Language Selection

English French German Italian Portuguese Spanish

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

More in Tux Machines

Wine and Games for GNU/Linux

  • Wine 3.13 is out as well as DXVK 0.63 for D3D11 with Vulkan
    First of all the latest Wine development release is out with Wine 3.13 and on top of that DXVK for Vulkan-based D3D11 in Wine also release version 0.63.
  • Feral's GameMode 1.2 Released For Optimizing Linux Gaming
    For what just started out as a tool to ensure you are using the "performance" frequency scaling governor when running Linux games, Feral's open-source GameMode system tool has slowly been picking up some extra functionality. Out this weekend is Feral GameMode 1.2 as the newest release. GameMode 1.2 adds configuration options about the default and desired governors, now supports soft real-time scheduling on kernels with SCHED_ISO support and will then use renice to boost games to a higher priority, the GameMode service is now D-Bus activated than needing to be explicitly enabled by systemd, and the GameMode libraries are now properly versioned.
  • Stardew Valley multiplayer just got a PC release date
    Since the moment Stardew Valley launched back in 2016, multiplayer has been one of the most anticipated additions to the games. After a period of beta testing, it’s nearly ready to roll out on PC, Mac, and Linux. While it probably isn’t going to look a lot different from the beta that’s currently available, this is exciting news for more reasons than one.
  • Multiplayer is coming to ‘Stardew Valley’ on PC, Mac and Linux
    According to a tweet from Eric Barone (@ConcernedApe), the sole developer behind Stardew Valley, the feature is coming to the lighthearted farming game on August 1st. Along with the release date, the game’s developer also released a new trailer for the feature (see it above).
  • 'Stardew Valley' multiplayer arrives on PC, Mac and Linux August 1st

Android Leftovers

Jonathan Dieter: Small file performance on distributed filesystems - Round 2

Last year, I ran some benchmarks on the GlusterFS, CephFS and LizardFS distributed filesystems, with some interesting results. I had a request to redo the test after a LizardFS RC was released with a FUSE3 client, since it is supposed to give better small file performance. I did have a request last time to include RozoFS, but, after a brief glance at the documentation, it looks like it requires a minimum of four servers, and I only had three available. I also looked at OrangeFS (originally PVFS2), but it doesn’t seem to provide replication, and, in preliminary testing, it was over ten times slower than the alternatives. NFS was tested and its results are included as a baseline. I once again used compilebench, which was designed to emulate real-life disk usage by creating a kernel tree, reading all the files in the tree, simulating a compile of the tree, running make clean, and finally deleting the tree. The test was much the same as last time, but with one important difference. Last time, the clients were running on the same machines that were running the servers. LizardFS benefited hugely from this as it has a “prefer local chunkserver” feature that will skip the network completely if there’s a copy on the local server. This time around, the clients were run on completely separate machines from the servers, which removed that advantage for LizardFS, but which I believe is a better reflection on how distributed filesystems are generally used. I would like to quickly note that there was very little speed difference between LizardFS’s FUSE2 and FUSE3 clients. The numbers included are from the FUSE3 client, but they only differed by a few percentage points from the FUSE2 client. Read more

GNOME 3.30 Desktop Environment to Enter Beta on August 1, GNOME 3.29.4 Is Out

With a two-day delay, the GNOME Project through Javier Jardón announced today the release of the fourth and last development snapshot of the GNOME 3.30 desktop environment before it enters beta testing next month, GNOME 3.29.4, which continues to add improvements to various of GNOME's core components and applications. However, due to the summer vacation and the GUADEC conference, GNOME 3.29.4 isn't a major snapshot as many would have expected. It only adds some minor changes and bug fixes to a handful of components, including GNOME Shell, Mutter, Evolution, GNOME Photos, GNOME Builder, GNOME Online Accounts, Polari, Bijiben, Evince, Epiphany, Baobab, GNOME Control Center, and File Roller. Read more Also: GNOME 3.29.4 Released As Another Step Towards GNOME 3.30