Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • CII Project Advances Linux Kernel Security as Firm Ends Free Patches

    There has been some public discussion in the last week regarding the decision by Open Source Security Inc. and the creators of the Grsecurity® patches for the Linux kernel to cease making these patches freely available to users who are not paid subscribers to their service. While we at the Core Infrastructure Initiative (CII) would have preferred them to keep these patches freely available, the decision is absolutely theirs to make.

    From the point of view of the CII, we would much rather have security capabilities such as those offered by Grsecurity® in the main upstream kernel rather than available as a patch that needs to be applied by the user. That said, we fully understand that there is a lot of work involved in upstreaming extensive patches such as these and we will not criticise the Grsecurity® team for not doing so. Instead we will continue to support work to make the kernel as secure as possible.

  • Google Was Warned About This Week’s Mass Phishing Email Attack Six Years Ago

    For almost six years, Google knew about the exact technique that someone used to trick around one million people into giving away access to their Google accounts to hackers on Wednesday. Even more worrisome: other hackers might have known about this technique as well.

  • Mobile phone security's been busted for years, and now 2-factor auth is busted too [iophk: "now we are reminded that a phone never was a second authentication factor"]

    SS7 is now confirmed to be exploited in the wild, with crooks taking big scores through it.

  • We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed.

    But on Wednesday, German newspaper The Süddeutsche Zeitung reported that financially-motivated hackers {sic} had used those flaws to help drain bank accounts.

  • Mac malware: Coming soon to a computer near you

    In fact, the number of malware attacks on Apple’s operating system skyrocketed by 744 percent in 2016. Despite this, most people still believe that Macs don’t get viruses. Add to this the fact that, despite the seeming ubiquity of Apple’s products, the company’s user base is still growing. There are nearly 100 million Apple users worldwide, myself included.

  • IT meltdown forces Barts Health NHS Trust to cancel hundreds of appointments

    Earlier thsi year, Barts Health admitted that it has fallen victim to a "ransomware virus attack," likely because it's PCs are still running Microsoft's now-defunct Windows [...]

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Kali Linux Review: Not Everyone’s Cup of Tea

Filed under
Reviews
Security

Kali Linux has gained a lot of popularity recently. And there is a reason for that. Hacking is back as the cool-thing-to-do in popular culture and this can be attributed significantly to the TV series Mr. Robot.

Kali is one of the few hacking focused Linux distributions and quite obviously, Mr. Robot’s popularity helped Kali Linux in getting new users. The graph below validates this claim.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Serverless Security implications—from infra to OWASP
  • Xen hypervisor faces third highly critical VM escape bug in 10 months

    The Xen paravirtualization mode is proving to be a constant source of serious vulnerabilities, allowing attackers to escape from virtual machines

  • Security like it's 2005!

    The 2017 world has a solution to these problems. Use the cloud. Stuff as a Service is without question the way to solve these problems because it makes them go away. There are plenty who will naysay public cloud citing various breeches, companies leaking data, companies selling data, and plenty of other problems. The cloud isn't magic, but it lets you trade a lot of horrible problems for "slightly bad". I guarantee the problems with the cloud are substantially better than letting most people try to run their own infrastructure. I see this a bit like airplane vs automobile crashes. There are magnitudes more deaths by automobile every year, but it's the airplane crashes that really get the attention. It's much much safer to fly than to drive, just as it's much much safer to use services than to manage your own infrastructure.

  • Security Sessions: Why CSOs should care about machine learning
  • Reproducible builds folks: Reproducing R packages
  • Hacker Extortion Attempt Falls Flat Because Netflix Actually Competes With Piracy

    A hacking group calling itself TheDarkOverlord (TDO) has tried, and failed (so far) to extort Netflix and several other companies after stumbling onto a server of unreleased content. TDO was apparently able to compromise the servers of an audio post-production company by the name of Larson Studios. Among the content acquired from the hackers were ten episodes of the as-yet-unreleased new season of the popular Netflix show "Orange is the New Black," which isn't supposed to see full release until June. Outside of some free advertising in the news media and some wasted calories, the group's efforts don't appear to have culminated in much.

  • Free search engine tool hunts down malware-infected computers

    Internet search engine Shodan provides enterprise security teams a wealth of information about open ports on servers and other internet-connected devices. Now, as part of a partnership with threat intelligence company Recorded Future, security analysts and researchers can work with Shodan to uncover systems manipulated to control malware-infected devices.

Security Leftovers

Filed under
Security
  • Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit [Ed: Moral of the story is, don't use NSA back doors facilities like Microsoft Windows. Microsoft is in bed with the NSA.]

    Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.

  • Finnish technology firm wins contract from US Marine Corps

    Sensofusion, a Vantaa-based developer of drone countermeasures, has been awarded a contract by the US Marine Corps Warfighting Laboratory (MCWL) and the Defence Innovation Unit Experimental (DIUx) to further develop its proprietary technology, Airfence.

  • LibreSSL 2.5.4 Released

    This is the first stable fix release for the LibreSSL 2.5.x branch.

  • security things in Linux v4.11

    Building on the efforts of Elena Reshetova, Hans Liljestrand, and David Windsor to port PaX’s PAX_REFCOUNT protection, Peter Zijlstra implemented a new kernel API for reference counting with the addition of the refcount_t type. Until now, all reference counters were implemented in the kernel using the atomic_t type, but it has a wide and general-purpose API that offers no reasonable way to provide protection against reference counter overflow vulnerabilities. With a dedicated type, a specialized API can be designed so that reference counting can be sanity-checked and provide a way to block overflows. With 2016 alone seeing at least a couple public exploitable reference counting vulnerabilities (e.g. CVE-2016-0728, CVE-2016-4558), this is going to be a welcome addition to the kernel. The arduous task of converting all the atomic_t reference counters to refcount_t will continue for a while to come.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • On reCAPTCHA Dread

    I wanted to read Matthew Garrett’s post on Intel’s remote AMT vulnerability, but since I’m using Private Internet Access, Cloudflare has gated it behind reCAPTCHA. reCAPTCHA is much, much harder than it used to be. Although there seem to be a couple of other variants, nowadays you’re generally expected to identify squares that contain street signs and squares that contain mountains. Now either the answer key is regularly wrong, or I just don’t know what street signs and mountains are. You’d think the former… but there actually is a good degree of ambiguity in selecting which squares to tag. Do I only tag all the squares that contain the signage-portion of the sign, or do I also tag the squares containing the signpost? (The former seems to work better, in my experience.) What if only a little bit of the sign extends into a particular square? (Jury’s out.) What if there are very distant signs in the background of the image, with many big signs in the foreground: should the distant signs be tagged too? And what constitutes a mountain anyway? Most of the “mountains” I see in the reCAPTCHA images look more like impressive hills to me. My guess is that reCAPTCHA wants me to tag any bit of elevated land as a mountain, but who knows, really.

  • Remote security exploit in all 2008+ Intel platforms

    The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic.

  • Vulnerability hits Intel enterprise PCs going back 10 years
  • 6 signs enterprise security is getting better [Ed: This Microsoft employee will not want to say it, but shift away from Windows contributes to security]

More on Intel Back Doors

Filed under
Hardware
Security
  • Intel's remote AMT vulnerablity

    Intel chipsets for some years have included a Management Engine, a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT is another piece of software running on the ME, albeit one that takes advantage of a wide range of ME features.

  • Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege
  • Intel patches remote code-execution bug that lurked in chips for 10 years

    Remote management features that have shipped with Intel processors for almost a decade contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks. That's according to an an advisory published Monday afternoon by Intel.

    Intel has released a patch for the vulnerability, which resides in the chipmaker's Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. Business customers who buy computers running vPro processors use those services to remotely administer large fleets of computers. The bug doesn't affect chips running on consumer PCs. The chipmaker has rated the vulnerability critical and is recommending vulnerable customers install a firmware patch.

Intel Back Doors

Filed under
Hardware
Security
  • Intel Confirms Vulnerability In Intel AMT/ME

    Many of you already have expressed your displeasure over Intel's Active Management Technology (AMT) and Management Engine (ME) for various reasons in the past and now it's been disclosed that for years there has been a vulnerability in this business-oriented feature that could open your Intel systems up to attackers.

    Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability are subject to a hole allowing an unprivileged attacker to gain control of the management features for these products. The issue was made public today via INTEL-SA-00075.

  • Secure Boot booted from Debian 9 'Stretch'

    Debian's release team has decided to postpone its implementation of Secure Boot.

    In a release update from last week, release team member Jonathan Wiltshire wrote that “At a recent team meeting, we decided that support for Secure Boot in the forthcoming Debian 9 'stretch" would no longer be a blocker to release. The likely, although not certain outcome is that stretch will not have Secure Boot support.'

Syndicate content

More in Tux Machines

Linux Tiny Box PCs and DeX

  • Linux Tiny Box PCs: Quad-core i.MX6 Dual Lite
    Kingdy's new ultra-compact tiny embedded platform for space limited solution, based on the ARM Cortex-A9TM iMX6 Dual Lite / Quad Core processor, delivers optimum I/O design for maximum connectivity with Pre-install Yocto 1.8 on eMMC.
  • Samsung to Give Linux Desktop Experience to Smartphone Users
    Samsung on Thursday announced a new app, Linux on Galaxy, designed to work with its DeX docking station to bring a full Linux desktop experience to Galaxy Note8, Galaxy S8 and S8+ smartphone users. Samsung earlier this year introduced DeX, a docking station that connects to a monitor to give Galaxy smartphone users a desktop experience.

Fedora: Fedora Workstation and Fedora Council

  • Looking back at Fedora Workstation so far
    So I have over the last few years blogged regularly about upcoming features in Fedora Workstation. Well I thought as we putting the finishing touches on Fedora Workstation 27 I should try to look back at everything we have achieved since Fedora Workstation was launched with Fedora 21. The efforts I highlight here are efforts where we have done significant or most development. There are of course a lot of other big changes that has happened over the last few years by the wider community that we leveraged and offer in Fedora Workstation, examples here include things like Meson and Rust. This post is not about those, but that said I do want to write a post just talking about the achievements of the wider community at some point, because they are very important and crucial too. And along the same line this post will not be speaking about the large number of improvements and bugfixes that we contributed to a long list of projects, like to GNOME itself. This blog is about taking stock and taking some pride in what we achieved so far and major hurdles we past on our way to improving the Linux desktop experience.
  • Resigning from Fedora Council for Fedora 27
    Since I became a Fedora contributor in August 2015, I’ve spent a lot of time in the community. One of the great things about a big community like Fedora is that there are several different things to try out. I’ve always tried to do the most help in Fedora with my contributions. I prefer to make long-term, in-depth contributions than short-term, “quick fix”-style work. However, like many others, Fedora is a project I contribute to in my free time. Over the last month, I’ve come to a difficult realization.

KDE Events: Akademy 2017 and KDE Edu Sprint

  • Hey Mycroft, Drive Me to our Goals!
    Almost three months after Akademy 2017, I finally found the time to write a blog post about how I experienced it. Akademy is where I learn again about all the amazing things happening in our community, where I connect the dots and see the big picture of where all the effort in the various projects together can lead. And of course, I meet all the wonderful people, all the individual reasons why being in KDE is so amazing. This year was no different. Some people voiced their concern during the event that those who are not at Akademy and see only pictures of it on social media might get the feeling that it is mostly about hanging out on the beach and drinking beer, instead of actually being productive. Everyone who was ever at Akademy of course knows this impression couldn’t be further from the truth, but I’ll still take it as a reason to not talk about any of the things that were “just” fun, and focus instead on those that were both fun and productive.
  •  
  • KDE Edu sprint 2017 in Berlin
    I had the privilege to attend the KDE Edu sprint in Berlin that happened from the 6th to the 9th of October.

Software: Narabu, ucaresystem, Telegram Messenger

  • Introducing Narabu, part 2: Meet the GPU
    Narabu is a new intraframe video codec. You may or may not want to read part 1 first. The GPU, despite being extremely more flexible than it was fifteen years ago, is still a very different beast from your CPU, and not all problems map well to it performance-wise. Thus, before designing a codec, it's useful to know what our platform looks like.
  • ucaresystem Core v4.0 : Added option to upgrade Ubuntu to the next release
    Since Ubuntu 17.10 has just been released, I have added new feature to the ucaresystem Core that can be used by the user to upgrade his distribution to the next stable version or optionally to the next development version of Ubuntu. For those who are not familiar with the ucaresystem app it is an automation script that automatically and without asking for your intervention performs some crucial Ubuntu maintenance processes, which otherwise would be done one by one and pressing Y / N each time.
  • 10 Reasons Why I Switched To Telegram Messenger
    Whatsapp may be the best player in the game when it comes to instant messaging apps, but Telegram Messenger is the entire game itself. Because Telegram is not just an app, it is an entire communication platform. It is not bound by restrictions or limitations like other apps.