Language Selection

English French German Italian Portuguese Spanish

Security

Warning: Grsecurity: Potential contributory infringement risk for customers

Filed under
Linux
Security

It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement risk.

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

Read more

Six Things to Do to Secure Your Linux System

Filed under
Linux
Security

Tuesday's Petya slam dunk by the bad guys, which may or may not have been a state sponsored swipe at Ukraine, was only one of several wake-up calls during the last couple of months for the folks taking care of IT security.

At least they should have been wake-up calls, but by the carnage left behind it looks as if a lot of folks have been operating their server rooms on autopilot. Not only were there patches at the ready to plug the vulnerabilities Petya used to do whatever it did (other than the fact that it probably wasn't ransomware, what it did hasn't been entirely sorted out yet), but I've heard credible first hand reports from several largish corporations that didn't have available backups.

Read more

Important CentOS 7 Linux Kernel Security Update Patches Five Vulnerabilities

Filed under
OS
Security

CentOS maintainer Johnny Hughes recently published a new security advisory for user of the CentOS 7 operating system series to inform them about an important kernel security update.

Read more

Security: Systemd, ELSA, and OutlawCountry

Filed under
Security

Security: Microsoft Windows as Attack Vector and More

Filed under
Security
  • Does Maersk Count as US Critical Infrastructure?

    By all appearances, Nyetna primarily targeted Ukraine. But in hitting Ukraine, it significantly disabled one of the key cogs to the global economy, the world’s biggest container shipping company. Does that count as an attack on the US, or at least its critical infrastructure?

  • That "ransomware" attack was really a cyberattack on Ukraine
  • Global cyber attack likely cover for malware installation in Ukraine: police official

    The primary target of a crippling computer virus that spread from Ukraine across the world this week is highly likely to have been that country's computer infrastructure, a top Ukrainian police official told Reuters on Thursday.

    Cyber security firms are trying to piece together who was behind the computer worm, dubbed NotPetya by some experts, which has paralyzed thousands of machines worldwide, shutting down ports, factories and offices as it spread through internal organizational networks to an estimated 60 countries.

    Ukrainian politicians were quick on Tuesday to blame Russia, but a Kremlin spokesman dismissed "unfounded blanket accusations". Kiev has accused Moscow of two previous cyber strikes on the Ukrainian power grid and other attacks since Russia annexed Crimea in 2014.

  • NotPetya is, er, not ransomware, victims unlikely to get files back

    Security software company Kaspersky has warned that there is "little hope for victims to recover their data" if they fall victim to the ransomware bastard because the installation ID displayed in the ransomware note, sent with the ransom so that the appropriate decryption key can be sent back, is entirely randomly generated.

  • Don’t include social engineering in penetration tests

    I encourage you to explicitly forbid social engineering attacks in your pentest scopes. Instead, try simulating the kinds of compromises that social engineering attacks lead to, with an emphasis on detection and response. This provides much more satisfying and useful outcomes, without the risks that allowing social engineering introduces.

Security Leftovers: Security Updates, Systemd, Sonatype, and Petya Ransomware

Filed under
Security

Canonical Outs Important Kernel Update for All Supported Ubuntu Linux Releases

Filed under
Security
Ubuntu

After patching a recently discovered systemd vulnerability in Ubuntu 17.04 and Ubuntu 16.10, Canonical today released a new major kernel update for all of its supported Ubuntu Linux operating systems, including Ubuntu 17.04, Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS (HWE), patching up to fifteen security flaws.

Read more

Security: OutlawCountry, WatchGuard FUD, SambaCry FUD, Overhyped Systemd Bug

Filed under
Security
  • OutlawCountry

    Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

    The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

  • WatchGuard survey indicates Linux, Web servers becoming hot targets for cyber attacks [Ed: Watchguard is a Microsoft buddy from Seattle. Its own site says it "recently became an official member of the Microsoft Partner Network”. Watch out for press releases and 'journalists' who copy-paste their PR (we saw several). Anti-Linux FUD.]
  • The SambaCry scare gives Linux users a taste of WannaCry-Petya problems [Ed: only for those who mimic/simulate Windows]
  • ​Linux's systemd vulnerable to DNS server attack
  • Systemd Bug Lets Attackers Hack Linux Boxes via Malicious DNS Packets

Security: GNU/Linux Updates, Reproducible Builds, Kaspersky, and "Choosing Windows for your organization should get you fired"

Filed under
Security
  • Security updates for Wednesday
  • Security updates for Tuesday
  • Reproducible Builds: week 113 in Stretch cycle
  • Multiple vulnerabilities found in Kaspersky Lab's Anti-Virus for Linux File Server [Newsflash: PROPRIETARY software for security is itself a security menace]

    People expect their anti-virus to protect them from malware and exploits but sometimes, even these products have their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, researchers at network security firm Core Security, have found a number of possible exploits in the Web Management Console for Kaspersky's Anti-virus for Linux File Servers.

  • Pentagon draft budget bans Kaspersky Lab products

    The draft budget said, in an amendment proposed by Senator Jeanne Shaheen, a Democrat from New Hampshire, that it "prohibits the DOD from using software platforms developed by Kaspersky Lab due to reports that the Moscow-based company might be vulnerable to Russian government influence."

  • Choosing Windows for your organization should get you fired

    I know. That’s harsh.

    But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job.

    For years, we’ve had one trojan, worm and virus after another. And almost every single one is specifically targeting Microsoft Windows. Not MacOS. Not Linux. Not DOS. Not Unix. Windows.

    Wannacry managed to infect hundreds of thousands of highly vulnerable Windows installations around the globe. It was a huge problem for many major institutions that fill their organizations with the operating system from Redmond, Washington.

    But did you learn your lesson? No.

    Then another bit of ransomware comes along, called NotPetya, and manages to take out critical systems at freaking Chernobyl. Also airports and banks. Oh, and hospitals. Can’t forget about the hospitals.

  • Met Police still running using Windows XP on 18,000 PCs

    Indeed, it would appear that the pace of change is slowing, with Metropolitan Police using Windows XP on 35,000 PCs in April 2015, 27,000 in August 2016, and 19,000 in December last year, according to Freedom of Information (FOI) Act requests.

  • Ransomware attack 'not designed to make money', researchers claim
  • Pnyetya: Yet Another Ransomware Outbreak

    The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.”

  • The Petya ransomware is starting to look like a cyberattack in disguise
  • ‘Petya’ Ransomware Outbreak Goes Global

    Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker {sic} group calling itself the Shadow Brokers.

  • Latest Ransomware Hackers Didn't Make WannaCry's Mistakes

    And while it owes its rapid spread in part to EternalBlue, the same stolen NSA exploit WannaCry leveraged, it lacks several of the traits that made WannaCry—which turned out to be an unfinished North Korean project gone awry—easier to stop.

  • A new ransomware outbreak similar to WCry is shutting down computers worldwide [Ed: Windows and NSA back doors]

    News organizations reported potentially serious disruptions around the world, with organizations throughout Ukraine being hit particularly hard. In that country, infections reportedly hit metro networks, power utility companies, government ministry sites, airports, banks, media outlets, and state-owned companies. Those affected included radiation monitors at the Chernobyl nuclear facility. A photograph published by Reuters showed an ATM at a branch of Ukraine's state-owned Oschadbank bank that was inoperable. A message displayed on the screen demanded a payment to unlock it. Meanwhile, Reuters also reported that Ukrainian state power distributor Ukrenergo said its IT systems were also hit by a cyber attack but that the disruption had no impact on power supplies or broader operations. Others hit, according to Bloomberg, included Ukrainian delivery network Nova Poshta, which halted service to clients after its network was infected. Bloomberg also said Ukraine's Central Bank warned on its website that several banks had been targeted by hackers.

  • AlertSec Aims to Make Encryption Security More Accessible

    Ebba Blitz isn't a typical technology industry CEO and the company she leads isn't a typical security vendor either. Blitz joined AlertSec after a career in journalism in Sweden where she honed her craft of making complex subjects more understandable which is what she's now doing in a different capability with security at AlertSec

    "We help small and medium sized companies get the same level of security that larger enterprises normally have, in terms of full-disk encryption and we manage it for them," Blitz said.

  • Don't panic, but Linux's Systemd can be pwned via an evil DNS query
  • Global ransomware attack causes turmoil

    The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

  • Episode 53 - A plane isn't like a car

    Josh and Kurt talk about security through obscurity, airplanes, the FAA, the Windows source code leak, and chicken sandwiches.

  • WikiLeaks Dump Reveals a Creepy CIA Location-Tracking Trick

    If you're using a Windows laptop or PC you could add another group to the list: the CIA.

  • WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices

    The whistleblowing platform released what appears to be the CIA's user manual for the ELSA project as evidence.
    WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA "Brutal Kangaroo” hacking tool.

  • Ohio Gov. Kasich’s website, dozens of others defaced using year-old exploit

    DNN Platform is a popular content management system (particularly with state and local governments) based on Windows Server and the ASP.NET framework for Microsoft Internet Information Server. DNN Platform is open source and available for free—making it attractive to government agencies looking for something low cost that fits into their existing Windows Server-heavy organizations. A review of the HTML source of each of the sites attacked by Team System DZ showed that they were running a vulnerable version of the content management system DNN Platform—version 7.0, which was released in 2015.

  • Linux malware gaining favor among cybercriminals [Ed: Doug Olenick, Online Editor, rewrote a press release of a company that needs to badmouth GNU/Linux (for SALES)]
Syndicate content

More in Tux Machines

Android Leftovers

Latest KDE and Kubuntu

  • KDE Frameworks 5.41.0 Released with More Than 120 Improvements and Bugfixes
    The KDE Project released today a new version of its open-source KDE Frameworks software stack, a collection of over 70 add-on libraries to the Qt application framework, for GNU/Linux distributions. Each month, KDE releases a new KDE Frameworks build, and version 5.41.0 is now available for December 2017, bringing a month's worth of improvements, bug and security fixes, as well as updated translations.
  • KDE Frameworks 5.41 Released Ahead Of KDE Applications 17.12
    KDE Frameworks 5.41 is now available as the latest monthly update to this collection of add-on libraries complementing Qt5. KDE Frameworks 5.41 has a number of fixes including some crash fixes, updated translations, improvements to Kirigami, support for the idle inhibit manager protocol in KWayland, many Plasma Framework changes, and other updates.
  • Release of KDE Frameworks 5.41.0
    December 10, 2017. KDE today announces the release of KDE Frameworks 5.41.0. KDE Frameworks are 70 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the Frameworks 5.0 release announcement.
  • [Kubuntu] Testing a switch to default Breeze-Dark Plasma theme in Bionic daily isos and default settings
    Today’s daily ISO for Bionic Beaver 18.04 sees an experimental switch to the Breeze-Dark Plasma theme by default. Users running 18.04 development version who have not deliberately opted to use Breeze/Breeze-Light in their systemsettings will also see the change after upgrading packages. Users can easily revert back to the Breeze/Breeze-Light Plasma themes by changing this in systemsettings.

Games: Kim, ASTROKILL, Hearthlands and More

The Best Linux Laptop: A Buyer’s Guide with Picks from an RHCE

If you don’t posses the right knowledge & the experience, then finding the best Linux laptop can be a daunting task. And thus you can easily end-up with something that looks great, features great performance, but struggles to cope with ‘Linux’, shame! So, as a RedHat Certified Engineer, the author & the webmaster of this blog, and as a ‘Linux’ user with 14+ years of experience, I used all my knowledge to recommend to you a couple of laptops that I personally guarantee will let you run ‘Linux’ with ease. After 20+ hours of research (carefully looking through the hardware details & reading user feedback) I chose Dell XP S9360-3591-SLV, at the top of the line. If you want a laptop that’s equipped with modern features & excellent performance that ‘just works’ with Linux, then this is your best pick. It’s well built (aluminium chassis), lightweight (2.7 lb), features powerful hardware, long battery life, includes an excellent 13.3 inch Gorilla Glass touchscreen with 3200×1800 QHD resolution which should give you excellently sharp images without making anything too small & difficult to read, a good & roomy track-pad (earlier versions had a few issues with it, but now they seem to be gone) with rubber-like palm rest area and a good keyboard (the key travel is not deep, but it’s a very think laptop so…) with Backlit, two USB 3.0 ports. Most importantly, two of the most common elements of a laptop that can give ‘Linux’ user a headache, the wireless adapter & the GPU (yes the Intel HD Graphics 620 can play 4K videos at 60fps), they are both super compatible with ‘Linux’ on this Dell. Read more