Language Selection

English French German Italian Portuguese Spanish

Security

Security: SEC Breach, DNSSEC, FinFisher, CCleaner and CIA

Filed under
Security

Security: Apple's Betrayal, Intel ME Back Doors Backfire, and Optionsbleed

Filed under
Security
  • iOS 11 Muddies WiFi and Bluetooth Controls

    Turning WiFi and Bluetooth off is often viewed as a good security practice. Apple did not rationalize these changes in behavior.

  • How To Hack A Turned-Off Computer, Or Running Unsigned Code In Intel Management Engine

    Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer, and the ability to execute third-party code allows compromising the platform completely. Researchers have been long interested in such "God mode" capabilities, but recently we have seen a surge of interest in Intel ME. One of the reasons is the transition of this subsystem to a new hardware (x86) and software (modified MINIX as an operating system) architecture. The x86 platform allows researchers to bring to bear all the power of binary code analysis tools.

  • Optionsbleed: Don’t get your panties in a wad

    To be honest, this isn’t the first security concern you’ve run in to, and it isn’t the first security issue you’re vulnerable to, that will remain exploitable for quite some time, until after someone you rely on fixed the issue for you, meanwhile compromising your customers.

    [...]

    Is it a small part of the SSL public key? A small part of the web request response? A chunk of the path to the index.php? Or is it a chunk of the database password used? Nobody knows until you get enough data to analyse the results of all data. If you can’t appreciate the maths behind analysing multiple readings of 8 arbitrary bytes, choose another career. Not that I know what to do and how to do it, by the way.

Security: Patches, CCleaner, Equifax Story Changes, 'Trusted IoT Alliance', Kali Linux 2017.2 and NBN

Filed under
Security

Security: SEC Cracked, Back Doors in Manchester Police, NBN Scans, and Securing Wi-Fi

Filed under
Security
  • SEC reveals it was hacked, information may have been used for illegal stock trades
  • Manchester Police still runs Windows XP on 20 per cent of PCs

    The Met has recently signed a deal with storage company Box which will, amongst other things, reduce the amount of data held locally.

  • Manchester police still relies on Windows XP [Ed: update below]

    The BBC has appealed against its refusal to provide an update.

  • NBN leverages open source software to analyse faults

    A new NBN initiative will use a range of open source projects including Apache SPARK, Kafka, Flume, Cassandra and JanusGraph to help analyse and improve the end user experience on the National Broadband Network.

    The government-owned company today announced it was launching a new ‘Tech Lab’, which it hopes will provide insights into pain points for customers on its network and help resolve faults sooner.

  • 5 Ways to Secure Wi-Fi Networks

    Wi-Fi is one entry-point hackers can use to get into your network without setting foot inside your building because wireless is much more open to eavesdroppers than wired networks, which means you have to be more diligent about security.

    But there’s a lot more to Wi-Fi security than just setting a simple password. Investing time in learning about and applying enhanced security measures can go a long way toward better protecting your network. Here are six tips to betters secure your Wi-Fi network.

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Filed under
Linux
Security

Slack is distributing open Linux-based versions of its technology that are not digitally signed, contrary to industry best practice.

The absence of a digital signature creates a means for miscreants to sling around doctored versions of the software that users wouldn't easily be able to distinguish from the real thing.

El Reg learned of the issue from reader Trevor Hemsley, who reported the problem to Slack back in August and only notified the media after a promised fix failed to appear.

Security: Equifax, Kodi, Infrared, and Windows XP in 2017

Filed under
Security
  • Safer but not immune: Cloud lessons from the Equifax breach
  • Warning: If you are using this Kodi repository, you could be in danger

    Kodi is quite possibly the best media center software of all time. If you are looking to watch videos or listen to music, the open source solution provides an excellent overall experience. Thanks to its support for "addons," it has the potential to become better all the time. You see, developers can easily add new functionality by writing an addon for the platform. And yes, some addons can be used for piracy, but not all of them are. These addons, such as Exodus and Covenant, are normally added using a repository, which hosts them.

    [...]

    We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry.

  • Infrared signals in surveillance cameras let malware jump network air gaps

    The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks.

    The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.

  • Manchester police still relies on Windows XP

    England's second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July.
    Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used.
    Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk.
    The figure was disclosed as part of a wider Freedom of Information request.
    "Even if security vulnerabilities are identified in XP, Microsoft won't distribute patches in the same way it does for later releases of Windows," said Dr Steven Murdoch, a cyber-security expert at University College London.

Security: WordPress 4.8.2, CCleaner 5.33, Apache Patch and Cryptocurrencies

Filed under
Security
  • WordPress 4.8.2 Security and Maintenance Release

    WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

  • Attack on CCleaner Highlights the Importance of Securing Downloads and Maintaining User Trust

    Some of the most worrying kinds of attacks are ones that exploit users’ trust in the systems and softwares they use every day. Yesterday, Cisco’s Talos security team uncovered just that kind of attack in the computer cleanup software CCleaner. Download servers at Avast, the company that owns CCleaner, had been compromised to distribute malware inside CCleaner 5.33 updates for at least a month. Avast estimates that over 2 million users downloaded the affected update. Even worse, CCleaner’s popularity with journalists and human rights activists means that particularly vulnerable users are almost certainly among that number. Avast has advised CCleaner Windows users to update their software immediately.

    This is often called a “supply chain” attack, referring to all the steps software takes to get from its developers to its users. As more and more users get better at bread-and-butter personal security like enabling two-factor authentication and detecting phishing, malicious hackers are forced to stop targeting users and move “up” the supply chain to the companies and developers that make software. This means that developers need to get in the practice of “distrusting” their own infrastructure to ensure safer software releases with reproducible builds, allowing third parties to double-check whether released binary and source packages correspond. The goal should be to secure internal development and release infrastructure to that point that no hijacking, even from a malicious actor inside the company, can slip through unnoticed.

  • Apache bug leaks contents of server memory for all to see—Patch now

    There's a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, a freelance journalist has disclosed.

    The vulnerability can be triggered by querying a server with what's known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory. Patches are available here and here.

  • The Pirate Bay Takes Heat for Testing Monero Mining

    Cryptocurrencies usually are mined with CPU power initially, she told LinuxInsider. Users then find ways to speed up the hashing before going to GPU. They build specialized hardware and field programmable gate array (FPGA) chips to carry out the hashing function in order to mine much faster.

    [...]

    The notion that The Pirate Bay effectively would borrow resources from its own users is not the problem, suggested Jessica Groopman, principal analyst at Tractica.

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Filed under
Security
Ubuntu

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices.

The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5.

Read more

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

Filed under
Security
  • Security updates for Tuesday
  • The 2017 Linux Security Summit

    The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all!

    Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.

  • Key Considerations for Software Updates for Embedded Linux and IoT

    The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today.

    Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.

  • APNIC-sponsored proposal could vastly improve DNS resilience against DDoS

Wikileaks Releases Spy Files Russia, CCleaner Infected, Equifax Has a Dirty Little Secret

Filed under
Security
  • Spy Files Russia

    This publication continues WikiLeaks' Spy Files series with releases about surveillance contractors in Russia.

    While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia's laws - especially the new Yarovaya Law - make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities (SIAs) without court orders. Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.

  • Malware-Infected CCleaner Installer Distributed to Users Via Official Servers for a Month

    Hackers have managed to embed malware into the installer of CCleaner, a popular Windows system optimization tool with over 2 billion downloads to date. The rogue package was distributed through official channels for almost a month.

    CCleaner is a utilities program that is used to delete temporary internet files such as cookies, empty the Recycling Bin, correct problems with the Windows Registry, among other tasks. First released in 2003, it has become hugely popular; up to 20 million people download it per month.

    Users who downloaded and installed CCleaner or CCleaner Cloud between Aug. 15 and Sept. 12 should scan their computers for malware and update their apps. The 32-bit versions of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected.

  • Equifax Suffered a Hack [sic] Almost Five Months Earlier Than the Date It Disclosed
  • This is why you shouldn’t use texts for two-factor authentication

    For a long time, security experts have warned that text messages are vulnerable to hijacking — and this morning, they showed what it looks like in practice.

Syndicate content

More in Tux Machines