Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Cisco kills leaked CIA 0-day that let attackers commandeer 318 switch models

    As previously reported, the zero-day exploit allowed attackers to issue commands that remotely execute malicious code on 318 models of Cisco switches. The attack code was published in early March by WikiLeaks as part of its Vault7 series of leaks, which the site is billing as the largest publication of intelligence documents ever.

    The bug resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on internal networks. It stems from a failure to restrict telnet options to local communications and the incorrect processing of malformed CMP-only telnet options.

  • Open source password strength meter could help boost account security

    It's no secret that most people are rubbish at choosing passwords -- it's something that's proved time and time again when the annual list of common passwords is released. To help overcome the problem, and hopefully increase the security of people's accounts, a team of researchers from the Carnegie Mellon University and the University of Chicago have created an open source password meter that provides advice about how to strengthen a password.

  • Apache OpenOffice: Not dead yet, you'll just have to wait until mid-May for mystery security fixes
  • NIST to security admins: You've made passwords too hard

    Despite the fact that cybercriminals stole more than 3 billion user credentials in 2016, users don't seem to be getting savvier about their password usage. The good news is that how we think about password security is changing as other authentication methods become more popular.

  • Google Docs Phishing Scam a Game Changer

More in Tux Machines

Oracle: New VirtualBox 5.2 Beta, SPARC M8 Processors Launched

  • VirtualBox 5.2 to Let Users Enable or Disable Audio Input and Output On-the-Fly
    Oracle announced new updates for its popular, cross-platform and open-source virtualization software, the third Beta of the upcoming VirtualBox 5.2 major release and VirtualBox 5.1.28 stable maintenance update. We'll start with the stable update, VirtualBox 5.1.28, as it's more important for our readers using Oracle VM VirtualBox for all of their virtualization needs. The VirtualBox 5.1 maintenance release 28 is here to improve audio support by fixing various issues with both the ALSA and OSS backends, as well as an accidental crash with AC'97.
  • SPARC M8 Processors Launched
    While Oracle recently let go of some of their SPARC team, today marks the launch of the SPARC M8. The initial SPARC M8 line-up includes the T8-1, T8-2, T8-4. M8-8, and SuperCluster M8-8 servers.

Wikileaks Releases Spy Files Russia, CCleaner Infected, Equifax Has a Dirty Little Secret

  • Spy Files Russia
    This publication continues WikiLeaks' Spy Files series with releases about surveillance contractors in Russia. While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia's laws - especially the new Yarovaya Law - make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities (SIAs) without court orders. Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.
  • Malware-Infected CCleaner Installer Distributed to Users Via Official Servers for a Month
    Hackers have managed to embed malware into the installer of CCleaner, a popular Windows system optimization tool with over 2 billion downloads to date. The rogue package was distributed through official channels for almost a month. CCleaner is a utilities program that is used to delete temporary internet files such as cookies, empty the Recycling Bin, correct problems with the Windows Registry, among other tasks. First released in 2003, it has become hugely popular; up to 20 million people download it per month. Users who downloaded and installed CCleaner or CCleaner Cloud between Aug. 15 and Sept. 12 should scan their computers for malware and update their apps. The 32-bit versions of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected.
  • Equifax Suffered a Hack [sic] Almost Five Months Earlier Than the Date It Disclosed
  • This is why you shouldn’t use texts for two-factor authentication

    For a long time, security experts have warned that text messages are vulnerable to hijacking — and this morning, they showed what it looks like in practice.

Amazon Changes Rental ('Cloud') Model on GNU/Linux

Devices/Hardware: Embedded/Boards, CODESYS, and EPYC Linux Performance

  • Linux friendly IoT gateway runs on 3.5-inch Bay Trail SBC
    While the MB-80580 SBC lists SATA II, the gateway indicates SATA III. Also, the gateway datasheet notes that the RS232 ports can all be redirected to RS232/422/485. Software includes Windows IoT Core and Server, as well as Yocto, Ubuntu Snappy Core, and CentOS Linux distributions.
  • Rugged panel PC scales up to a 19-inch touchscreen
    The fanless, IP65-rated WinSystems “PPC65B-1x” panel PC runs Linux or Win 10 on a quad-core Atom E3845, and offers 10.4 to 19-inch resistive touchscreens.
  • CODESYS announces CODESYS-compatible SoftPLC for open Linux device platforms
  • EPYC Linux performance from AMD
    Phoronix have been hard at work testing out AMD's new server chip, specifically the 2.2/2.7/3.2GHz EPYC 7601 with 32 physical cores.  The frequency numbers now have a third member which is the top frequency all 32 cores can hit simultaneously, for this processor that would be 2.7GHz.  Benchmarking server processors is somewhat different from testing consumer CPUs, gaming performance is not as important as dealing with specific productivity applications.   Phoronix started their testing of EPYC, in both NUMA and non-NUMA configurations, comparing against several Xeon models and the performance delta is quite impressive, sometimes leaving even a system with dual Xeon Gold 6138's in the dust.  They also followed up with a look at how EPYC compares to Opteron, AMD's last server offerings.  The evolution is something to behold.
  • Opteron vs. EPYC Benchmarks & Performance-Per-Watt: How AMD Server Performance Evolved Over 10 Years
    By now you have likely seen our initial AMD EPYC 7601 Linux benchmarks. If you haven't, check them out, EPYC does really deliver on being competitive with current Intel hardware in the highly threaded space. If you have been curious to see some power numbers on EPYC, here they are from the Tyan Transport SX TN70A-B8026 2U server. Making things more interesting are some comparison benchmarks showing how the AMD EPYC performance compares to AMD Opteron processors from about ten years ago.