Security News
-
Friday's security updates
-
World’s first hack-proof Wi-Fi router with open source firmware is here
Turris Omnia WiFi Router, the world’s first hack-proof router with open source firmware launched yesterday at the CES Unveiled Show in Prague, Czech Republic.
-
Open-source hack-proof router aims to close cyber security gap
Routers are the gateway of every home internet network. Yet, while many computers run antivirus software, little has been done thus far to protect routers against cyber threats. A new device, described as the world’s first hack-proof router, was launched on Thursday at the CES Unveiled Show in Prague.
The main strength of the Turris Omnia router, a spin-out of a cyber security research project by Czech Republic’s domain administrator NIC.cz, is the fact that it automatically updates and patches vulnerabilities as they become known.
-
Adding a phone number to your Google account can make it LESS secure.
Recently, account takeovers, email hacking, and targeted phishing attacks have been all over the news. Hacks of various politicians, allegedly carried out by Russian hackers, have yielded troves of data. Despite the supposed involvement of state-sponsored agents, some hacks were not reliant on complex zero-day attacks, but involved social engineering unsuspecting victims. These kinds of attacks are increasingly likely to be used against regular people. This recently happened to a friend of mine:
Two weeks ago, an ex-colleague (actually, my officemate at Google way back in 2002) — let’s call him Bob — had his Google account compromised while on vacation in Hawaii. With his primary email account compromised, the attacker could have:
-
“Dirty COW”, the most dangerous Linux Bug for the last 9 years
Red Hat, the leading open source software developer firm, has revealed that Linux Kernel has been infected with a serious bug for the past 9 years. The bug has been dubbed as Dirty Cow. It is deemed dangerous because through this bug, an attacker can get write access to read-only memory.
-
Serious Dirty COW bug leaves millions of Linux users vulnerable to attack
-
Rigging the Election
When Dorothy discovers fraud in the land of Oz, she is told by the Wizard, "Don't look behind the curtain." But she does. In America, we demand truth and accountability in so many aspects of our daily lives, and yet somehow there's little public outcry for transparency within voting, the sacred cornerstone of our democracy. For the most part, we sleep soundly under the blanket of assurances from government officials. FBI Director James Comey even attempted a spin of irony recently, noting that our "clunky" voting process actually makes wholesale rigging more difficult. However, Comey misses the bigger picture.
[...]
Hardly anyone uses the same computer from 12 years ago, yet large sections of the country currently vote on aging electronic systems which utilize proprietary software that cannot be publicly examined. Unverifiable technology remains deployed in 29 states – including Pennsylvania, Ohio, Florida – and other key battleground states, which may determine our next president. Races in these areas are not evidence based, and consequently, we cannot be certain ballots reflect voter intent. Bereft of such knowledge, how can we put faith in the legitimacy of our government?
-
Cyber attack: hackers 'weaponised' everyday devices with malware to mount assault
The huge attack on global internet access, which blocked some of the world’s most popular websites, is believed to have been unleashed by hackers using common devices like webcams and digital recorders.
Among the sites targeted on Friday were Twitter, Paypal and Spotify. All were customers of Dyn, an infrastructure company in New Hampshire in the US that acts as a switchboard for internet traffic.
Outages were intermittent and varied by geography, but reportedly began in the eastern US before spreading to other parts of the country and Europe.
Users complained they could not reach dozens of internet destinations, including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.
-
Homeland Security Is ‘Investigating All Potential Causes’ of Internet Disruptions
Cyber attacks targeting a little known internet infrastructure company, Dyn, disrupted access to dozens of websites on Friday, preventing some users from accessing PayPal, Twitter and Spotify.
It was not immediately clear who was responsible for the outages that began in the Eastern United States, and then spread to other parts of the country and Western Europe.
The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, the Wall Street Journal and Yelp.
-
Blame the Internet of Things for Destroying the Internet Today
A massive botnet of hacked Internet of Things devices has been implicated in the cyberattack that caused a significant internet outage on Friday.
The botnet, which is powered by the malware known as Mirai, is in part responsible for the attack that intermittently knocked some popular websites offline, according to Level 3 Communications, one of the world’s largest internet backbone providers, and security firm Flashpoint.
“We are seeing attacks coming from a number of different locations. We’re seeing attacks coming from an Internet of Things botnet that we identified called Mirai, also involved in this attack,” Dale Drew, chief security officer at Level 3 Communications, said on a livestream on Friday afternoon.
-
How to Understand Today’s Internet Outage in 4 Words
A massive DDoS attack against a major DNS service likely using a botnet of IoT devices resulted in Internet issues across the eastern United States Friday, making it hard for many users to access their favorite sites.
Phew. That’s a lot of acronyms.
-
IoT Can Never Be Fixed
This title is a bit click baity, but it's true, not for the reason you think. Keep reading to see why.
If you've ever been involved in keeping a software product updated, I mean from the development side of things, you know it's not a simple task. It's nearly impossible really. The biggest problem is that even after you've tested it to death and gone out of your way to ensure the update is as small as possible, things break. Something always breaks.
If you're using a typical computer, when something breaks, you sit down in front of it, type away on the keyboard, and you fix the problem. More often than not you just roll back the update and things go back to the way they used to be.
-
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.
Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
-
How an army of vulnerable gadgets took down the web today
At some point this morning, one of the US’s critical internet infrastructure players was hit with a staggering distributed denial of service (DDoS) attack that has taken out huge swaths of the web. Sites like Twitter, Netflix, Spotify, Reddit, and many others — all clients of a domain registration service provider called Dyn — have suffered crippling interruptions and, in some cases, blanket outages.
Details are now emerging about the nature of the attack. It appears the cause is what’s known as a Mirai-based IoT botnet, according to security journalist Brian Krebs, who cited cyber-threat intelligence firm Flashpoint. Dyn’s chief strategy officer Kyle Owen, who spoke with reporters this afternoon, later confirmed Flashpoint’s claim, revealing that traffic to its servers was clogged with malicious requests from tens of millions of IP addresses in what the company is calling a "very sophisticated and complex attack."
-
Fixing the IoT isn't going to be easy
A large part of the internet became inaccessible today after a botnet made up of IP cameras and digital video recorders was used to DoS a major DNS provider. This highlighted a bunch of things including how maybe having all your DNS handled by a single provider is not the best of plans, but in the long run there's no real amount of diversification that can fix this - malicious actors have control of a sufficiently large number of hosts that they could easily take out multiple providers simultaneously.
To fix this properly we need to get rid of the compromised systems. The question is how. Many of these devices are sold by resellers who have no resources to handle any kind of recall. The manufacturer may not have any kind of legal presence in many of the countries where their products are sold. There's no way anybody can compel a recall, and even if they could it probably wouldn't help. If I've paid a contractor to install a security camera in my office, and if I get a notification that my camera is being used to take down Twitter, what do I do? Pay someone to come and take the camera down again, wait for a fixed one and pay to get that put up? That's probably not going to happen. As long as the device carries on working, many users are going to ignore any voluntary request.
-
Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS
Software implementations of discrete logarithm based cryptosystems over finite fields typically make the assumption that any domain parameters they are presented with are trustworthy, i.e., the parameters implement cyclic groups where the discrete logarithm problem is assumed to be hard. An informal and widespread justification for this seemingly exists that says validating parameters at run time is too computationally expensive relative to the perceived risk of a server sabotaging the privacy of its own connection. In this paper we explore this trust assumption and examine situations where it may not always be justified.
We conducted an investigation of discrete logarithm domain parameters in use across the Internet and discovered evidence of a multitude of potentially backdoored moduli of unknown order in TLS and STARTTLS spanning numerous countries, organizations, and protocols. Although our disclosures resulted in a number of organizations taking down suspicious parameters, we argue the potential for TLS backdoors is systematic and will persist until either until better parameter hygiene is taken up by the community, or finite field based cryptography is eliminated altogether.
- Login or register to post comments
- Printer-friendly version
- 1798 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago