Language Selection

English French German Italian Portuguese Spanish


Microsoft Breaking the Law and Computer Security Woes

Filed under

How do you dump the firmware from a "secure" voting machine? With a $15 open source hardware board

Filed under

One of the highlights of this year's Defcon conference in Vegas was the Voting Machine Hacking Village, where security researchers tore apart the "secure" voting machines America trusts its democracy to.

The Voting Machine Hacking Village just released its master report on the vulnerabilities they found, and the participants are talking about it on Twitter, including Joe Fitz's note that he dumped the firmware off a Accuvote TSX with one of Adafruit's $15 open source hardware FT232h breakout boards.

Read more

Security: Australia, IRS, and Grafeas

Filed under
  • Australian defense firm was hacked and F-35 data stolen, DOD confirms

    The Australian Cyber Security Centre noted in its just-issued 2017 Threat Report that a small Australian defense company "with contracting links to national security projects" had been the victim of a cyber-espionage attack detected last November. "ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data," the ACSC report stated. "The adversary remained active on the network at the time."

    More details of the breach were revealed on Wednesday at an IT conference in Sydney. ASD Incident Response Manager Mitchell Clarke said, "The compromise was extensive and extreme." The attacker behind the breach has been internally referred to at the Australian Signals Directorate as "APT Alf" (named for a character in Australia's long-running television show Home and Away, not the US television furry alien). Alf stole approximately 30 gigabytes of data, including data related to Australia's involvement in the F-35 Joint Strike Fighter program, as well as data on the P-8 Poseidon patrol plane, planned future Australian Navy ships, the C-130 Hercules cargo plane, and the Joint Direct Attack Munition (JDAM) bomb. The breach began in July of 2016.

  • After second bungle, IRS suspends Equifax’s “taxpayer identity” contract

    The tax-collecting agency is now temporarily suspending the contract because of another Equifax snafu. The Equifax site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which, when clicked, infected visitors' computers with adware that was detected by just three of 65 antivirus providers. The development means that at least for now, taxpayers cannot open new Secure Access accounts with the IRS. Secure Access allows taxpayers to retrieve various online tax records and provides other "tax account tools" to those who have signed up.

  • Google, IBM Partner to Tighten Container Security
  • Grafeas, new open-source API for the software supply chain, released

Security: Updates, Grafeas, Cloudwashing

Filed under

Security: Microsoft Word, Hyatt Hotels, Australian Megabreach, Impersonating iOS Password Prompts, and Equifax

Filed under

Security: Updates, Accenture, Equifax, Passwords, United Airlines, Grafeas Project

Filed under

pfSense 2.4.0-RELEASE Now Available!

Filed under

We are excited to announce the release of pfSense® software version 2.4, now available for new installations and upgrades!

pfSense software version 2.4.0 was a herculean effort! It is the culmination of 18 months of hard work by Netgate and community contributors, with over 290 items resolved. According to git, 671 files were changed with a total 1651680 lines added, and 185727 lines deleted. Most of those added lines are from translated strings for multiple language support!

pfSense 2.4.0-RELEASE updates and installation images are available now!

Read more

Also: pfSense 2.4 Released, Rebased To FreeBSD 11.1 & New Installer

Security: Updates, Reproducible Builds, T-Mobile, ATMs, Microsoft Outlook "Fake Crypto" and Accenture

Filed under
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #128
  • T-Mobile customer data plundered thanks to bad API

    A bug disclosed and patched last week by T-Mobile in a Web application interface allowed anyone to query account information by simply providing a phone number. That includes customer e-mail addresses, device identification data, and even the answers to account security questions. The bug, which was patched after T-Mobile was contacted by Motherboard's Lorenzo Franceschi-Bicchierai on behalf of an anonymous security researcher, was apparently also exploited by others, giving them access to information that could be used to hijack customers' accounts and move them to new phones. Attackers could potentially gain access to other accounts protected by SMS-based "two factor" authentication simply by acquiring a T-Mobile SIM card.

  • Criminals stole millions from E. Europe banks with ATM “overdraft” hack

    Banks in several former Soviet states were hit with a wave of debit card fraud earlier this year that netted millions of dollars worth of cash. These bank heists relied on a combination of fraudulent bank accounts and hacking to turn nearly empty bank accounts into cash-generating machines. In a report being released by TrustWave's SpiderLabs today, SpiderLabs researchers detailed the crime spree: hackers gained access to bank systems and manipulated the overdraft protection on accounts set up by proxies and then used automated teller machines in other countries to withdraw thousands of dollars via empty or nearly empty accounts.

    While SpiderLabs' investigation accounted for about $40 million in fraudulent withdrawals, the report's authors noted, "when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD." This criminal enterprise was a hybrid of traditional credit fraud and hacking. It relied on an army of individuals with fake identity documents, as these folks were paid to set up accounts at the targeted institutions with the lowest possible deposit. From there, individuals requested debit cards for the accounts, which were forwarded to co-conspirators in other countries throughout Europe and in Russia.

  • Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

    Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out.

    From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.

    S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages.

  • Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure (CVE-2017-11776)

    Outlook version XXX (we are still waiting for Microsoft to release detailed information and update the blog accordingly) was the first affected version. So any S/MIME encrypted mail written since that date might be affected.

    Unfortunately there is no easy solution to remediate the impact of this vulnerability (we are still waiting for Microsoft to release detailed information and update the blog).

    In cases where mails have been send to third parties (recipient is outside of the sender’s organization) remediation is not possible by the sending party, since the sender has no authority over the recipient’s mail infrastructure.

  • Accenture data leak: 'Keys to the kingdom' left exposed via multiple unsecured cloud servers

    A massive trove of sensitive corporate and customer data was left freely exposed to the public by Accenture, one of the world's biggest management firms. The tech giant left at least four cloud storage servers, which contained highly sensitive decryption keys and passwords, exposed to the public, without any password protections.

Security: Updates, Accenture, Microsoft and More

Filed under
  • Security updates for Wednesday
  • Accenture left a huge trove of highly sensitive data on exposed servers

    Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers.

  • Crypto Anchors: Exfiltration Resistant Infrastructure

    The obvious way to implement a tokenization service is to generate a random token and store a mapping of that token and a one-way hash of the sensitive piece of data.

    Unfortunately, the maximum number of possible SSNs is just under 1 billion, making it trivial for an attacker that downloads the database to brute-force them offline.

  • Detecting DDE in MS Office documents

    Dynamic Data Exchange is an old Microsoft technology that can be (ab)used to execute code from within MS Office documents. Etienne Stalmans and Saif El-Sherei from Sensepost published a blog post in which they describe how to weaponize MS Office documents.

  • Stack Overflow Considered Harmful?

    What proportion of Android apps in the Play store include security-related code snippets copied directly from Stack Overflow? Does the copied code increase or decrease application security?

  • ‘UK teen almost hacking US officials a serious concern for American security’

    It should be very concerning for the US security services that a teenager almost got to access to private information of top officials, including that of the CIA chief, as other hackers might actually do some real harm, Mark Chapman of the UK Pirate Party believes.

    British teenager Kane Gamble pleaded guilty to trying to hack top US officials’ personal computers.

    Gamble is autistic and was only 15 years old when he attempted to hack the computers of former CIA chief John Brennan and the head of security of the Obama administration. He was released on bail and is due to be sentenced by a British regional court in December.

Security: Accenture, Australian Cyber Security Centre, Voting and North Korea

Filed under
  • Accenture's crown jewels found exposed in unsecured AWS buckets

    Global corporate consulting and management firm Accenture left at least four cloud-based storage servers unsecured and open to the public, the security company UpGuard has found.

    Exposed to the world were secret API data, authentication credentials, certificates, decryption keys, customer information and other data that could have been used to attack both the company and its clients.

  • Cyber terror? Ain't seen it yet, says Australian Cyber Security Centre

    Despite all the hyper-ventilation by politicians who paint grim scenarios of cyber Armageddon always being around the corner, Australia is yet to face malicious activity that would constitute a cyber attack, according to the Australian Cyber Security Centre.

  • The Race to Secure Voting Tech Gets an Urgent Jumpstart

    On Tuesday, representatives from the hacking conference DefCon and partners at the Atlantic Council think tank shared findings from a report about DefCon's Voting Village, where hundreds of hackers got to physically interact with—and compromise—actual US voting machines for the first time ever at the conference in July. Work over three days at the Village underscored the fundamental vulnerability of the devices, and raised questions about important issues, like the trustworthiness of hardware parts manufactured in other countries, including China. But most importantly, the report highlights the dire urgency of securing US voting systems before the 2018 midterm elections.

  • North Korean Hack [sic] of U.S. War Plans Shows Off Cyber Skills
Syndicate content

More in Tux Machines

today's leftovers

  • Linux More Popular than Windows in Stack Overflow's 2018 Developer Survey
    Stack Overflow, the largest and most trusted online community for developers, published the results of their annual developer survey, held throughout January 2018. More than 100,000 developers participated in this year's Annual Developer Survey, which included several new topics ranging from ethics in coding to artificial intelligence (AI). The results are finally here and reveal the fact that some technologies and operating systems have become more popular than others in the past year.
  • History of containers
    I’ve researched these dates several times now over the years, in preparation for several talks. So I’m posting it here for my own future reference.
  • Ubuntu Podcast from the UK LoCo: S11E03 – The Three Musketeers - Ubuntu Podcast
  • Best Desktop Environment
    Thanks to its stability, performance, feature set and a loyal following, the K Desktop Environment (KDE) won Best Desktop Environment in this year's Linux Journal Readers' Choice Awards.
  • Renata D'Avila: Pushing a commit to a different repo
    My Outreachy internship with Debian is over. I'm still going to write an article about it, to let everyone know what I worked on towards the ending, but I simply didn't have the time yet to sit down and compile all the information.

Software: GTK-VNC, GNOME Shell and More

Devices: Mintbox Mini, NanoNote (Part 3), MV3

  • Mintbox Mini 2: Compact Linux desktop with Apollo Lake quad-core CPU
    The Mintbox Mini 2 is a fanless computer that measures 4.4″ x 3.3″ x 1.3″ and weighs about 12 ounces. It’s powered by a 10W Intel Celeron J3455 quad-core processor.
  • Linux Mint ditches AMD for Intel with new Mintbox Mini 2
    While replacing Windows 10 with a Linux-based operating system is a fairly easy exercise, it shouldn’t be necessary. Look, if you want a computer running Linux, you should be able to buy that. Thankfully you can, as companies like System76 and Dell sell laptops and desktops with Ubuntu or Ubuntu-based operating systems. Another option? Buy a Mintbox! This is a diminutive desktop running Linux Mint — an Ubuntu-based OS. Today, the newest such variant — The Mintbox Mini 2 — makes an appearance. While the new model has several new aspects, the most significant is that the Linux Mint Team has switched from AMD to Intel (the original Mini used an A4-Micro 6400T).
  • Porting L4Re and Fiasco.OC to the Ben NanoNote (Part 3)
    So, we find ourselves in a situation where the compiler is doing the right thing for the code it is generating, but it also notices when the programmer has chosen to do what is now the wrong thing. We must therefore track down these instructions and offer a supported alternative. Previously, we introduced a special configuration setting that might be used to indicate to the compiler when to choose these alternative sequences of instructions: CPU_MIPS32_R1. This gets expanded to CONFIG_CPU_MIPS32_R1 by the build system and it is this identifier that gets used in the program code.
  • Linux Software Enables Advanced Functions on Controllers
    At NPE2018, SISE presents its new generation of multi-zone controllers (MV3). Soon, these controllers will be able to control as many as 336 zones. They are available in five sizes (XS, S, M, L and XL) with three available power cards (2.5 A, 15 A and 30 A). They are adaptable to the packaging, automotive, cosmetics, medical and technical-parts markets.

Linux Foundation: Microsoft Openwashing,, OCP, Kernel Commits Statistics

  • More Tips for Managing a Fast-Growing Open Source Project [Ed: Microsoft has infiltrated the Linux Foundation so deeply and severely that the Foundation now regularly issues openwashing pieces for the company that attacks Linux]
  • improves Kubernetes networking in sixth software release, one of Linux Foundation’s open source projects, has introduced its 18.01 software release with a focus on improving Kubernetes Networking, Istio and cloud native NFV.
  • Bolsters Kubernetes, NFV, and Istio Support With Latest Release
    The Fast Data Project ( released its sixth update since its inception within the Linux Foundation two years ago. While the update list is extensive, most are focused on Kubernetes networking, cloud native network functions virtualization (NFV), and Istio.
  • Linux Foundation, OCP collaborate on open sourcing hardware and software
    The virtualization of network functions has resulted in a disaggregation of hardware and software, increasing interest in open source projects for both layers in return. To feed this interest, the Linux Foundation and Open Compute Project (OCP) recently announced a joint initiative to advance the development of software and hardware-based open source networking. Both organizations have something to offer the other through the collaboration. The Linux Foundation’s OPNFV project integrates OCP as well as other open source software projects into relevant network functions virtualization (NFV) reference architectures. At the same time, OCP offers an open source option for the hardware layer.
  • Kernel Commits with "Fixes" tag
    Over the past 5 years there has been a steady increase in the number of kernel bug fix commits that use the "Fixes" tag.  Kernel developers use this annotation on a commit to reference an older commit that originally introduced the bug, which is obviously very useful for bug tracking purposes. What is interesting is that there has been a steady take-up of developers using this annotation: