Language Selection

English French German Italian Portuguese Spanish

Security

Security: FUD, SystemD, and Windows

Filed under
Security
  • 'Open-Source' DarthMiner Malware Targets Adobe Pirates with Cryptominer [Ed: Sergiu Gatlan found a way to call malicious proprietary software with holes in it... something about "Open Source"]

    A slightly weird malware strain has been observed using the open source XMRig cryptominer and EmPyre backdoor utilities to target software pirates as reported by Malwarebytes Labs.

  • Bethesda blunders, IRS sounds the alarm, China ransomware, and more

    Linux boot management tool SystemD is once again getting the wrong kind of attention as researchers have spotted another security vulnerability.

    This time, it is an elevation of privilege vulnerability that would potentially let users execute system commands they would otherwise not be authorized to perform.

  • GSX, TZERO, +10 Others Form Open-Source Consortium Focused On Security Token Interoperability And Compliance
  • Iranians indicted in Atlanta city government ransomware attack

    Details leaked by City of Atlanta employees during the ransomware attack, including screenshots of the demand message posted on city computers, indicated that Samsam-based malware was used. A Samsam variant was used in a number of ransomware attacks on hospitals in 2016, with attackers using vulnerable Java Web services to gain entry in several cases. In more recent attacks, including one on the health industry companies Hancock Health and Allscripts, other methods were used to gain access, including Remote Desktop Protocol [attacks] that gave the attackers direct access to Windows systems on the victims' networks.

Security: Updates, ESET Post Turned to FUD, New Microsoft-Connected FUD, and SUSE CaaS Platform Patched

Filed under
Security
  • Security updates for Friday
  • Old and new OpenSSH backdoors threaten Linux servers [Ed: ESET is spreading/reusing/repurposing FUD against OpenSSH of the OpenBSD project. SSH itself is secure, but because some malicious actors make poisoned binaries with back doors we're supposed to fear; supply chains matter.]

    Nearly five years ago, ESET researchers helped to disrupt a 25 thousand-strong botnet of Linux machines that were saddled with an OpenSSH-based backdoor and credential stealer named Ebury. The attackers wielding it first performed a check if other SSH backdoors are present at the targeted system before deploying the malware.

    This spurred the researchers to search for and analyze these type of (server-side OpenSSH) backdoors.

    “Malicious OpenSSH binaries are quite common and have features that help us detect them among legitimate OpenSSH binaries. While, as soon as we got them, we used the samples collected to improve our detection, we only began sorting and analyzing them in 2018. Surprisingly, we discovered many new backdoor families that had never been documented before,” they noted in a recently released report detailing nine previously documented and 12 new OpenSSH malware families.

  • Feral Interactive Bringing DiRT 4 to Linux in 2019, Chrome 71 Blocks Ads on Abusive Sites, New Linux Malware Families Discovered, The Linux Foundation Launches the Automated Compliance Tooling Project, and GNU Guix and GuixSD 0.16.0 Released

    Cyber-security company ESET has discovered 21 "new" Linux malware families, and all of them "operate in the same manner, as trojanized versions of the OpenSSH client". ZDNet reports that "They are developed as second-stage tools to be deployed in more complex 'botnet' schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions. ESET said that '18 out of the 21 families featured a credential-stealing feature, making it possible to steal passwords and/or keys' and '17 out of the 21 families featured a backdoor mode, allowing the attacker a stealthy and persistent way to connect back to the compromised machine.'"

  • Visibility is the key to prioritizing open source vulnerability remediations [Ed: TechRadar entertains anti-FOSS firm whose sole contribution is FUD because it tries to sell some 'solution'. The author writes about his own firm that also collaborates with Microsoft on this FUD.]
  • SUSE CaaS Platform Updated to Address Kubernetes Vulnerability

    For an open source project of its size (both in terms of code and of prevalence of adoption), Kubernetes has been surprisingly free of security vulnerabilities. Its perfect record has come to an end, though, with the project’s disclosure on December 3, 2018 of a security vulnerability in all previous versions of Kubernetes, and therefore, of SUSE CaaS Platform.

Tor Browser: An Ultimate Web Browser for Anonymous Web Browsing in Linux

Filed under
Moz/FF
OSS
Security
Web

Most of us give a considerable time of ours to Internet. The primary Application we require to perform our internet activity is a browser, a web browser to be more perfect. Over Internet most of our’s activity is logged to Server/Client machine which includes IP address, Geographical Location, search/activity trends and a whole lots of Information which can potentially be very harmful, if used intentionally the other way.

Read more

Security: Site Security and New FUD

Filed under
Security
  • Why do small sites get hacked?

    High traffic volume helps boost earnings on partner programs by redirecting visitors to other sites, gets more views of unauthorized advertisements and attracts more clicks on rogue links. But that is not the only way hackers make money.

    Unprotected sites with low traffic volume are equally attractive to hackers. It is the way they are used that differs from how hackers monetize more popular websites. Any normal site, with an audience of as little as 30 visitors a day, can still be threatened by hacking and infection. 

  • (Website) size is not important

    A common fallacy says that big, popular web sites are more likely to be the targets of hacking. After all, they have the biggest customer databases and the most amount of traffic. To a hacker, more traffic means more money. Right? 

    Not quite. In Greg Zemskov’s latest blog post, he explains why small sites are just as attractive to hackers as big ones, what the hackers do with such sites, and what small site owners and administrators can do to avoid becoming victims.

  • ESET discovers 21 new Linux malware families [Ed:  Catalin Cimpanu misrepresents what ESET actually wrote. Go to the source, not those flame-baiters of CBS.]
  • Top 5 New Open Source Vulnerabilities in November 2018 [Ed: Microsoft friends are so eager to make FOSS look dangerous, like quite major a risk]

Security: Windows Back Doors Cost Dearly, Adobe Flash is a Mess, and Microsoft Deals With Defects

Filed under
Security

Security: NPM, IT Security Lessons from the Marriott Data Breach, and Secure SHell

Filed under
Security
  • event-stream, npm, and trust

    Malware inserted into a popular npm package has put some users at risk of losing Bitcoin, which is certainly worrisome. More concerning, though, is the implications of how the malware got into the package—and how the package got distributed. This is not the first time we have seen package-distribution channels exploited, nor will it be the last, but the underlying problem requires more than a technical solution. It is, fundamentally, a social problem: trust.

    Npm is a registry of JavaScript packages, most of which target the Node.js event-driven JavaScript framework. As with many package repositories, npm helps manage dependencies so that picking up a new version of a package will also pick up new versions of its dependencies. Unlike, say, distribution package repositories, however, npm is not curated—anyone can put a module into npm. Normally, a module that wasn't useful would not become popular and would not get included as a dependency of other npm modules. But once a module is popular, it provides a ready path to deliver malware if the maintainer, or someone they delegate to, wants to go that route.

  • IT Security Lessons from the Marriott Data Breach

    A number of data breaches have been disclosed over the course of 2018, but none have been as big or had as much impact as the one disclosed on Nov. 30 by hotel chain Marriott International.

    A staggering 500 million people are at risk as a result of the breach, placing it among the largest breaches of all time, behind Yahoo at 1 billion. While the investigation and full public disclosure into how the breach occurred is still ongoing, there are lots of facts already available, and some lessons for other organizations hoping to avoid the same outcome.

  • The Dark Side of the ForSSHe: Shedding light on OpenSSH backdoors

    SSH, short for Secure SHell, is a network protocol to connect computers and devices remotely over an encrypted network link. It is generally used to manage Linux servers using a text-mode console. SSH is the most common way for system administrators to manage virtual, cloud, or dedicated, rented Linux servers.

    The de facto implementation, bundled in almost all Linux distributions, is the portable version of OpenSSH. A popular method used by attackers to maintain persistence on compromised Linux servers is to backdoor the OpenSSH server and client already installed.

Security: Reproducible Builds, Updates and Windows Back Doors

Filed under
Security
  • Reproducible Builds: Weekly report #188
  • Security updates for Wednesday
  • EternalSuffering: NSA Exploits Still Being Successfully Used To Hijack Computers More Than A Year After Patching [Ed: TechDirt calls Micrososft Windows-running machines with NSA back doors just “computers” (ha! How convenient an excuse; blame the user for back doors!)]

    More of the same, then. Perhaps not at the scale seen in the past, but more attacks using the NSA's hoarded exploits. Hoarding exploits is a pretty solid plan, so long as they don't fall into the hands of… well, anyone else really. Failing to plan for this inevitability is just one of the many problems with the NSA's half-assed participation in the Vulnerability Equities Process.

    Since the tools began taking their toll on the world's computer systems last year, there's been no sign the NSA is reconsidering its stance on hunting and hoarding exploits. The intelligence gains are potentially too large to be sacrificed for the security of millions of non-target computer users. It may claim these tools are essential to national security, but for which nation? The exploits wreaked havoc all over the world, but it would appear the stash of exploits primarily benefited one nation before they were inadvertently dumped into the public domain. Do the net gains in national security outweigh the losses sustained worldwide? I'd like to see the NSA run the numbers on that.

Security: Bypass of Disabled System Functions, Ubuntu for Bitcoin Safety and FUD Over NPM

Filed under
Security
  • Bypass of Disabled System Functions

    The disable_functions directive in the php.ini configuration file allows you to disable certain PHP functions. One of the suggested hardening practices is to disable functions such as system, exec, shell_exec, passthru, by using the disable_functions directive to prevent an attacker from executing system commands. However, a user named Twoster in the Russian Antichat forum announced a new bypass method to this security mechanism. In this blog post, we discuss the technical details of the bypass.

  • How to Use a Bitcoin Paper Wallet to Keep Your Crypto Safe

    As a crypto investor, it’s paramount that you understand the different ways to keep your Bitcoin safe. While most of the media attention focuses on hardware and software wallet solutions, there is another effective way to store your Satoshis: a Bitcoin paper wallet.

    This form of crypto storage is used by some of the biggest Bitcoin investors in the world. The Winklevoss Twins, the world’s first Bitcoin billionaires, reportedly keep their crypto in cold storage on paper wallets. The paper wallets are cut into pieces and stored in different bank safety deposit boxes throughout the country.

    [...]

    Restart your computer and boot your PC from your flash drive using the Ubuntu operating system. To do this, you will need to press F1 or F12 during your PC’s startup. A pop-up screen will emerge showing you your boot options. Choose the option that represents your flash drive. Allow Ubuntu to load on your PC.

  • Event-Stream Backdoor Doesn't Mean Open-Source Community Failing at Security [Ed: Free software catches such issues fast; proprietary software doesn't (or does so late, then covers it all up).]

    News last week that event-stream, the popular open-source code library managed by NPM, had been compromised by a hacker (or hackers) looking to steal Bitcoin led some to question the underlying security of the open-source components that they are using in their software.

Kubernetes and Containers Leftovers

Filed under
Server
OSS
Security
  • Production-Ready Kubernetes Cluster Creation with kubeadm

    kubeadm is a tool that enables Kubernetes administrators to quickly and easily bootstrap minimum viable clusters that are fully compliant with Certified Kubernetes guidelines. It’s been under active development by SIG Cluster Lifecycle since 2016 and we’re excited to announce that it has now graduated from beta to stable and generally available (GA)!

    This GA release of kubeadm is an important event in the progression of the Kubernetes ecosystem, bringing stability to an area where stability is paramount.

    The goal of kubeadm is to provide a foundational implementation for Kubernetes cluster setup and administration. kubeadm ships with best-practice defaults but can also be customized to support other ecosystem requirements or vendor-specific approaches. kubeadm is designed to be easy to integrate into larger deployment systems and tools.

  • Docker Looks to Improve Container Development With Enterprise Desktop

    Docker CEO Steve Singh kicked off DockerCon Europe 2018 here with a bold statement: Companies need to transform, or risk becoming irrelevant.

    According to Singh, Docker is a key tool for enabling organizations to transform their businesses. To date for enterprises, the core Docker Enterprise Platform has been largely focused on operations and deployment, with the community Docker Desktop project available for developers to build applications. That's now changing with the announcement at DockerCon Europe of the new Docker Desktop Enterprise, adding new commercially supported developer capabilities to help corporate developers fully benefit from Docker.

    "Our commitment is to provide a development experience that makes it easy to build applications with one platform, upon which you can build, ship and run any application on any infrastructure," Singh said.

  • Canonical publishes auto-apply vulnerability patch for Kubernetes
  • Critical Kubernetes privilege escalation disclosed

    A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3)

Security: The New Kubernetes, Updates and More on Quora

Filed under
Security
  • Kubernetes 1.13 Improves Cloud-Native Storage Features

    Kubernetes 1.13 was released on Dec. 3, providing users of the popular open-source cloud-native platform with new features to make it easier to manage, deploy and operate containers in production.

    Among the features that are now generally available in Kubernetes 1.13 is the kubeadm administration tool for configuring services. The Container Storage Interface is another new generally available feature, providing a stable abstraction layer for different third-party storage plug-ins. Additionally, with Kubernetes 1.13, CoreDNS is now the default DNS (Domain Name Server) technology, replacing KubeDNS.

  • Kubernetes Alert: Security Flaw Could Enable Remote Hacking
  • On demand webcast: DevOps and security – you don't have to play open source whack-a mole
  • Security updates for Tuesday
  • [Intruders] breach Quora.com and steal password data for 100 million users

    Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes. In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

  • Quora says [intruders] stole [sic] up to 100 million users’ data

    Quora said it discovered last week that [intruders] broke into its systems and were able to make off with data on up to 100 million users. That data could have included a user’s name, email address, and an encrypted version of their password. If a user imported data from another social network, like their contacts or demographic information, that could have been taken too.

Syndicate content

More in Tux Machines

today's leftovers

OSS Leftovers

  • #RecruitmentFocus: Open source skills in high demand
    The unemployment rate in South Africa rose to 27.5% in the third quarter of 2018, while the demand for skills remains high - leaving an industry conundrum that is yet to be solved. According to SUSE, partnerships that focus on upskilling graduates and providing real-work skills, as well as placement opportunities - could be exactly what the industry in looking for.
  • Stable: not moving vs. not breaking
    There are two terms that brings a heavy controversy in the Open Source world: support and stable. Both of them have their roots in the “old days” of Open Source, where its commercial impact was low and very few companies made business with it. You probably have read a lot about maintenance vs support. This controversy is older. I first heard of it in the context of Linux based distributions. Commercial distribution had to put effort in differentiating among the two because in Open SOurce they were used indistictly but not in business. But this post is about the adjectivet stable…
  • Cameron Kaiser: A thank you to Ginn Chen, whom Larry Ellison screwed
    Periodically I refresh my machines by dusting them off and plugging them in and running them for a while to keep the disks spinnin' and the caps chargin'. Today was the day to refurbish my Sun Ultra-3, the only laptop Sun ever "made" (they actually rebadged the SPARCle and later the crotchburner 1.2GHz Tadpole Viper, which is the one I have). Since its last refresh the IDPROM had died, as they do when they run out of battery, resetting the MAC address to zeroes and erasing the license for the 802.11b which I never used anyway. But, after fixing the clock to prevent GNOME from puking on the abnormal date, it booted and I figured I'd update Firefox since it still had 38.4 on it. Ginn Chen, first at Sun and later at Oracle, regularly issued builds of Firefox which ran very nicely on SPARC Solaris 10. Near as I can determine, Oracle has never offered a build of any Firefox post-Rust even to the paying customers they're bleeding dry, but I figured I should be able to find the last ESR of 52 and install that. (Amusingly this relic can run a Firefox in some respects more current than TenFourFox, which is an evolved and patched Firefox 45.)
  • Protecting the world’s oceans with open data science
    For environmental scientists, researching a single ecosystem or organism can be a daunting task. The amount of data and literature to comb through (or create) is often overwhelming. So how, then, can environmental scientists approach studying the health of the world’s oceans? What ocean health means is a big question in itself—oceans span millions of square miles, are home to countless species, and border hundreds of countries and territories, each of which has its own unique marine policies and practices. But no matter how daunting this task may seem, it’s a necessary and vital one. So in 2012, the National Center for Ecological Analysis and Synthesis (NCEAS) and Conservation International publicly launched the Ocean Health Index (OHI), an ambitious initiative to measure the benefits that oceans provide to people, including clean water, coastal protections, and biodiversity. The idea was to create an annual assessment to document major oceanic changes and trends, and in turn, use those findings to craft better marine policy around the world.

Openwashing Leftovers

The Last Independent Mobile OS

The year was 2010 and the future of mobile computing was looking bright. The iPhone was barely three years old, Google’s Android had yet to swallow the smartphone market whole, and half a dozen alternative mobile operating systems—many of which were devoutly open source—were preparing for launch. Eight years on, you probably haven’t even heard of most of these alternative mobile operating systems, much less use them. Today, Android and iOS dominate the global smartphone market and account for 99.9 percent of mobile operating systems. Even Microsoft and Blackberry, longtime players in the mobile space with massive revenue streams, have all but left the space. Then there’s Jolla, the small Finnish tech company behind Sailfish OS, which it bills as the “last independent alternative mobile operating system.” Jolla has had to walk itself back from the edge of destruction several times over the course of its seven year existence, and each time it has emerged battered, but more determined than ever to carve out a spot in the world for a truly independent, open source mobile operating system. After years of failed product launches, lackluster user growth, and supply chain fiascoes, it’s only been in the last few months that things finally seem to be turning to Jolla’s favor. Over the past two years the company has rode the wave of anti-Google sentiment outside the US and inked deals with large foreign companies that want to turn Sailfish into a household name. Despite the recent success, Jolla is far from being a major player in the mobile market. And yet it also still exists, which is more than can be said of every other would-be alternative mobile OS company. Read more