Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Accenture, Microsoft and More

Filed under
Security
  • Security updates for Wednesday
  • Accenture left a huge trove of highly sensitive data on exposed servers

    Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers.

  • Crypto Anchors: Exfiltration Resistant Infrastructure

    The obvious way to implement a tokenization service is to generate a random token and store a mapping of that token and a one-way hash of the sensitive piece of data.

    Unfortunately, the maximum number of possible SSNs is just under 1 billion, making it trivial for an attacker that downloads the database to brute-force them offline.

  • Detecting DDE in MS Office documents

    Dynamic Data Exchange is an old Microsoft technology that can be (ab)used to execute code from within MS Office documents. Etienne Stalmans and Saif El-Sherei from Sensepost published a blog post in which they describe how to weaponize MS Office documents.

  • Stack Overflow Considered Harmful?

    What proportion of Android apps in the Play store include security-related code snippets copied directly from Stack Overflow? Does the copied code increase or decrease application security?

  • ‘UK teen almost hacking US officials a serious concern for American security’

    It should be very concerning for the US security services that a teenager almost got to access to private information of top officials, including that of the CIA chief, as other hackers might actually do some real harm, Mark Chapman of the UK Pirate Party believes.

    British teenager Kane Gamble pleaded guilty to trying to hack top US officials’ personal computers.

    Gamble is autistic and was only 15 years old when he attempted to hack the computers of former CIA chief John Brennan and the head of security of the Obama administration. He was released on bail and is due to be sentenced by a British regional court in December.

More in Tux Machines

Linux 4.15 RC3

  • Linux 4.15-rc3
    Another week, another rc. I'm not thrilled about how big the early 4.15 rc's are, but rc3 is often the biggest rc because it's still fairly early in the calming-down period, and yet people have had some time to start finding problems. That said, this rc3 is big even by rc3 standards. Not good. Most of the changes by far are drivers (with a big chunk of it being just syntactic changes for some doc warnings) with some perf tooling updates also being noticeable. But there are changes all over: core kernel and networking, kvm, arch updates and Documentation. Anyway, I sincerely hope that things are really starting to calm down now. Also, there's a known issue with x86 32-bit suspend/resume that I just didn't get a good patch for in time for this rc. Soon. Shortlog appended. Linus
  • Linux Kernel 4.15 Gets Another Big RC, Linus Torvalds Says It's Not Good at All
    Linux Torvalds announced a few moments ago the release and immediate availability for download of the third Release Candidate (RC) milestone of the upcoming Linux 4.15 kernel series for Linux-based operating systems. If last week's RC2 was a "bigger than expected" one, than this week the Linux 4.15 kernel saw even more patches and it just got a quite bit RC3 milestone, which Linus Torvalds says it's big even by RC3 standards and it isn't a good sign for the development cycle, which could be pushed to the end of January 2018. "I'm not thrilled about how big the early 4.15 RCs are, but RC3 is often the biggest RC because it's still fairly early in the calming-down period, and yet people have had some time to start finding problems. That said, this RC3 is big even by RC3 standards. Not good," said Linus Torvalds in the mailing list announcement.
  • Linux 4.15-rc3 Kernel Released
    Linus Torvalds has announced the third weekly test release of the upcoming Linux 4.15 kernel. It's been a rather busy week in the Linux kernel space considering the RC3 space. The level of activity has frighten Linus, but there are still 5~6 weeks left before declaring the Linux 4.15.0 kernel as stable.

The importance of Devuan

Yes, you read right: too expensive. While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd. Our objective is to create a great, easy-to-use platform for VM hosting, not to walk a tightrope. Read more

Review: heads 0.3.1

heads is a live Linux distribution which can be run from a DVD or USB thumb drive. The distribution connects to the Internet through the Tor network. This helps protect the identity and location of the person using heads. The heads distribution is very similar to its popular sibling, Tails, in its mission, but heads has some special characteristics which set it apart. The heads distribution is based on Devuan while Tails is based on Debian, which means heads uses the SysV init software rather than systemd. The heads project is also dedicated to shipping a distribution which features free software only, as the heads website explains:

Non-free software can not be audited and as such cannot guarantee you security or anonymity. On the other hand, with heads you only use free software, meaning you can gain access to any source code that is included in heads, at any time. Using free software it is far easier to avoid hidden backdoors and malware that might be in non-free software.
heads is available in a single edition which is 831MB in size. When booting from the project's ISO, we are given the option of booting heads normally from the disc or loading the distribution into RAM. The latter option frees up our removable drive and can make applications load faster after the initial boot process has completed. The distribution boots to a command line interface and automatically logs us in as a user called luther. On the screen we are shown the root account's password along with commands we can run to launch a graphical interface. The default shell for the luther account is zsh, a less common shell than bash, but often loved for its additional features. heads ships with the Awesome and Openbox window managers and we can choose which one we wish to launch from the command line. I focused on using Openbox during my trial. Read more

Debian GNU/Linux 9.3 "Stretch" Live, Installable ISOs Now Available to Download

The Debian CD team was pretty quick to bake all those ISO images in less than 24 hours, and users can now download Debian GNU/Linux 9.3 "Stretch" as live and installable ISOs for a wide range of architectures if they were planning on reinstalling their Debian PCs or deploy the OS on new computers. Debian GNU/Linux 9.3 "Stretch" is currently supported on no less than 10 hardware architectures, including 32-bit (i386), 64-bit (amd64), ARM64 (AArch64), Armel, ARMhf, MIPS, Mipsel, MIPS64el (MIPS 64-bit Little Endian), PPC64el (PowerPC 64-bit Little Endian), and s390x (IBM System z).