Language Selection

English French German Italian Portuguese Spanish

Server: CentOS, MitM, Ceph, Kubernetes and Linux Bashing

Filed under
Server
  • Learn CentOS Part 11 - Installing and removing Packages

    In the "Learn CentOS" series, you'll learn all the skills you'll need to know to manage real servers and get you on your way to mastering the art of Linux administration.

  • How to avoid man-in-the-middle cyber attacks

    Remember, you don't have to click anything online right away, and you don't have to follow random people's instructions, no matter how urgent they may seem. The internet will still be there after you step away from the computer and verify the identity of a person or site demanding your attention.

    While MITM attacks can happen to anyone, understanding what they are, knowing how they happen, and actively taking steps to prevent them can safeguard you from being a victim.

  • Another perspective on Swift versus Ceph today

    Mark's perspective is largely founded in the fault tolerance and administrative overhead. However, let's a look at "keep using [Ceph] for object too".

    Indeed the integration of block, POSIX, and object storage is Ceph's strength, although I should note for the record that Ceph has a large gap: all 3 APIs live in separate namespaces. So, do not expect to be able to copy a disk snapshot through CephFS or RGW. Objects in each namespace are completely invisible to two others, and the only uniform access layer is RADOS. This is why, for instance, RGW-over-NFS exists. That's right, not CephFS, but NFS. You can mount RGW.

    All attempts at this sort of integration that I know in Swift always start with a uniform access first. It the opposite of Ceph in a way. Because of that, these integrations typically access from the edge inside, like making a pool that a daemon fills/spills with Swift, and mounting that. SwiftStacks's ProxyFS is a little more native to Swift, but it starts off with a shared namespace too.

  • API Priority and Fairness Alpha

    This blog describes “API Priority And Fairness”, a new alpha feature in Kubernetes 1.18. API Priority And Fairness permits cluster administrators to divide the concurrency of the control plane into different weighted priority levels. Every request arriving at a kube-apiserver will be categorized into one of the priority levels and get its fair share of the control plane’s throughput.

  • BlackBerry: Chinese cybercriminals target high-value Linux servers with weak defenses [Ed: To CBS, servers that are improperly maintained or set up are "Linux"; if it's something Windows, they won't even specify the platform and won't blame Microsoft.]

More of this FUD

When ZDNet covers "Linux"...

The headlines that omit Windows

  • Linux Servers Under Attack for a Decade

    The "Decade of the RATs Research Report," published today by BlackBerry, reveals how five Chinese APT groups targeted Linux servers, Windows systems, and mobile devices running Android in a prolonged cross-platform attack.

    Researchers said that they are confident that the APT groups "are likely comprised of civilian contractors working in the interest of the Chinese government who readily share tools, techniques, infrastructure, and targeting information with one another and their government counterparts."

Not blaming just "Linux"

  • BlackBerry uncovers hacker tools that it says opened data servers for a decade

    It says the tactics give the hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system, which is used on most of the world’s web servers and cloud servers.

    [...]

    But, he said, BlackBerry asserts that the security industry has missed a major component of tactics used by a well-established hacker umbrella group known as WINNIT, which the company says works with China’s government.

    “As an industry, we’ve tended to focus too much on Windows-based devices because they make up the lion’s share of the devices out there,” Cornelius said.

    “But the adversaries are determined and dedicated and . . . they find any opportunity and, in this case, we’ve called out some really novel techniques they’ve used against Linux and even the Android operating system to accomplish their goals.”

    Cornelius said the point of these China-backed hacking campaigns is to exfiltrate, or steal, information that the United States has claimed is worth “multiple billions of dollars” in intellectual property.

More of this and beyond

Dark Nexus: evolving IoT botnet targets variety of devices

  • Dark Nexus: evolving IoT botnet targets variety of devices

    Security researchers are tracking a new botnet that has been in rapid development for the past several months and targets embedded devices with binaries that are cross-compiled for 12-CPU architectures.

    According to a new report from security vendor Bitdefender, the Dark Nexus botnet borrows ideas and features from previously successful IoT threats like Qbot and Mirai, but is largely an original creation by an established malware developer who advertises distributed denial-of-service (DDoS) services on YouTube and other social media websites.

    The bot client is cross-compiled for 12-CPU architectures, which means it can infect a wide variety of devices including routers, digital video recorders (DVRs) and surveillance cameras. Recent versions also deploy a SOCKSv5 proxy on the compromised systems, allowing hackers to tunnel malicious traffic through them in addition to abusing them in DDoS attacks.

More on BlackBerry

  • BlackBerry uncovers China-backed hacking campaign on Linux servers

    BlackBerry Ltd. says it has uncovered how China-backed hackers have been able to extract data from many of the world’s servers for a decade without being noticed.

    BlackBerry executive Eric Cornelius says the hackers have been skilful in disguising some of their software tools to appear like advertising software that poses a low-level security risk.

  • APTs infiltrated Linux servers undetected for nearly 10 years

    New research from BlackBerry painted a bleak picture for Linux security.

    BlackBerry on Tuesday published a report called "Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android" that showcased how five related advanced persistent threat (APT) groups connected to the Chinese government have targeted Linux, Windows and Android devices for years.

Want to stay under the radar for a decade or more?

  • Want to stay under the radar for a decade or more? This Chinese hacking crew did it... by aiming for Linux servers

    A group of hackers operating as an offshoot of China's Winnti group managed to stay undetected for more than a decade by going open source.

    A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux servers, plus the occasional Windows Server box and mobile device, for years.

    "The APT groups examined in this report have traditionally pursued different objectives and focused on a wide array of targets," BlackBerry noted.

    China's Winnti hackers (apparently): Forget the money, let's get political and start targeting Hong Kong students for protest info
    READ MORE

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.