Language Selection

English French German Italian Portuguese Spanish

Security

Security: Minix, Shadow Brokers, Kaspersky

Filed under
Security
  • The Truth About the Intel’s Hidden Minix OS and Security Concerns

    That supplemental unit is part of the chipset and is NOT on the main CPU die. Being independent, that means Intel ME is not affected by the various sleep state of the main CPU and will remain active even when you put your computer in sleep mode or when you shut it down.

  • Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

    Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

  • UK spymasters raise suspicions over Kaspersky software's Russia links

Security: Fancy Bear, MINIX, WikiLeaks Vault 8, Face ID

Filed under
Security
  • New Microsoft Word attacks infect PCs sans macros

    Fancy Bear, the advanced hacking group researchers say is tied to the Russian government, is actively exploiting a newly revived technique that gives attackers a stealthy means of infecting computers using Microsoft Office documents, security researchers said this week.

    Fancy Bear is one of two Russian-sponsored hacking outfits researchers say breached Democratic National Committee networks ahead of last year's presidential election. The group was recently caught sending a Word document that abuses a feature known as Dynamic Data Exchange. DDE allows a file to execute code stored in another file and allows applications to send updates as new data becomes available.

  • Minix Inside!

    Everything was find but in May a major security flaw was discovered and the fix required an update data to the AMT code. An update that many machines are unlikely to get. Since then various security researchers, mostly Google-based, have been looking into the hardware and the software and have made the discovery that there is an additional layer in the hardware that Intel doesn't talk about. Ring 3 is user land, Ring 0 is OS land and Ring -1 is for hypervisors. These we know about, but in addition there is Ring -2, used for the secure UEFI kernel and Ring -3, which is where the management OS runs. Guess what the management OS is Minix 3 - or rather a closed commercial version of Minix 3.

  • WikiLeaks: CIA impersonated Kaspersky Labs as a cover for its malware operations

    WikiLeaks, under its new Vault 8 series of released documents, has rolled out what it says is the source code to a previously noted CIA tool, called Hive, that is used to help hide espionage actions when the Agency implants malware.
    Hive supposedly allows the CIA to covertly communicate with its software by making it hard or impossible to trace the malware back to the spy organization by utilizing a cover domain. Part of this, WikiLeaks said, is using fake digital certificates that impersonate other legitimate web groups, including Kaspersky Labs.

  • My Younger Brother Can Access My iPhone X: Face ID Is Not Secure

    What this means is family members, who are probably the people you don’t want accessing your device, can now potentially access your iPhone. Especially your younger brother, or Mom… or Grandma.

Security: Intel Back Door, Hacking a Fingerprint Biometric, Dashlane, Vault 8, Cryptojacking, MongoDB and More

Filed under
Security
  • Recent Intel Chipsets Have A Built-In Hidden Computer, Running Minix With A Networking Stack And A Web Server

    The "Ring-3" mentioned there refers to the level of privileges granted to the ME system. As a Google presentation about ME (pdf) explains, operating systems like GNU/Linux run on Intel chips at Ring 0 level; Ring-3 ("minus 3") trumps everything above -- include the operating system -- and has total control over the hardware. Throwing a Web server and a networking stack in there too seems like a really bad idea. Suppose there was some bug in the ME system that allowed an attacker to take control? Funny you should ask; here's what we learned earlier this year...

    [...]

     Those don't seem unreasonable requests given how serious the flaws in the ME system have been, and probably will be again in the future. It also seems only fair that people should be able to control fully a computer that they own -- and that ought to include the Minix-based computer hidden within.

  •  

     

  • “Game Over!” — Intel’s Hidden, MINIX-powered ME Chip Can Be Hacked Over USB

    Even the creator of MINIX operating system didn’t know that his for-education operating system is on almost every Intel-powered computer.

  • Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB

     

    Turns out they were right. Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB. The fully fleshed-out details of the attack are yet to be known, but from what we know, it’s bad.

  •  
     

  • Hacking a Fingerprint Biometric
  •  

  • Dashlane Password Manager Now Supports Linux [Ed: But why would anyone with a clue choose to upload his/her passwords?]

    Dashlane, the popular password manager, now supports Linux (and ChromeOS and Microsoft Edge) thanks to new web extension and web app combination.

  • Source Code For CIA’s Spying Tool Hive Released By Wikileaks: Vault 8

    From November 9, Wikileaks has started a new series named Vault 8. As a part of this series, the first leak contains the source code and analysis for Hive software project. Later, the other leaks of this series are expected to contain the source code for other tools as well.

  • Cryptojacking found on 2496 online stores

    Cryptojacking - running crypto mining software in the browser of unsuspecting visitors - is quickly spreading around the web. And the landgrab extends to online stores. The infamous CoinHive software was detected today on 2496 e-commerce sites.

  • 2,500+ Websites Are Now “Cryptojacking” To Use Your CPU Power And Mine Cryptocurrency
  • MongoDB update plugs security hole and sets sights on the enterprise

    Document database-flinger MongoDB has long positioned itself as the dev's best friend, but after ten years it is now fluffing itself up for the enterprise.

    The firm, which went public just last month and hopes to earn up to $220m, has now launched the latest version of its database, which aims to appeal to these bigger customers.

  • How AV can open you to attacks that otherwise wouldn’t be possible [Ed: Any proprietary software put on top of any other software (FOSS included) is a threat and a possible back door]

    Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn't be possible. On Friday, a researcher documented an example of the latter—a vulnerability he found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control.

    AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off-limits to the attacker. Six of the affected AV programs have patched the vulnerability after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks.

  • Estonia arrests suspected FSB agent accused of “computer-related crime”

    Estonian authorities announced this week that they had recently arrested a Russian man suspected of being an agent of the Federal Security Service (FSB) who was allegedly planning "computer-related crime."

    The 20-year-old man, whose identity was not made public, was arrested last weekend in the Estonian border city of Narva as he was trying to return to Russia.

Security: Updates and Intel Back Doors

Filed under
Security

Security Leftovers

Filed under
Security
  • What Is ARP Spoofing? — Attacks, Detection, And Prevention

    Spoofing is often defined as imitating (something) while exaggerating its characteristic features for comic effect. Not in the real world but also in the computer networking world, spoofing is a common practice among notorious users to intercept data and traffic meant for a particular user.

  • New Hope for Digital Identity

    For your inconvenience, every organization's identity system is also a separate and proprietary silo, even if it is built with open-source software and methods. Worse, an organization might have many different silo'd identity systems that know little or nothing about each other. Even an organization as unitary as a university might have completely different identity systems operating within HR, health care, parking, laundry, sports and IT—as well as within its scholastic realm, which also might have any number of different departmental administrative systems, each with its own record of students past and present.

  • Linux has a whole crock of USB vulnerabilities
  • Google Patches KRACK Vulnerability in Android

Security: Vault 8 From Wikileaks, Yahoo and Other Massive Data Leaks

Filed under
Security
  • Vault 8

    Source code and analysis for CIA software projects including those described in the Vault7 series.

    This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.

    Source code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks' earlier Vault7 series, the material published by WikiLeaks does not contain 0-days or similar security vulnerabilities which could be repurposed by others.

  • Marissa Mayer sounds distraught over Yahoo’s massive data breach

    Former Yahoo CEO Marissa Mayer appeared distraught at a US Senate hearing Wednesday (Nov. 8) on the unprecedented data breaches at the company during her tenure.

    “As you know, Yahoo was the victim of criminal, state-sponsored attacks on its systems, resulting in the theft of certain user information,” Mayer said in her opening remarks, rarely looking up from her notes. “As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users.”

Security: USB. WPA2, Updates, Magento

Filed under
Security

Microsoft and Intel Back Doors

Filed under
Microsoft
Security

10 Most Secure Linux Distros For Complete Privacy & Anonymity | 2017 Edition

Filed under
GNU
Linux
Security

One of the most compelling reasons to use Linux is its ability to deliver a secure computing experience. There are some specialized secure Linux distros for security that add extra layers and make sure that you complete your work anonymously and privately. Some of the popular secure Linux distros for 2017 are Tails, Whoix, Kodachi, etc.

Read more

Ethical Hacking OS Parrot Security 3.9 Officially Out, Parrot 4.0 In the Works

Filed under
OS
Security

Just a minor improvement to the Parrot Security 3.x series of the Linux-based operating system used by security researchers for various pentesting and ethical hacking tasks, Parrot Security OS 3.9 is here with all the latest security patches and bug fixes released upstream in the Debian GNU/Linux repositories.

But it also looks like it ships with some important new features that promise to make the ethical hacking computer operating system more secure and reliable. One of these is a new sandbox system based on the Firejail SUID program and designed to add an extra layer of protection to many apps, protecting users from 0day attacks.

Read more

Syndicate content

More in Tux Machines

Trisquel 9.0 Development Plans and Trisquel 8.0 Release

  • Trisquel 9.0 development plans
    Just as we release Trisquel 8.0, the development of the next version begins! Following the naming suggestions thread I've picked Etiona, which sounds good and has the fewest search results. We currently do our development in a rented dedicated server in France, and although it is functional it has many performance and setup issues. It has 32 gigs of RAM, which may sound like plenty but stays below the sweet spot where you can create big enough ramdisks to compile large packages without having to ever write to disk during the build process, greatly improving performance. It also has only 8 cores and rather slow disks. The good news is that the FSF has generously decided to host a much larger dedicated build server for us, which will allow us to scale up operations. The new machine will have fast replicated disks, lots of RAM and two 12 core CPUs. Along with renewing the hardware, we need to revamp the software build infrastructure. Currently the development server runs a GitLab instance, Jenkins and pbuilder-based build jails. This combination was a big improvement from the custom made scripts of early releases, but it has some downsides that have been removed by sbuild. Sbuild is lighter and faster and has better crash recovery and reporting.
  • Trisquel 8.0 LTS Flidas
    Trisquel 8.0, codename "Flidas" is finally here! This release will be supported with security updates until April 2021. The first thing to acknowledge is that this arrival has been severely delayed, to the point where the next upstream release (Ubuntu 18.04 LTS) will soon be published. The good news is that the development of Trisquel 9.0 will start right away, and it should come out closer to the usual release schedule of "6 months after upstream release". But this is not to say that we shouldn't be excited about Trisquel 8.0, quite the contrary! It comes with many improvements over Trisquel 7.0, and its core components (kernel, graphics drivers, web browser and e-mail client) are fully up to date and will receive continuous upgrades during Flidas' lifetime. Trisquel 8.0 has benefited from extensive testing, as many people have been using the development versions as their main operating system for some time. On top of that, the Free Software Foundation has been using it to run the Libreplanet conference since last year, and it has been powering all of its new server infrastructure as well!

today's howtos

FOSS Events in Europe: Rust, foss-north, KubeCon + CloudnativeCon Europe 2018

  • Rust loves GNOME Hackfest: Day 1
    This is a report of the first day of the Rust loves GNOME Hackfest that we are having in Madrid at the moment. During the first day we had a round of introductions and starting outlining the state of the art.
  • Madrid GNOME+Rust Hackfest, part 1
    I'm in Madrid since Monday, at the third GNOME+Rust hackfest! The OpenShine folks are kindly letting us use their offices, on the seventh floor of a building by the Cuatro Caminos roundabout. I am very, very thankful that this time everyone seems to be working on developing gnome-class. It's a difficult project for me, and more brainpower is definitely welcome — all the indirection, type conversion, GObject obscurity, and procedural macro shenanigans definitely take a toll on oneself.
  • Five days left
    I use to joke that the last week before foss-north is the worst – everything is done, all that is left is the stress.
  • KubeCon + CloudnativeCon Europe 2018
    The Cloud Native Computing Foundation’s flagship conference will be taking place in Copenhagen from May 2-4. It will cover Kubernetes, Prometheus OpenTracing, Fluentd, Linkerd, gRPC, CoreDNS, and other key technologies in cloud native computing.

Programming: Taxonomy of Tech Debt, Python and More

  • A Taxonomy of Tech Debt
    Hi there. I’m Bill “LtRandolph” Clark, and I’m the engineering manager for the Champions team on LoL. I’ve worked on several different teams on League over the past years, but one focus has been consistent: I’m obsessed with tech debt. I want to find it, I want to understand it, and where possible, I want to fix it. When engineers talk about any existing piece of technology - for example League of Legends patch 8.4 - we often talk about tech debt. I define tech debt as code or data that future developers will pay a cost for. Countless blog posts, articles, and definitions have been written about this scourge of software development. This post will focus on types of tech debt I’ve seen during my time working at Riot, and a model for discussing it that we’re starting to use internally. If you only take away one lesson from this article, I hope you remember the “contagion” metric discussed below.
  • 6 Python datetime libraries
    Once upon a time, one of us (Lacey) had spent more than an hour staring at the table in the Python docs that describes date and time formatting strings. I was having a hard time understanding one specific piece of the puzzle as I was trying to write the code to translate a datetime string from an API into a Python datetime object, so I asked for help.
  • Getting started with Anaconda Python for data science
  • How to install the Moodle learning management system
  • Anatomy of a JavaScript Error
  • Is DevOps compatible with part-time community teams?