Language Selection

English French German Italian Portuguese Spanish

Security

Mozilla contributes to FOSS security

Filed under
Moz/FF
Security

Security Leftovers

Filed under
Security
  • University gives in to $20,000 ransomware demand

    Calgary officials agreed to pay the ransom but it will take some time for the encryption keys to be used on all of the university's infected machines, of which there are over 100. The process is time-consuming and it is not yet known if the keys will even work.

  • University of Calgary pays hackers $20,000 after ransomware attack

    A chain of hospitals in Washington, D.C., was hit in March, while a Los Angeles medical centre shelled out $17,000 earlier this year to hackers following a ransomware attack.

  • Unintended Consequences Of Slavery In IT

    Obviously many use That Other OS for valid purposes but few would do so if this incident was on their radar. There are hundreds of such malwares. How many times will the university pay up for permission to use the hardware they own? They’ve already likely paid Intel double the value for their chips, M$, even more for permission to use Intel’s chips and now a steady stream of cyber-criminals.

  • Mikko Hypponen: Real Hackers Don't Wear Hoodies (Cybercrime is Big Business)

    I'll be discussing these topics, and how they apply to open source systems and to service providers further in my keynote ("Complexity: The enemy of Security") at the OPNFV Summit in Berlin on June 22-23. See you in Berlin!

  • Password Re-user? Get Ready to Get Busy

    In the wake of megabreaches at some of the Internet’s most-recognized destinations, don’t be surprised if you receive password reset requests from numerous companies that didn’t experience a breach: Some big name companies — including Facebook and Netflix — are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users.

  • Your mobile phone account could be hijacked by an identity thief

    A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury that spring from identity theft. This post describes my experiences as a victim of ID theft, explains the growing problem of phone account hijacking, and suggests ways consumers and mobile phone carriers can help combat these scams.

  • Belgium tops list of nations most vulnerable to hacking

    A new “heat map of the internet” has revealed the countries most vulnerable to hacking attacks, by scanning the entire internet for servers with their front doors wide open.

  • Australia fourth most vulnerable nation to hacking: study

    Australia ranks fourth among the countries most vulnerable to hacking attacks, according to a study by penetration testing and information security form Rapid7.

    Belgium tops the list, followed by Tajikistan and Samoa.

    The company compiled what it calls a "heat map" of the Internet, looking for servers that had exposed ports that could be compromised.

  • University pays almost $16,000 to recover crucial data held hostage

    Canada's University of Calgary paid almost $16,000 ($20,000 Canadian, ~£10,800) to recover crucial data that has been held hostage for more than a week by crypto ransomware attackers.

    The ransom was disclosed on Wednesday morning in a statement issued by University of Calgary officials. It said university IT personnel had made progress in isolating the unnamed ransomware infection and restoring affected parts of the university network. It went on to warn that there's no guarantee paying the controversial ransom will lead to the lost data being recovered.

Security Leftovers

Filed under
Security
  • WordPress plugin with 10,000+ installations being exploited in the wild

    The attacks have been under way since last Friday and are mainly being used to install porn-related spamming scripts, according to a blog post published Thursday. The underlying vulnerability in WP Mobile Detector came to light on Tuesday in this post. The plugin has since been removed from the official WordPress plugin directory. As of Wednesday, the plugin reportedly had more than 10,000 active installations, and it appears many remained active at the time this post was being prepared.

  • Bad Intel And Zero Verification Leads To LifeLock Naming Wrong Company In Suspected Security Breach

    LifeLock has never been the brightest star in the identity fraud protection constellation. Its own CEO -- with his mouth writing checks others would soon be cashing with his credentials -- expressed his trust in LifeLock's service by publishing his Social Security number, leading directly to 13 separate cases of (successful) identity theft.

    Beyond that, LifeLock was barely a lock. It didn't encrypt stored credentials and had a bad habit of ambulance-chasing reported security breaches in hopes of pressuring corporate victims into picking up a year's worth of coverage for affected customers. This culminated in the FTC ordering it to pay a $12 million fine for its deceptive advertising, scare tactics, and inability to keep its customers' ID info safe.

  • Samba 4.4.4 Fixes a Memory Leak in Share Mode Locking, Adds systemd 230 Support

    Samba 4.4 major branch was launched on March 22, 2016, and it brought support for asynchronous flush requests, several Active Directory (AD) enhancements, a GnuTLS-based backupkey implementation, multiple CTDB (Cluster Trivial Database) improvements, a WINS nsswitch module, as well as experimental SMB3 Multi-Channel support.

  • Printer security: Is your company's data really safe?

    On March 24th of this year, 59 printers at Northeastern University in Boston suddenly output white supremacist hate literature, part of a wave of spammed printer incidents reported at Northeastern and on at least a half dozen other campuses.

    This should be no surprise to anyone who understands today's printer technology. Enterprise-class printers have evolved into powerful, networked devices with the same vulnerabilities as anything else on the network. But since, unlike with personal computers, no one sits in front of them all day, the risks they introduce are too often overlooked.

    "Many printers still have default passwords, or no passwords at all, or ten are using the same password," says Michael Howard, HP's chief security advisor, speaking of what he's seen in the field. "A printer without password protection is a goldmine for a hacker. One of the breaches we often see is a man-in-the-middle attack, where they take over a printer and divert [incoming documents] to a laptop before they are printed. They can see everything the CEO is printing. So you must encrypt."

  • We Asked An Etiquette Expert About Home Security Cameras

    Roughly the size of a soda can, sitting on a bookshelf, and whirring away some 24-hours a day, a relatively innocuous gadget may be turning friends and family away from your home. The elephant in your living room is your Internet-connected security camera, a device people are increasingly using for peace of mind in their homes. But few stop to think about the effect these devices may have on house guests. Should you tell your friends, for instance, that they’re being recorded while you all watch the big game together?

Biometric Authentication Might Come to Some Ubuntu Phones in Future OTAs

Filed under
Security
Ubuntu

Now that most of the Ubuntu Phone and Ubuntu Tablet owners are enjoying the new features implemented by the Canonical's Ubuntu Touch developers in the OTA-11 update released last week, it's time to look forward to the OTA-12.

Canonical already said a few weeks ago that the Ubuntu Touch OTA-12 software update for supported Ubuntu Phone devices, as well as the Ubuntu Tablet, is more about fixes than features, but Łukasz Zemczak's latest report suggests that the Ubuntu Touch devs are preparing the long anticipated fingerprint reader support.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Password app developer overlooks security hole to preserve ads

    Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

    The impact is potentially quite severe, too. An attacker could hijack the update process and deliver malware that would compromise your PC.

  • Protecting your PC from ransomware gets harder with EMET-evading exploit

    Drive-by attacks that install the once-feared TeslaCrypt crypto ransomware are now able to bypass EMET, a Microsoft-provided tool designed to block entire classes of Windows-based exploits.

    The EMET-evading attacks are included in Angler, a toolkit for sale online that provides ready-to-use exploits that can be stitched into compromised websites. Short for Enhanced Mitigation Experience Toolkit, EMET has come to be regarded as one of the most effective ways of hardening Windows-based computers from attacks that exploit security vulnerabilities in both the operating system or installed applications. According to a blog post published Monday by researchers from security firm FireEye, the new Angler attacks are significant because they're the first exploits found in the wild that successfully pierce the mitigations.

    "The level of sophistication in exploit kits has increased significantly throughout the years," FireEye researchers wrote. "Where obfuscation and new zero days were once the only additions in the development cycle, evasive code has now been observed being embedded into the framework and shellcode."

  • Is there a future view that isn't a security dystopia?

    I recently finished reading the book Ghost Fleet, it's not a bad read if you're into what cyberwar could look like. It's not great though, I won't suggest it as the book of the summer. The biggest thing I keep thinking about is I've yet to really see any sort of book that takes place in the future, with a focus on technology, that isn't a dystopian warning. Ghost Fleet is no different.

  • Some work on a VyOS image with Let’s Encrypt certs

Tails 2.4, Edward Snowden's Favorite Anonymous Live CD, Brings Tor Browser 6.0

Filed under
GNU
Linux
Security
Debian

The Tails Project released Tails 2.4, a major version of the anonymous Live CD based on Debian GNU/Linux, which was used by ex-CIA employee Edward Snowden to stay hidden online and protect his privacy.

When compared with the previous release, we can notice that Tails 2.4 includes some big changes, among which we can mention the upgrade to Debian GNU/Linux 8.4 "Jessie" and the inclusion of the recently released Tor Browser 6.0 anonymous browser, which is based on the open-source Mozilla Firefox 45.2 web browser.

Read more

Also: TeX Live 2016 released

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Friday's security updates
  • electrum ssl vulnerabilities

    One full month after I filed these, there's been no activity, so I thought I'd make this a little more widely known. It's too hard to get CVEs assigned, and resgistering a snarky domain name is passe.

    I'm not actually using electrum myself currently, as I own no bitcoins. I only noticed these vulnerabilities when idly perusing the code. I have not tried to actually exploit them, and some of the higher levels of the SPV blockchain verification make them difficult to exploit. Or perhaps there are open wifi networks where all electrum connections get intercepted by a rogue server that successfully uses these security holes to pretend to be the entire electrum server network.

  • Stop it with those short PGP key IDs!

    PGP is secure, as it was 25 years ago. However, some uses of it might not be so.

  • Wolf: Stop it with those short PGP key IDs!
  • There's a Stuxnet Copycat, and We Have No Idea Where It Came From [iophk: "Windows strikes again"]

    After details emerged of Stuxnet, arguably the world's first digital weapon, there were concerns that other hackers would copy its techniques.

    Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware—dubbed IRONGATE by cybersecurity company FireEye—only works in a simulated environment, it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration.

    “In my mind, there is little room to say that these are the same actors,” behind Stuxnet and IRONGATE, Sean McBride, manager at FireEye iSIGHT Intelligence told Motherboard in a phone interview.

    But clearly, and perhaps to be expected, other hackers have paid very close attention to, and copied one of the most powerful pieces of malware ever, raising questions of who else might have decided to see how Stuxnet-style approaches to targeting critical infrastructure can be adapted.

  • Are firewalls still important? Making sense of networking's greatest security layer

    Firewalls have become the forgotten part of security and yet they are still the place an admin reaches goes in a crisis

  • Software Now To Blame For 15 Percent Of Car Recalls

    Apps freezing or crashing, unexpected sluggishness, and sudden reboots are all, unfortunately, within the normal range of behavior of the software in our smartphones and laptops.

    While losing that text message you were composing might be a crisis for the moment, it’s nothing compared to the catastrophe that could result from software in our cars not playing nice.

    Yes, we’re talking about nightmares like doors flying open without warning, or a sudden complete shutdown on the highway.

    The number of software-related issues, according to several sources tracking vehicle recalls, has been on the rise. According to financial advisors Stout Risius Ross (SSR), in their Automotive Warranty & Recall Report 2016, software-related recalls have gone from less than 5 percent of recalls in 2011 to 15 percent by the end of 2015.

  • Effective IT security habits of highly secure companies

    Critics may claim that applying patches “too fast” will lead to operational issues. Yet, the most successfully secure companies tell me they don’t see a lot of issues due to patching. Many say they’ve never had a downtime event due to a patch in their institutional memory.

  • Introducing Security Snake Oil

    It has become quite evident that crowd-funding websites like KickStarter do not take any consideration to review the claims made by individuals in their cyber security products. Efforts made to contact them have gone unanswered and the misleading initiatives continue to be fruitless so as a community, we have to go after them ourselves.

  • CloudFlare is ruining the internet (for me) [iophk: "FB-like bottleneck and control for now available for self-hosted sites"]

    CloudFlare is a very helpful service if you are a website owner and don’t want to deal with separate services for CDN, DNS, basic DDOS protection and other (superficial) security needs. You can have all these services in a one stop shop and you can have it all for free. It’s hard to pass up the offer and go for a commercial solution. Generally speaking, CloudFlare service is as stable as they come, their downtime and service interruption are within the same margin as other similar services, at least to my experience. I know this because I have used them for two of my other websites, until recently.

    But what about the users? If you live in a First World Country then for the most part you probably wouldn’t notice much difference, other than better speed and response time for the websites using CloudFlare services, you will be happy to know that because of their multiple datacenter locations mostly in USA, Canada, Europe and China, short downtimes won’t result in service interruptions for you because you will be automatically rerouted to their nearest CloudFlare data center and they have plenty to go around within the first world countries.

Security Leftovers

Filed under
Security
  • Hackers, your favourite pentesting OS Kali Linux can now be run in a browser
  • Core Infrastructure Initiative announces investment in security tool OWASP ZAP

    The Linux Foundation’s Core Infrastructure Initiative (CII) is continuing its commitment to help fund, support and improve open-source projects with a new investment. The organization has announced it is investing in the Open Web Application Security Project Zed Attack Proxy project (OWASP ZAP), a security tool designed to help developers identify vulnerabilities in their web apps.

  • The Linux Foundation's Core Infrastructure Initiative Invests in Security Tool for Identifying Web Application Vulnerabilities
  • Study Shows Lenovo, Other OEM Bloatware Still Poses Huge Security Risk [Ed: Microsoft Windows poses greater risks. Does Microsoft put back doors in Windows (all versions)? Yes. Does it spy on users? Yes. So why focus only on Asian OEMs all the time?]

    Lenovo hasn't had what you'd call a great track record over the last few years in terms of installing insecure crapware on the company's products. You'll recall that early last year, the company was busted for installing Superfish adware that opened all of its customers up to dangerous man-in-the-middle attacks, then tried to claim they didn't see what all the fuss was about. Not too long after that, the company was busted for using a BiOS trick to reinstall its bloatware on consumer laptops upon reboot -- even if the user had installed a fresh copy of the OS.

    Now Lenovo and its bloatware are making headlines once again, with the news that the company's "Accelerator Application" software makes customers vulnerable to hackers. The application is supposed to make the company's other bloatware, software, and pre-loaded tools run more quickly, but Lenovo was forced to issue a security advisory urging customers to uninstall it because it -- you guessed it -- opened them up to man-in-the-middle attacks.

Canonical Patches ImageTragick Exploit in All Supported Ubuntu OSes, Update Now

Filed under
Security
Ubuntu

Today, June 2, 2016, Canonical published an Ubuntu Security Notice to inform the community about an important security update to the ImageMagick packages for all supported Ubuntu OSes.

Read more

Syndicate content

More in Tux Machines

Chakra GNU/Linux Users Get KDE Plasma 5.7.2, Qt 5.7 and KDE Applications 16.04.3

Chakra GNU/Linux developer Neofytos Kolokotronis today, July 25, 2016, announced the release of the latest KDE and Qt technologies, along with new software versions in the main repositories of the Linux kernel-based operating system. Read more

In a Quiet Market for PCs, Chromebooks are Marching Steadily Forward

It's no secret that Chrome OS has not been the same striking success for Google that the Android OS has been. And yet, Chromebooks--portable computers running the platform--have not only found their niche, but they are also introducing a new generation to cloud computing. Chromebooks are firmly entrenched in the education market, where many young users have become used to the convention of storing apps and data in the cloud. Now, according to new research from Gartner, Chromebooks are ready to hit new milestones. Analysts there report that Chromebook shipment growth will be in the double digits this year. At the same time, though, Chromebooks have not become fixtures in the enterprise, replacing Windows PCs. Read more

Server Administration

  • SysAdmins With Open Source Skills Are In Demand
    System administrators play a crucial role in businesses today. They are the individuals responsible for the configuration, support and maintenance of company computer systems and servers. For this reason, they are a popular hiring request, with defense and media companies alike looking for these professionals on Dice. Yet, despite the ongoing demand, finding and recruiting system administrators may be more of a challenge. Data from the U.S. Bureau of Labor Statistics (BLS) found that the quarterly unemployment rate for system administrators was 0.6%, well below the national quarterly average (4.9%) and the quarterly average for all tech professionals (2.1%). Employers thus need to focus more of their recruitment strategies on poaching this talent from competitors.
  • One Phrase Sysadmins Hate to Hear (And How to Avoid It)
    A few years later, sysarmy, the local IT community, was born as the "Support for those who give support." And in that spirit, for this 8th AdminFest edition, we want to do exactly that: support those who help others in our Q&A platform, sysarmy.com/help. Each 500 points a participant earns, he/she gets a free drink in return!
  • DevOps'n the Operating System
    John Willis takes a brief look at the history of how Devops principles and operating systems have converged. He spends most of the time forward looking at what and how unikernels will converge with Devops tools, processes and culture. He ends with a demo of how containers, unikernels and Devops ideas can work together in the future.
  • 5 reasons system administrators should use revision control
    Whether you're still using Subversion (SVN), or have moved to a distributed system like Git, revision control has found its place in modern operations infrastructures. If you listen to talks at conferences and see what new companies are doing, it can be easy to assume that everyone is now using revision control, and using it effectively. Unfortunately that's not the case. I routinely interact with organizations who either don't track changes in their infrastructure at all, or are not doing so in an effective manner. If you're looking for a way to convince your boss to spend the time to set it up, or are simply looking for some tips to improve how use it, the following are five tips for using revision control in operations.

Kernel Space/Linux