Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers: WannaCry, Windows in Linux, Windows 7, Windows 10 is Spyware

Filed under
Security

Security Leftovers: WCry/Ransomwar, WannaCry, Athena

Filed under
Security

Security Leftovers: All Versions of Windows Compromised, WannaCry Keeps Going

Filed under
Security
  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows [iophk: "thus the active smear campaign againse Assange within tech circles"]

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

  • How To Avoid Future WannaCry Style Ransomware Attacks

    Critical tasks are often trusted to Linux or similar operating systems (Unix, BSD, etc.) because of reliability and security. When efficiency is required, Linux is often tapped because it can be deployed in a very efficient manner. Linux acts internally like the prison, not the food court. The system itself is constantly monitored open source code, and most of what runs on it is openly monitored as well. Software is usually distributed via secure repositories. The system is free and easily updated, there is no such thing as a pirated copy of Linux. There is a regular schedule of updates, they come out every Sunday.

  • WannaCry is a Cry for VEP Reform

    This weekend, a vulnerability in some versions of the Windows operating system resulted in the biggest cybersecurity attack in years. The so-called “WannaCry” malware relied on at least one exploit included in the latest Shadow Brokers release. As we have repeated, attacks like this are a clarion call for reform to the government’s Vulnerabilities Equities Process (VEP).

  • Will Linux protect you from ransomware attacks?

    Ransomware attacks are all the rage these days among hackers, and many people are worried about becoming victims. Are Linux users secure against such attacks?

    This topic came up recently in a thread on the Linux subreddit, and the folks there had some interesting thoughts to share about Linux and ransomware attacks.

  • Linux Ransomware

    A few people have asked me over the past week whether or not Linux is susceptible to ransomware attacks. While the answer is fairly straight forward, let's go over a couple things here first.

  • Improving Internet Security through Vulnerability Disclosure

    We support the PATCH Act because it aims to codify and make the existing Vulnerabilities Equities Process more transparent. The Vulnerabilities Equities Process (VEP) is the U.S. government’s process for reviewing and coordinating the disclosure of new vulnerabilities learns about.

  • ​Gmail Docs phishing attack: Google targets devs with tighter web app ID checks

    Google is slowing down the process for publishing web applications to prevent a repeat of the phishing attack that abused users' trust in its sign-in system with a fake Google Docs app.

    Google has warned web app developers that new rules and an additional risk assessment may add "some friction" to the process of publishing apps.

Windows Security Cannot be Blamed on "XP"

Filed under
Microsoft
Security

GNU/Linux for Security

Filed under
GNU
Linux
Security
  • WannaCrypt makes an easy case for Linux

    Ransomware is on the rise. On a single day, WannaCrypt held hostage over 57,000 users worldwide, demanding anywhere between $300-$600 in Bitcoin. Don't pay up and you'll not be seeing your data again. Before I get into the thrust of this piece, if anything, let WannaCrypt be a siren call to everyone to backup your data. Period. End of story. With a solid data backup, should you fall prey to ransomware, you are just an OS reinstall and a data restore away from getting back to work.

  • Best way to avoid ransomware? Stop using Windows

    There are many Microsoft apologists, astro-turfers, and so-called journalists on the make who, at times like this, keep a low profile and furiously try to spread the message in Web forums that "computers users" are at risk.

    Alas, the harsh truth must at last be faced: if you do not use Windows, then the chances of a ransomware attack are close to zero.

  • No threat of WannaCry attack as GSTN operates on Linux: CEO

    GSTN, set up to provide IT infrastructure for GST rollout, will not be impacted by the WannaCry ransomware attack, as its systems do not run on Microsoft software, the network’s CEO Prakash Kumar said today.

    The Goods and Services Tax Network (GSTN) is gearing up to handle about 3 billion invoices every month under the new indirect tax regime and will complete the beta testing of its software tomorrow.

    “Our software is not based on Microsoft windows operating system and hence we are immune. We operate on Linux software which is not affected by the ransomware attack,” Kumar told PTI.

    More than 60 lakh excise, service tax and VAT assessees have enrolled on the GSTN portal between November 8, 2016 and April 30, 2017. Currently, there are 80 lakh such assessees.

  • Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry

    On Monday, researchers said the same weapons-grade attack kit was used in a much-earlier and possibly larger-scale hack that made infected computers part of a botnet that mined cryptocurrency.

Windows Intruded by CIA

Filed under
Microsoft
Security
  • Athena

    Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

    According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

    Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

  • Microsoft held back free patch that could have slowed WannaCry

Security Leftovers

Filed under
Security
  • A Step Forward for Security [iophk: "end point compromise negates many theoretical advantages"]

    While we are all mesmerized by the presidential crises, a small, but quite significant change occurred in Congress: the Senate Sergeant at Arms approved the use of Signal by Senate staff. Signal, a product of Open Whisper Systems, provides end-to-end encryption for Apple and Android phones.

  • Why Europe’s dependency on Microsoft is a huge security risk

    On May 12, hackers hit more than a hundred countries, exploiting a stolen N.S.A. tool that targeted vulnerabilities of Microsoft software. The attacks infected only machines running on Windows operative system. Among the victims are public administrative bodies such as NHS hospitals in the UK. Investigate Europe spent months to investigate the dire dependency of European countries on Microsoft – and the security risks this entails

  • NSA told Microsoft about stolen exploits: officials

    Current and former NSA officials say the agency informed Microsoft about the theft of the exploit named EternalBlue after learning of it, making it possible for the Redmond software giant to issue a patch for it in March. The exploit was used in the WannaCry ransomware attacks over last weekend.

  • Shadow Brokers claims Microsoft hand-in-glove with NSA

    The group that released NSA exploits for Windows, which were used in massive ransomware attacks last weekend, has accused Microsoft of being hand-in-glove with The Equation Group, a group that is believed to be a front for the NSA.

  • NSA officials worried about the day its potent hacking tool would get loose. Then it did.

    But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials' worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.

  • Shadow Brokers threaten to unleash more hacking tools

    The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that were used to spread the WannaCry ransomware through the NHS and across the world, said they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft's Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.

NHS mulling Ubuntu switch after Windows XP fail?

Filed under
GNU
Linux
Microsoft
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Out-of-Control CIA Continues to be Exposed in WikiLeaks’ Vault 7

    After installing a small file, the operators would then be able to instruct the computer to kill any use of a web browser on a set schedule. For instance, the software could be instructed to shut down Firefox every 25-35 seconds. Similarly, the example included a measure to “lock up” PowerPoint files 10 minutes after they were loaded. It would also allow operators to create a delay when PowerPoint files were attempting to load.

    While the examples they used are simple and relatively harmless, the software could perform virtually any assigned task. Because the data is encrypted with a key stored outside of the machine, the code would be extremely difficult to detect and/or decipher.

    After installing the software, the documentation instructs users to “kick back” and “Relax – After Midnight will take care of the rest.”

    The second piece of software detailed is similar to “AfterMidnight” and is called “Assassin.” That piece of software is a relatively simple way of collecting data remotely and then delivering results to a listening post on a schedule.

    Through screenshots in the documents, it can be seen that the author is named “Justin,” is working from a Dell computer, and desktop shortcuts to an encrypted chat program called ‘Pidgin,’ as well as a folder entitled “drone.”

  • Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

    However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many.

  • Ransomware: Microsoft can no longer claim to be 'proactive'

    Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.

  • Cyber attack: Hackers {sic} in China try to seize control of WannaCry ransomware's 'kill switch'

    “What you can follow is the money,” Mr Raiu said. “You can follow the Bitcoins [although] following the Bitcoins is kind of an art in itself.”

  • [Old] The Software Industry IS the Problem

    The question is how to introduce product liability, because just imposing it would instantly shut down any and all software houses with just a hint of a risk management function on their organizational charts.

  • [Old] Why Not Use Port Knocking?

    The robots currently at work knocking around for your guessable password could easily be repurposed to guess your Unicode password currently known as your port knocking sequence, and quite likely have been already.

Syndicate content

More in Tux Machines

Today in Techrights

OSS Leftovers

  • Canada’s Spy Agency Releases its Cyber-Defense Tool for Public
  • Canadian govt spooks open source anti-malware analytics tool
    The Communications Security Establishment (CSE) said the AssemblyLine tool is designed to analyse large volumes of files, and can automatically rebalance workloads.
  • Microservices served on blockchain, in open source
    Cloud application marketplace company Wireline is working with open source blockchain project developer Qtum The new union is intended to provide a conduit to consuming microservices at [web] scale using blockchain at the core. As we know, microservices offer the ability to create Application Programming Interfaces (APIs) without having to manage the underlying hardware and software infrastructure. [...] The Qtum a blockchain application platform combines the functions of Bitcoin Core, an account abstraction layer allowing for multiple virtual machines and a proof-of-stake consensus protocol aimed at tackling industry-use cases. The Qtum Foundation, headquartered in Singapore, is the decision-making body that drives the project’s development.
  • Rendering HTML5 video in Servo with GStreamer
    At the Web Engines Hackfest in A Coruña at the beginning of October 2017, I was working on adding some proof-of-concept code to Servo to render HTML5 videos with GStreamer. For the impatient, the results can be seen in this video here
  • Working Intel CET Bits Now Land In GCC8
    A few days back I wrote about Intel's work on Control-flow Enforcement Technology beginning to land in GCC. This "CET" work for future Intel CPUs has now landed in full for GCC 8. The bits wiring up this control-flow instrumentation and enforcement support are now all present in mainline GCC SVN/Git for next year's GCC 8.1 release.
  • Using Gitea and/or Github to host blog comments
    After having moved from FSFE’s wordpress instance I thought long about whether I still want to have comments on the new blog. And how I would be able to do it with a statically generated site. I think I have found/created a pretty good solution that I document below.

Security Leftovers

  • Where Did That Software Come From?
    The article explores how cryptography, especially hashing and code signing, can be use to establish the source and integrity. It examines how source code control systems and automated build systems are a key part of the software provenance story. (Provenance means “a record of ownership of a work of art or an antique, used as a guide to authenticity or quality.” It is increasingly being applied to software.)
  • Judge: MalwareTech is no longer under curfew, GPS monitoring [Updated]
    A judge in Milwaukee has modified the pre-trial release conditions of Marcus Hutchins, also known online as "MalwareTech," who was indicted two months ago on federal criminal charges. Under US Magistrate Judge William Duffin’s Thursday order, Hutchins, who is currently living in Los Angeles, will no longer be subject to a curfew or to GPS monitoring.
  • [Older] Leicester teen tries to hack CIA and FBI chiefs' computers
    A teenager attempted to hack senior US government officials' computers from his home. Kane Gamble, 18, from Coalville, Leicestershire, pleaded guilty to 10 charges relating to computer hacking. His targets included the then CIA director John Brennan and former FBI deputy director Mark Giuliano.

Debian: pk4, Freexian and More