Language Selection

English French German Italian Portuguese Spanish

Security

Security: OSX.Dummy, WellMess, LastPass, Rapid7

Filed under
Security
  • Fresh Macos Malware OSX.Dummy Targets Crypto-Currency Investors

    Hackers by employing a MacOS malicious program target people investing in crypto-currencies who utilize both chat platforms namely Discord and Slack. Dubbed OSX.Dummy, the malicious program utilizes a rather crude infection technique, however, PC operators that get successfully compromised get their systems to execute random code via remote operation.

     

    One blog post dated June 29 by Digital Security's chief research officer Patrick Wardle indicates that with a successful connection with command-and-control server of the attacker, the latter would manage running commands arbitrarily onto the contaminated PC. Security researchers from UNIX were first to find clues about the malicious program some days back. According to Remco Verhoef, top researcher who made a blog post dated June 29 on SANS' InfoSec reporting his discoveries, the past week witnessed several assaults sequentially against MacOS.

  • This new dual-platform malware targets both Windows and Linux systems

    One of the oft-repeated reasons for using alternative operating systems is the suggestion that alternatives to Windows are more secure because malware is not produced for these minority systems—in effect, an argument in favor of security by minority. For a variety of reasons, this is a misguided notion. The proliferation of web-based attacks—which are inherently cross-platform, as they depend on browsers more than the underlying OS the browser runs on—makes this argument rather toothless.

    [...]

     While WellMess is far from the first malware to run on Linux systems, the perceived security of Linux distributions as not being a significant enough target for malware developers should no longer be considered the prevailing wisdom, as cross-compilation on Golang will ease malware development to an extent for attackers looking to target Linux desktop users. As with Windows and macOS, users of Linux on the desktop should install some type of antivirus software in order to protect against malware such as WellMess.

  • Is your LastPass data really safe in the encrypted online vault?

    Disclaimer: I created PfP: Pain-free Passwords as a hobby, it could be considered a LastPass competitor in the widest sense. I am genuinely interested in the security of password managers which is the reason both for my own password manager and for this blog post on LastPass shortcomings.

    TL;DR: LastPass fanboys often claim that a breach of the LastPass server isn’t a big deal because all data is encrypted. As I show below, that’s not actually the case and somebody able to compromise the LastPass server will likely gain access to the decrypted data as well.

  • Australia 11th in country rankings for Internet security threat exposure

     

    According to the latest threat 2018 National Exposure Index from analytics solutions provider Rapid7, the US scored the highest in nearly every exposure metric measured and along with China, Canada, South Korea, and the United Kingdom. Together they control more than  61 million servers listening on at least one of the surveyed ports.

5 Firefox extensions to protect your privacy

Filed under
Moz/FF
Security

In the wake of the Cambridge Analytica story, I took a hard look at how far I had let Facebook penetrate my online presence. As I'm generally concerned about single points of failure (or compromise), I am not one to use social logins. I use a password manager and create unique logins for every site (and you should, too).

What I was most perturbed about was the pervasive intrusion Facebook was having on my digital life. I uninstalled the Facebook mobile app almost immediately after diving into the Cambridge Analytica story. I also disconnected all apps, games, and websites from Facebook. Yes, this will change your experience on Facebook, but it will also protect your privacy. As a veteran with friends spread out across the globe, maintaining the social connectivity of Facebook is important to me.

Read more

Security: Windows Ransomware Or Cryptomining, Red Hat/NSA SELinux, and Gentoo on GitHub

Filed under
Security
  • Rakhni Trojan Becomes Smart: Now Infecting With Either Ransomware Or Cryptomining

    Otherwise, if such a folder is not found on the targeted computer, a miner module is downloaded which creates a VBS script for mining Monero or Dashcoin Cryptocurrency.

  • All About SELinux

    Almost all of us have heard about SELinux. It stands for Security-Enhanced Linux, a set of kernel modifications, patches, tools which separates the security decisions security policy. In simpler terms, the control of access to security policies including Mandatory Access Control (MAC) away from the security policies itself.

  • Episode 104 - The Gentoo security incident

    Josh and Kurt talk about the Gentoo security incident. Gentoo did a really good job being open and dealing with the incident quickly. The basic takeaway from all this is make sure your organization is forcing users to use 2 factor authentication. The long term solution is going to be all identity providers forcing everyone to use 2FA.

Security: Gentoo, WordPress and More

Filed under
Security

Security Issues at Gentoo Narrowed Down to Crappy Password

Filed under
Gentoo
Security
  • Linux experts are crap at passwords!

    Fortunately, Gentoo’s GitHub respository wasn’t the primary source for Gentoo code, and few, if any, Gentoo users were relying on it for software updates.

  • Gentoo publishes detailed report after its GitHub was compromised

    You may have seen the news towards the end of June that Gentoo, a fairly advanced Linux distribution, had its GitHub repository compromised after an attacker managed to gain access to one of the connected accounts. Now, Gentoo has published a comprehensive report about the incident and it turns out that the gaff was due to not following rudimentary security tips.

  • Weak Admin Password Caused Compromise of Gentoo GitHub repository

    Gentoo have finished their investigation of the hack that affected their project last week on GitHub. The point of vulnerability has turned out to be a weak Administrator password. upon compromise the hackers added the Linux killer command “rm -rf /” so when users cloned the project to their computers all their data will be erased.

Security: 2FA, Android, Microsoft-Connected FUD, Weak Passwords and More Scaremongering

Filed under
Security
  • Why SMS should never be used as second factor

    To have a multi-factor authentication, you need to use at least two of those. The easiest one, and therefore always used, is the knowledge factor in the form of a password. The inherent factor is by far the most complex one, since it requires specialized and expensive hardware. Also due to how those hardware work, is not possible to hash the expected value on the server side, so there is a security risk there as well. For those reasons, the possession factor is the go-to second-factor.

  • Google Releases July 2018's Android Security Patch to Fix 70 Vulnerabilities

    Google has released July 2018's Android Security Patch for all supported Pixel and Nexus devices to fix numerous security vulnerabilities and add various improvement.

    The Android Security Patch for July 2018 is now rolling out to Pixel and Nexus users worldwide, and, as usual, it consists of two security patch levels, 2018-07-01 and 2018-07-05, which address a total of 44 vulnerabilities across several core components, including Framework, Media Framework, Kernel and Qualcomm components, as well as Qualcomm closed-source components.

  • Top 5 New Open Source Vulnerabilities in June 2018 [Ed: Oh, great, let's just keep ignoring all those back doors in proprietary software to perpetuate the stigma of FOSS having holes. WhiteSource trying to sell its proprietary stuff by badmouthing FOSS again.]
  • Open-Source Software as Easy Target for Hackers [Ed: This is the kind of press coverage Microsoft proxies and the likes of WhiteSource hope to generate for FOSS]
  • Is open source software a cyber security risk in connected vehicles? [Ed: Here comes Microsoft 'proxy' Black Duck insinuating that FOSS is going to kill you. This is marketing/lobbying disguised as "news" or "reporting".]
  • Gentoo GitHub repo hack made possible by these 3 rookie mistakes [Ed: And Gentoo should now delete GitHub altogether because Microsoft works closely with the NSA]

    The developers of Gentoo Linux have revealed how it was possible for its GitHub organization account to be hacked: someone deduced an admin’s password – and perhaps that admin ought not to have had access to the repos anyway.

    [...]

    The wiki page also reveals that the project got lucky. “The attack was loud; removing all developers caused everyone to get emailed,” the wiki reveals. “Given the credential taken, its likely a quieter attack would have provided a longer opportunity window.”

    Also helpful was that “Numerous Gentoo Developers have personal contacts at GitHub, and in the security industry and these contacts proved valuable throughout the incident response.”

  • Gentoo Linux GitHub Hacked via Password Guessing [Ed: Secure systems aren't enough if you have a bad password]

    Following the recent Gentoo Linux hack the distribution’s security team started to investigate how the intrusion was made. The published report showcases exactly how the criminals have been able to break into their GitHub accounts and embedded malicious code.

  • Linux becomes major cryptomining target [Ed: At least with GNU/Linux you must install the malicious software; with proprietary OSes there are back doors that cannot be removed and NSA leaks open these up]

Canonical Outs Major Kernel Security Updates for All Supported Ubuntu Linux OSes

Filed under
Security
Ubuntu

Canonical released new kernel security updates for all supported Ubuntu Linux operating systems to address multiple security vulnerabilities discovered by various researchers.

The new Linux kernel updates are available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 17.10 (Artful Aardvark), Ubuntu 16.04 LTS (Xenial Xerus), as well as Ubuntu 14.04 LTS (Trusty Tahr) operating system series and they fix a total of 22 security vulnerabilities across all Ubuntu Linux releases.

One of the most important issues fixed is an information leak vulnerability tagged as CVE-2018-7755 and discovered in Linux kernel's floppy driver, which could allow a local attacker to expose sensitive information (kernel memory). This issue affected Ubuntu 18.04 LTS, Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS.

Read more

Why Freedom is Essential to Security and Privacy

Filed under
OSS
Security

Freedom, security and privacy are interrelated. The relationship between these three concepts is more obvious in some cases than others, though. For instance, most people would recognize that privacy is an important part of freedom. In fact, studies have shown that being under surveillance changes your behavior such as one study that demonstrates that knowing you are under surveillance silences dissenting views. The link between privacy and security is also pretty strong, since often you rely on security (encryption, locked doors) to protect your privacy.

The link between freedom and security may be less obvious than the others. This is because security often relies on secrecy. You wouldn’t publish your password, safe combination or debit card PIN for the world to see, after all. Some people take the idea that security sometimes relies on secrecy to mean that secrecy automatically makes things more secure. They then extend that logic to hardware and software: if secret things are more secure, and proprietary hardware and software are secret, therefore proprietary hardware and software must be more secure than a free alternative.

Read more

Also: WordPress 4.9.7 Security and Maintenance Release

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • NATO troops on the front line with Russia are taking new steps to protect against electronic attacks

     

    Larsen and other military officers involved said Russian personnel behaved professionally and kept their distance, but the NATO forces were taking new steps to insulate themselves electronically: All members of the crew on Larsen’s four ships were required to keep their phones on airplane mode to ward off hacking [sic] attempts.

     

    [...]

     

    Troops at Estonia’s Tapa military base switched to a “no smartphones” policy last year, after they noticed their contacts were disappearing and music they had not downloaded would start playing.

  • Reading hotel key cards with a credit card magstripe reader

     

    In this post I describe how my cheap magstripe reader wouldn’t read all magstripes, only credit/debit cards. This did nothing to help me understand what data was on my hotel key card – which is what I really wanted to know. Rather than take the obvious next step or buying a better reader, I opted to open up the cheap magstripe reader, probed around a bit and found a way to read the raw data off the hotel magstripes. What that data means remains a mystery so there may be a part 2 at some stage.

  • Really dumb malware targets cryptocurrency fans using Macs

     

    Someone impersonating administrators of cryptocurrency-related discussion channels on Slack, Discord, and other social messaging platforms has been attempting to lure others into installing macOS malware. The social-engineering campaign consists of posting a script in discussions and encouraging people to copy and paste that script into a Terminal window on their Macs. The command downloads a huge (34 megabyte) file and executes it, establishing a remote connection that acts as a backdoor for the attacker.

  • IBM Lands $740 Million Deal to Supply Data Security to Australia

     

    The contract will see services such as automation and blockchain provided to federal departments including defense and home affairs, IBM’s Asia Pacific head, Harriet Green, said in an interview with Bloomberg TV on Thursday. The “youth of the technology” and the employment of Australians to support and help the implementation would be hallmarks of the new partnership, she said.

  • A step forward for government vulnerability disclosure in Europe

    We’ve argued for many years that governments should implement transparent processes to review and disclose the vulnerabilities that they learn about. Such processeses are essential for the cybersecurity of citizens, businesses, and indeed governments themselves. To advance policy discourse on this issue in Europe, we recently participated in the Centre of European Policy Studies (CEPS) Taskforce on Software Vulnerability Disclosure. The Taskforce’s final report was published this week and makes a strong case for the need for government vulnerability disclosure policies, and comes at a critical juncture as European policymakers debate the EU Cybersecurity Act.

Microsoft, the NSA, and GitHub

Filed under
Gentoo
Microsoft
Security
  • Gentoo hacker's code changes unlikely to have worked

    Linux distribution Gentoo's maintainers say attempts by attackers last week to sabotage code stored on Github is unlikely to have worked.

    Gentoo's Github account was compromised in late June.

    The attacker was able to gain administrative privileges for Gentoo's Github account, after guessing the password for it.

    Gentoo's maintainers were alerted to the attack early thanks to the attacker removing all developers from the Github account, causing them to be emailed.

  • NSA Exploit "DoublePulsar" Patched to Work on Windows IoT Systems

    An infosec researcher who uses the online pseudonym of Capt. Meelo has modified an NSA hacking tool known as DoublePulsar to work on the Windows IoT operating system (formerly known as Windows Embedded).

    The original DoublePulsar is a hacking tool that was developed by the US National Security Agency (NSA), and was stolen and then leaked online by a hacking group known as The Shadow Brokers.

    At its core, DoublePulsar is a Ring-0 kernel mode payload that acts like a backdoor into compromised systems. DoublePulsar is not meant to be used on its own, but together with other NSA tools.

  • Predictable password blamed for Gentoo GitHub organisation takeover [Ed: when Microsoft takes over the NSA gets all these passwords. (NSA PRISM)]

    Gentoo has laid out the cause and impact of an attack that saw the Linux distribution locked out of its GitHub organisation.

    The attack took place on June 28, and saw Gentoo unable to use GitHub for approximately five days.

    Due a lack of two-factor authentication, once the attacker guessed an admin's password, the organisation was in trouble.

Syndicate content

More in Tux Machines

Cloud-Native/Kubernetes/Container/OpenShift

  • 10 Key Attributes of Cloud-Native Applications
    Cloud-native platforms, like Kubernetes, expose a flat network that is overlaid on existing networking topologies and primitives of cloud providers. Similarly, the native storage layer is often abstracted to expose logical volumes that are integrated with containers. Operators can allocate storage quotas and network policies that are accessed by developers and resource administrators. The infrastructure abstraction not only addresses the need for portability across cloud environments, but also lets developers take advantage of emerging patterns to build and deploy applications. Orchestration managers become the deployment target, irrespective of the underlying infrastructure that may be based on physical servers or virtual machines, private clouds or public clouds. Kubernetes is an ideal platform for running contemporary workloads designed as cloud-native applications. It’s become the de facto operating system for the cloud, in much the same way Linux is the operating system for the underlying machines. As long as developers follow best practices of designing and developing software as a set of microservices that comprise cloud-native applications, DevOps teams will be able to package and deploy them in Kubernetes. Here are the 10 key attributes of cloud-native applications that developers should keep in mind when designing cloud-native applications.
  • Google Embraces New Kubernetes Application Standard
    Once an organization has a Kubernetes container orchestration cluster running, the next challenge is to get applications running. Google is now aiming to make it easier for organizations to deploy Kubernetes applications, through the Google Cloud Platform Marketplace. The new marketplace offerings bring commercial Kubernetes-enabled applications that can be run in the Google cloud, or anywhere else an organization wants. All a user needs to do is visit the GCP marketplace and click the Purchase Plan button to get started. "Once they agree to the terms, they'll find instructions on how to deploy this application on the Kubernetes cluster of their choice, running in GCP or another cloud, or even on-prem," Anil DhawanProduct Manager, Google Cloud Platform, told ServerWatch. "The applications report metering information to Google for billing purposes so end users can get one single bill for their application usage, regardless of where it is deployed."
  • Challenges and Requirements for Container-Based Applications and Application Services
    Enterprises using container-based applications require a scalable, battle-tested, and robust services fabric to deploy business-critical workloads in production environments. Services such as traffic management (load balancing within a cluster and across clusters/regions), service discovery, monitoring/analytics, and security are a critical component of an application deployment framework. This blog post provides an overview of the challenges and requirements for such application services.

Software: Music Tagger MusicBrainz, Pulseaudio, COPR, AV1

  • Music Tagger MusicBrainz Picard 2.0 Ported To Python 3 And PyQt5, Brings Improved UI And More
    MusicBrainz Picard version 2.0 was released after more than 6 years since the previous major release (1.0). The new version was ported to Python 3 and PyQt5 and includes Retina and HiDPI support, improved UI and performance, as well as numerous bug fixes. [...] MusicBrainz Picard 2.0 was ported to Python 3 (requires at least version 3.5) and PyQt5 (>= 5.7). The release announcement mentions that a side effect of this is that "Picard should look better and in general feel more responsive". Also, many encoding-related bugs were fixed with the transition to Python 3, like the major issue of not supporting non-UTF8 filenames.
  • Pulseaudio: the more things change, the more they stay the same
    Such a classic Linux story. For a video I'll be showing during tonight's planetarium presentation (Sextants, Stars, and Satellites: Celestial Navigation Through the Ages, for anyone in the Los Alamos area), I wanted to get HDMI audio working from my laptop, running Debian Stretch. I'd done that once before on this laptop (HDMI Presentation Setup Part I and Part II) so I had some instructions to follow; but while aplay -l showed the HDMI audio device, aplay -D plughw:0,3 didn't play anything and alsamixer and alsamixergui only showed two devices, not the long list of devices I was used to seeing. Web searches related to Linux HDMI audio all pointed to pulseaudio, which I don't use, and I was having trouble finding anything for plain ALSA without pulse. In the old days, removing pulseaudio used to be the cure for practically every Linux audio problem. But I thought to myself, It's been a couple years since I actually tried pulse, and people have told me it's better now. And it would be a relief to have pulseaudio working so things like Firefox would Just Work. Maybe I should try installing it and see what happens.
  • 4 cool new projects to try in COPR for July 2018
    COPR is a collection of personal repositories for software that isn’t carried in Fedora. Some software doesn’t conform to standards that allow easy packaging. Or it may not meet other Fedora standards, despite being free and open source. COPR can offer these projects outside the Fedora set of packages. Software in COPR isn’t supported by Fedora infrastructure or signed by the project. However, it can be a neat way to try new or experimental software. Here’s a set of new and interesting projects in COPR.
  • SD Times Open-Source Project of the Week: AV1
    Open source supporters and companies are teaming up to offer the next general of video delivery. The Alliance for Open Media (AOMEDIA) is made up of companies like Mozilla, Google, Cisco, Amazon and Netflix, and on a mission to create an open video format and new codec called AV1. In a blog post about the AOMedia Video, or AV1, video codec, Mozilla technical writer Judy DeMocker laid out the numbers; within the next few years, video is expected to account for over 80 percent of Internet traffic. And unbeknownst to many, all of that free, high-quality video content we’ve come to expect all across the Internet costs quite a bit for the people providing it via codec licensing fees. The most common, H.264, is used all over the place to provide the compression required to send video quickly and with quality intact.
  •  

KDE and GNOME: Kubuntu 18.04 Reviewed, Akademy, Cutelyst and GUADEC

  • Kubuntu 18.04 Reviewed in Linux ( Pro ) Magazine
    Kubuntu Linux has been my preferred Linux distribution for more than 10 years. My attraction to the KDE desktop and associated application set, has drawn from Kubuntu user, to a tester, teacher, developer, community manager and councilor. I feel really privileged to be part of, what can only be described as, a remarkable example of the free software, and community development of an exceptional product. This latest release 18.04, effectively the April 2018 release, is a major milestone. It is the first LTS Long Term Support release of Kubuntu running the “Plasma 5” desktop. The improvements are so considerable, in both performance and modern user interface ( UI ) design, that I was really excited about wanting to tell the world about it.
  • Going to Akademy
    Happy to participate in a tradition I’ve admired from afar but never been able to do myself… until this year. My tickets are bought, my passport is issued, and I’m going to Akademy! Hope to see you all there!
  • System76's New Manufacturing Facility, Ubuntu 17.10 Reaches End of Life, Google Cloud Platform Marketplace, Stranded Deep Now Available for Linux and Cutelyst New Release
    Cutelyst, a C++ web framework based on Qt, has a new release. The update includes several bug fixes and some build issues with buildroot. See Dantti's Blog for all the details. Cutelyst is available on GitHub.
  • GUADEC 2018 Videos: Help Wanted
    At this year’s GUADEC in Almería we had a team of volunteers recording the talks in the second room. This was organized very last minute as initially the University were going to do this, but thanks to various efforts (thanks in particular to Adrien Plazas and Bin Li) we managed to record nearly all the talks. There were some issues with sound on both the Friday and Saturday, which Britt Yazel has done his best to overcome using science, and we are now ready to edit and upload the 19 talks that took place in the 2nd room. To bring you the videos from last year we had a team of 5 volunteers from the local team who spent our whole weekend in the Codethink offices. (Although none of us had much prior video editing experience so the morning of the first day was largely spent trying out different video editors to see which had the features we needed and could run without crashing too often… and the afternoon was mostly figuring out how transitions worked in Kdenlive).
  • GUADEC 2018
    This year I attended my second GUADEC in beautiful Almería, Spain. As with the last one I had the opportunity to meet many new people from the extended GNOME community which is always great and I can’t recommend it enough for anybody involved in the project. [...] Flatpak continues to have a lot of healthy discussions at these events. @matthiasclasen made a post summarizing the BoF so check that out for the discussions of the soon landing 1.0 release. So lets start with the Freedesktop 18.07 (date based versioning now!) runtime which is in a much better place than 1.6 and will be solving lots of problems such as multi-arch support and just long term maintainability. I was really pleased to see all of the investment in BuildStream and the runtime from CodeThink which is really needed in the long term.

Red Hat and Fedora