Fancy Bear," or APT 28. Microsoft did not identify any victims.

    Microsoft's disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming U.S. election.

  • Lack of cybersecurity standards leaves election process vulnerable [Ed: Windows in voting machines is a real issue [1, 2]]

    Hackers continue to exploit vulnerabilities in the U.S. political technology, highlighting the need for cybersecurity standards and guidelines to help protect voter information.

  • Windows zero-day exploited by same group behind DNC hack

    On Oct. 31, Google's Threat Analysis Group revealed a vulnerability in most versions of Windows that is actively being exploited by malware attacks.

    Today, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat group—the same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign. And while a patch is on the way for the vulnerability, he encouraged customers to upgrade to Windows 10 for protection from further advanced threats.

  • How DNS Works: A Primer

    DNS has been in the news a great deal as of late. First, there was the controversy over the United States government essentially handing over control of the Internet's root domain naming system. Then DNS made headlines when cybercriminals performed three separate distributed denial of service (DDoS) attacks on a major DNS service provider by leveraging a botnet army of millions of compromised IoT devices. Yet with all the hoopla surrounding DNS, it surprises me how many IT pros don't fully understand DNS and how it actually works.

    DNS stands for Domain Name System. Its purpose is to resolve and translate human-readable website names to IPv4 or IPv6 addresses. Technically speaking, it's not a necessary part of the networking processes. Rather, DNS simply makes it easier for human beings to know and remember what server they are trying to reach. For example, it's much easier to remember that if you want to perform an internet web search, you type in www.google.com as opposed to the IPv4 address of 216.58.217.4.

IPFire 2.19 Linux Firewall Distribution Switches to Unbound as DNS Proxy

Filed under
GNU
Linux
Security

On the first day of November 2016, Michael Tremer from the IPFire project, an open source, professional, secure and hardened Linux-based firewall distribution, proudly announced the release of IPFire 2.19 Core Update 106.

IPFire 2.19 Core Update 106 is the latest stable release of the Linux firewall OS, and it looks like it implements a new DNS proxy, namely Unbound, which replaces the Dnsmasq DNS forwarder and DHCP server used in previous releases. The decision was made because of the recent DNSSEC implementation by default in the distribution, which proves to offer better DNSSEC reliability, enhanced features, such as import of static leases, and improved performance.

Read more

Syndicate content

More in Tux Machines

Microsoft Still at It

5 open source RSS feed readers

When Google Reader was discontinued four years ago, many "technology experts" called it the end of RSS feeds. And it's true that for some people, social media and other aggregation tools are filling a need that feed readers for RSS, Atom, and other syndication formats once served. But old technologies never really die just because new technologies come along, particularly if the new technology does not perfectly replicate all of the use cases of the old one. The target audience for a technology might change a bit, and the tools people use to consume the technology might change, too. Read more

Leftovers: Software and OSS

  • 10 Portable Apps Every Linux User Should Use
    Portable apps are great invention that not many people talk about. The ability to take any program to any PC, and continue using it is very handy. This is especially true for those that need to get work done, and don’t have anything with you but a flash drive. In this article, we’ll go over some of the best portable Linux apps to take with you. From secure internet browsing, to eBooks, graphic editing and even voice chat! Note: a lot of the portable apps in this article are traditional apps made portable thanks to AppImage technology. AppImage makes it possible to run an app instantly, from anywhere without the need to install. Learn more here.
  • Linux Watch Command, To Monitor a Command Activity
    Recently i came to know about watch command, from one of my friend when i have a different requirement. I got good benefit from watch command and i want to share with you people to get more benefit on it, when you have a problem on Linux system.
  • Gammu 1.38.2
    Yesterday Gammu 1.38.2 has been released. This is bugfix release fixing for example USSD or MMS decoding in some situations. The Windows binaries are available as well. These are built using AppVeyor and will help bring Windows users back to latest versions.
  • How a lifecycle management tool uses metrics
    Greg Sutcliffe is a long-time member and now community lead of the Foreman community. Foreman is a lifecycle management tool for physical and virtual servers. He's been studying how the real-world application of community metrics gives insight into its effectiveness and discovering the gap that exists between the ideal and the practical. He shares what insights he's found behind the numbers and how he is using them to help the community grow. In this interview, Sutcliffe spoke with me about the metrics they are using, how they relate to the community's goals, and which ones work best for them. He also talks about his favorite tooling and advice for other community managers looking to up their metrics game.
  • Build a private blockchain ecosystem in minutes with this open source project Join our daily free Newsletter
  • Becoming an Agile Leader, Part 5: Learning to Learn
    As an Agile leader, you learn in at least two ways: observing and measuring what happens in the organization (I have any number of posts about qualitative and quantitative measurement); and just as importantly, you learn by thinking, discussing with others, and working with others. The people in the organization learn in these ways, too.
  • Is Scratch today like the Logo of the '80s for teaching kids to code?
    Leave it to technology to take an everyday word (especially in the English language) and give it a whole new meaning. Words such as the web, viral, text, cloud, apple, java, spam, server, and tablets come to mind as great examples of how the general public's understanding of the meaning of a word can change in a relatively short amount of time. Hence, this article is about a turtle and a cat who have changed the lives of many people over the years, including mine.

Linux and FOSS Events

  • Keynote: State of the Union - Jim Zemlin, Executive Director, The Linux Foundation
    As the open source community continues to grow, Jim Zemlin, Executive Director of The Linux Foundation, says the Foundation’s goal remains the same: to create a sustainable ecosystem for open source technology through good governance and innovation.
  • Open Source for Science + Innovation
    We are bringing together open source and open science specialists to talk about the “how and why” of open source and open science. Members of these communities will give brief talks which are followed by open and lively discussions open to the audience. Talks will highlight the role of openness in stimulating innovation but may also touch upon how openness appears to some to conflict with intellectual property interests.
  • Announcing the Equal Rating Innovation Challenge Winners
    Six months ago, we created the Equal Rating Innovation Challenge to add an additional dimension to the important work Mozilla has been leading around the concept of “Equal Rating.” In addition to policy and research, we wanted to push the boundaries and find news ways to provide affordable access to the Internet while preserving net neutrality. An open call for new ideas was the ideal vehicle.