Language Selection

English French German Italian Portuguese Spanish

Security

NHS mulling Ubuntu switch after Windows XP fail?

Filed under
GNU
Linux
Microsoft
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Out-of-Control CIA Continues to be Exposed in WikiLeaks’ Vault 7

    After installing a small file, the operators would then be able to instruct the computer to kill any use of a web browser on a set schedule. For instance, the software could be instructed to shut down Firefox every 25-35 seconds. Similarly, the example included a measure to “lock up” PowerPoint files 10 minutes after they were loaded. It would also allow operators to create a delay when PowerPoint files were attempting to load.

    While the examples they used are simple and relatively harmless, the software could perform virtually any assigned task. Because the data is encrypted with a key stored outside of the machine, the code would be extremely difficult to detect and/or decipher.

    After installing the software, the documentation instructs users to “kick back” and “Relax – After Midnight will take care of the rest.”

    The second piece of software detailed is similar to “AfterMidnight” and is called “Assassin.” That piece of software is a relatively simple way of collecting data remotely and then delivering results to a listening post on a schedule.

    Through screenshots in the documents, it can be seen that the author is named “Justin,” is working from a Dell computer, and desktop shortcuts to an encrypted chat program called ‘Pidgin,’ as well as a folder entitled “drone.”

  • Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

    However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many.

  • Ransomware: Microsoft can no longer claim to be 'proactive'

    Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.

  • Cyber attack: Hackers {sic} in China try to seize control of WannaCry ransomware's 'kill switch'

    “What you can follow is the money,” Mr Raiu said. “You can follow the Bitcoins [although] following the Bitcoins is kind of an art in itself.”

  • [Old] The Software Industry IS the Problem

    The question is how to introduce product liability, because just imposing it would instantly shut down any and all software houses with just a hint of a risk management function on their organizational charts.

  • [Old] Why Not Use Port Knocking?

    The robots currently at work knocking around for your guessable password could easily be repurposed to guess your Unicode password currently known as your port knocking sequence, and quite likely have been already.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Intel's zero-day problem
  • Reverse-engineering the Intel Management Engine’s ROMP module

    Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

    First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.

  • Intel AMT on wireless networks

    More details about Intel's AMT vulnerablity have been released - it's about the worst case scenario, in that it's a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn't super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn't a likely initial vector.

    [...]

    Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you're running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn't received a firmware update, they'll be able to do so without needing any valid credentials.

  • Intel declared war on general purpose computing and lost, so now all our computers are broken

    It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

    For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future.

    ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME.

  • OSS-Fuzz: Five months later, and rewarding projects
  • USN-3285-1: LightDM vulnerability
  • generic kde LPE
  • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)
  • Europe is living under Microsoft’s digital killswitch

    All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

    It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.

Security News, Notably Microsoft/NSA Catastrophe

Filed under
Microsoft
Security
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

Security Leftovers

Filed under
Security
  • Intel's Management Engine is a security hazard, and users need a way to disable it

    Since 2008, most of Intel’s CPUs have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.

    This post will describe the nature of the vulnerabilities (thanks to Matthew Garrett for documenting them well), and the potential for similar bugs in the future. EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our CPUs, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

  • 'Accidental hero' halts ransomware attack and warns: this is not over

    Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

  • Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

    Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

  • Vanilla Forums has a plain-flavoured zero-day

    The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016.

    Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host Header injection vulnerability CVE-2016-10073.”

    The problem arises because Vanilla Forums inherits a bug in PHPMailer. The mailer uses PHP's mail() function as its default transport, as discussed by Legal Hackers here.

  • Google Fuzzing Service Uncovers 1K Bugs in Open-Source Projects

    Today’s topics include Google’s fuzzing service uncovering more than 1,000 bugs in open-source projects in five months, VMware helping Google make Chromebooks better for business; Edward Snowden advocating the need for open source and OpenStack; and Dell EMC aiming servers at data center modernization efforts.

Security Leftovers

Filed under
Security
  • Six things you need to know about IoT security
  • OpenStack Cloud Security Moves Forward

    When it comes to understanding security in the cloud and specifically security in OpenStack clouds, there are many factors to consider. In a panel session moderated by eWEEK at the OpenStack Summit in Boston, leaders from across different elements of the OpenStack security spectrum provided insight and recommendations on cloud security.

    Security is a broad term in the OpenStack context and isn't just one single item. There is the OpenStack Security Project, which has a mission to help build tools and processes that help to secure OpenStack and its various projects. There is also the Vulnerability Management Team (VMT) that handles vulnerabilities for OpenStack project. Security in OpenStack is also reflected in various OpenStack projects, including notably Project Barbican for security key management. Finally there is just general security for cloud deployment by operators, which includes secure configuration and monitoring.

  • We Wuz Warned

    The tools that are infecting computers worldwide were indeed developed by, and then leaked from, the NSA. (Thanks for nothing, spooks.) The bitcoin.com article contains tips about how to protect yourself, and links to Windows patches, if you haven't yet been hit. Fortunately for us, the attacks seem to be focused on Windows systems; our Linux desktops are so far unscathed.

  • NSA-created cyber tool spawns global attacks — and victims include Russia

    Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia, with Russia among the hardest-hit countries.

    But the Department of Homeland Security told POLITICO it had not confirmed any attacks in the U.S. on government targets or vital industries, such as hospitals and banks.

  • GCHQ tweeted about keeping Britain cyber-safe and it majorly backfired
  • Leaked NSA Hacking Tool On Global Ransomware Rampage [Ed: No, the problem isn't "patching" or "upgrade", the problem is Windows itself, irrespective of which version (back doors)]

    Thus, there's some debate online about whether the "problem" here is organizations who don't upgrade/patch or the NSA. Of course, these things are not mutually exclusive: you can reasonably blame both. Failing to update and patch your computers is a bad idea these days -- especially for large organizations with IT staff who should know better.

  • An NSA-derived ransomware worm is shutting down computers worldwide
  • WCry is so mean Microsoft issues patch for 3 unsupported Windows versions [Ed: Back doors in old versions of Windows belatedly closed because Microsoft risks losing millions of useds [sic] for good]

NHS Cautionary Tale About Windows

Filed under
Microsoft
Security

Windows Chaos

Filed under
Microsoft
Security
  • ‘CIA malware plants Gremlins’ on Microsoft machines – WikiLeaks

    WikiLeaks has released the latest instalment in the #Vault7 series, detailing two apparent CIA malware frameworks dubbed ‘AfterMidnight’ and ‘Assassin’ which it says target the Microsoft Windows platform.

  • WannaCry ransomware used in widespread attacks all over the world

    Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.

    Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.

  • NHS left reeling by cyber-attack: ‘We are literally unable to do any x-rays’

    Thousands of patients across England and Scotland have been in limbo after an international cyber-attack hit the NHS, with many having operations cancelled at the last minute.

    Senior medics sought to reassure patients that they could be seen in the normal way in emergencies, but others were asked to stay away if possible.

    According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. “However much they pretend patient safety is unaffected, it’s not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” the doctor told the Guardian.

  • "Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

    Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries.

Syndicate content

More in Tux Machines

Debian-Based Q4OS Linux Distro to Get a New Look with Debonaire Desktop Theme

Q4OS is a small GNU/Linux distribution based on the latest Debian GNU/Linux operating system and built around the Trinity Desktop Environment (TDE). It's explicitly designed to make the Microsoft Windows to Linux transition accessible and more straightforward as possible for anyone. Dubbed Debonaire, the new desktop theme uses dark-ish elements for the window titlebar and panel. Somehow it resembles the look and feels of the acclaimed Arc GTK+ theme, and it makes the Q4OS operating system more modern than the standard look offered by the Trinity Desktop Environment. Read more

today's leftovers

Software: GIMP, VLC, Cryptsetup, Caprine, KWin and NetworkManager

  • GIMP 2.9.8 Open-Source Image Editor Released with On-Canvas Gradient Editing
    GIMP 2.9.8, a development version towards the major GIMP 2.10 release, was announced by developer Alexandre Prokoudine for all supported platforms, including Linux, Mac, and Windows.
  • GIMP 2.9.8 Released
    Newly released GIMP 2.9.8 introduces on-canvas gradient editing and various enhancements while focusing on bugfixing and stability. For a complete list of changes please see NEWS.
  • It Looks Like VLC 3.0 Will Finally Be Released Soon
    VLC 3.0 is something we've been looking forward to for years and it's looking like that big multimedia player update could be released very soon. Thanks to Phoronix reader Fran for pointing out that VLC 3.0 release candidates have begun to not much attention. VLC 3.0 RC1 was tagged at the end of November and then on Tuesday marked VLC 3.0 RC2 being tagged, but without any official release announcements.
  • cryptsetup 2.0.0
  • Cryptsetup 2.0 Released With LUKS2 Format Support
    A new major release is available of Cryptsetup, the user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes. Cryptsetup 2.0.0 is notable in that it introduces support for the new on-disk LUKS2 format but still retaining support for LUKS(1). The LUKS2 format is security hardened to a greater extent, more extensible than LUKS, supports in-place upgrading from LUKS, and other changes.
  • Caprine – An Unofficial Elegant Facebook Messenger Desktop App
    There is no doubt Facebook is one of the most popular and dynamic social network platform in the modern Internet era. It has revolutionized technology, social networking, and the future of how we live and interact. With Facebook, We can connect, communicate with one another, instantly share our memories, photos, files and even money to anyone, anywhere in the world. Even though Facebook has its own official messenger, some tech enthusiasts and developers are developing alternative and feature-rich apps to communicate with your buddies. The one we are going to discuss today is Caprine. It is a free, elegant, open source, and unofficial Facebook messenger desktop app built with Electron framework.
  • KWin On Wayland Without X11 Support Can Startup So Fast It Causes Problems
    It turns out that if firing up KDE's KWin Wayland compositor without XWayland support, it can start up so fast that it causes problems. Without XWayland for providing legacy X11 support to KDE Wayland clients, the KWin compositor fires up so fast that it can cause a crash in their Wayland integration as KWin's internal connection isn't even established... Yep, Wayland compositors are much leaner and cleaner than the aging X Server code-base that dates back 30+ years, granted most of the XWayland code is much newer than that.
  • NetworkManager Picks Up Support For Intel's IWD WiFi Daemon & Meson Build System
    NetworkManager now has support for Intel's lean "IWD" WiFi daemon. IWD is a lightweight daemon for managing WiFi devices via a D-Bus interface and has been in development since 2013 (but was only made public in 2016) and just depends upon GCC / Glibc / ELL (Embedded Linux Library).

Linux Foundation: Servers, Kubernetes and OpenContrail

  • Many cloud-native hands try to make light work of Kubernetes
    The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last week’s KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes — the favored platform for orchestrating containers (a virtualized method for running distributed applications). The technology needs all the untangling, simplifying fingers it can get. This is also why most in the community are happy to tamp down their competitive instincts to chip away at common difficulties. “You kind of have to,” said Michelle Noorali (pictured), senior software engineer at Microsoft and co-chair of KubeCon + CloudNativeCon North America & Europe 2017. “These problems are really hard.”
  • Leveraging NFV and SDN for network slicing
    Network slicing is poised to play a pivotal role in the enablement of 5G. The technology allows operators to run multiple virtual networks on top of a single, physical infrastructure. With 5G commercialization set for 2020, many are wondering to what extend network functions virtualization (NFV) and software-defined networking (SDN) can help move network slicing forward.
  • Juniper moves OpenContrail's SDN codebase to Linux Foundation
    Juniper Networks has announced its intent to move the codebase for OpenContrail, an open-source network virtualisation platform for the cloud, to the Linux Foundation. OpenContrail provides both software-defined networking (SDN) and security features and has been deployed by various organisations, including cloud providers, telecom operators and enterprises to simplify operational complexities and automate workload management across diverse cloud environments.
  • Juniper moves OpenContrail’s codebase to Linux Foundation, advances cloud approach
    Juniper Networks plans to move the codebase for its OpenContrail open-source network virtualization platform for the cloud to the Linux Foundation, broadening its efforts to drive more software innovations into the broader IT and service provider community. The vendor is hardly a novice in developing open source platforms. In 2013, Juniper released its Contrail products as open sourced and built a user and developer community around the project. To drive its next growth phase, Juniper expanded the project’s governance, creating an even more open, community-led effort.
  • 3 Essential Questions to Ask at Your Next Tech Interview
    The annual Open Source Jobs Report from Dice and The Linux Foundation reveals a lot about prospects for open source professionals and hiring activity in the year ahead. In this year’s report, 86 percent of tech professionals said that knowing open source has advanced their careers. Yet what happens with all that experience when it comes time for advancing within their own organization or applying for a new roles elsewhere?