Language Selection

English French German Italian Portuguese Spanish

Security

Security: Mirai, Microsoft Lets Zero-Day Remain, Sweden Still Shocked Over Swedish Transport Agency Leak

Filed under
Security
  • Hackers accidentally create network busting malware

     

    The malware is a variant of the Mirai botnet. Mirai infected internet-connected security cameras and coordinated them to repeatedly access the same server at the same time. The traffic would overwhelm the targeted server with requests and knock it offline. That type of attack is known as a distributed denial of service (DDoS).  

  • Mirai Goes Open-Source and Morphs into Persirai [Ed: Sure, sure... make it sound like an "open source" issue...]

    The Mirai malware has become notorious for recruiting Internet of Things devices to form botnets that have launched some of the largest distributed denial-of-service (DDoS) attacks recorded to date. Mirai came onto the scene in late 2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It's also purported to have been the basis of the attack in October 2016 that brought down sites including Twitter, Netflix, Airbnb and many others. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.

    When the research team at Imperva accessed the Incapsula logs after the Krebs attacks last fall, they found that, indeed, the Mirai botnet had been active well before the notorious September attack. Imperva discovered a botnet of nearly 50,000 Mirai-infected devices spread throughout 164 countries, with the top-infected countries identified as Vietnam, Brazil and the United States. But even before Mirai became public, the Imperva team saw vulnerable IoT devices as a problem in the making.

  • Microsoft refuses to fix 20-year-old SMB zero-day

     

    A 20-year-old flaw in the server message block protocol used in Windows has been uncovered by two researchers who presented the details of their finding at last week's DEFCON security conference in Las Vegas.  

  • Swedish Cabinet reshuffled in wake of IT security row

    IT scandal turns into political crisis for Swedish government following outsourcing of Swedish Transport Agency contract

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

Security: Tesla, Black Hat, Sweden, and Vault 7

Filed under
Security

Security: DDoS, Broadcom, Black Hat, Google Play, Vault 7 “Aeris”

Filed under
Security
  • Seattle man held over DDoS attacks in Australia, US and Canada

     

    The DDoS attacks took place in 2015 and many of the businesses were contacted by an individual who made unspecified demands from them.

  • Joint international operation sees US citizen arrested for denial of service attacks on IT systems [iophk: "no word yet on any arrests of those that deployed Microsoft systems and connected them  to the network in the first place"]

     

    A two and a half year joint operation between the Australian Federal Police (AFP), Federal Bureau of Investigation (FBI) and Toronto Police Department has resulted in a 37-year-old Seattle man being arrested in connection with serious offences relating to distributed denial of service attacks on IT systems.  

  • Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack

    It's not often that a security researcher devises an attack that can unleash a self-replicating attack which, with no user interaction, threatens 1 billion smartphones. But that's just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.

    At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm "Broadpwn."

  • Sounds bad: Researchers demonstrate “sonic gun” threat against smart devices

    At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS). A sonic "gun" could in theory be used to knock drones out of the sky, cause robots to fail, disorient virtual or augmented reality software, and even knock people off their "hoverboard" scooters. It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.

    Many of the commercial gyroscope sensors in electronic devices are tuning fork gyroscopes—MEMS devices that use the vibrations of two "proof masses" to track rotation and velocity. But an outside source of vibration matching the resonant frequency of the gyroscope could interfere with the sensor's stability and cause the sensor to send bad data to the device it is embedded in.

  • Stealthy Google Play apps recorded calls and stole e-mails and texts

    Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data.

  • For a security conference that everyone claims not to trust the wifi, there sure was a lot of wifi
  • WikiLeaks releases Manual for Linux Implant “Aeris”

Security: Updates, GCC Bug, Mt. Gox, Bad Taste, Vault 7, IPv6 Firewalls and More

Filed under
Security

Security: Updates, Swedish Government, Citadel Trojan, Anchore Navigator, Kaspersky, Budapest Transit Authority, Cryptography

Filed under
Security
  • Security updates for Wednesday
  • Swedish Government Scrambles to Contain Damage From Data Breach

    In addition, the identities of people working undercover for the Swedish police and the Swedish security service, known as Sapo, may have been revealed, along with names of people working undercover for the special intelligence unit of the Swedish armed forces.

  • How a Citadel Trojan Developer Got Busted

    Aquabox took the bait, and asked the FBI agents to upload a screen shot of the bug they’d found. As noted in this September 2015 story, the FBI agents uploaded the image to file-sharing giant Sendspace.com and then subpoenaed the logs from Sendspace to learn the Internet address of the user that later viewed and downloaded the file.

  • Anchore Navigator 2.0 beta now available - container analysis and security toolkit
  • Kaspersky Launches Free Antivirus For Everybody — Download It Here [Ed: Or don't. It's proprietary software and may contain secret back doors.]

    With the increasing rise in the intensity and volume of online threats, our computers and smartphones are becoming more prone to attacks. In such situations, it becomes necessary to look for a capable antivirus solution to make sure that your online life is safe and sound. Along the similar lines, Russian cybersecurity giant has released a free version of its antivirus named Kaspersky Free.

  • Teenager Reports Laughable Flaw In Budapest Transit Authority's Ticketing System And Is Promptly Arrested

    For some reason, this keeps happening and I will never understand why. For years, we have covered incidents where security researchers benignly report security flaws in the technology used by companies and governments, doing what can be characterized as a service to both the public and those entities providing the flawed tools, only to find themselves threatened, bullied, detained, or otherwise dicked with as a result. It's an incredibly frustrating trend to witness, with law enforcement groups and companies that should want to know about these flaws instead shooting the messenger in what tends to look like a fit of embarrassment.

  • SK Telecom makes light of random numbers for IoT applications

    Quantum random number generators aren't new, but one small enough to provide practical security for Internet of Things applications is interesting.

    That's what South Korean telco SK Telecom reckons its boffins have created, embedding a full quantum random number generator (QRNG) in a 5x5mm chip.

    The company's pitch is that QRNGs are large and (at least compared to IoT requirements) expensive, and it wants a commercial tie-up to make its research into an off-the-shelf device.

  • Post Quantum Cryptography

    Traditional computers are binary digital electronic devices based on transistors. They store information encoded in the form of binary digits each of which could be either 0 or 1. Quantum computers, in contrast, use quantum bits or qubits to store information either as 0, 1 or even both at the same time. Quantum mechanical phenomenons such as entanglement and tunnelling allow these quantum computers to handle a large number of states at the same time.

    Quantum computers are probabilistic rather than deterministic. Large-scale quantum computers would theoretically be able to solve certain problems much quicker than any classical computers that use even the best currently known algorithms. Quantum computers may be able to efficiently solve problems which are not practically feasible to solve on classical computers. Practical quantum computers will have serious implications on existing cryptographic primitives.

  • Rethinking the Stack Clash fix

Wikileaks: "Imperial"

Filed under
Security

Today, July 27th 2017, WikiLeaks publishes documents from the Imperial project of the CIA.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

Read more

Security: Sweden Data Leak Scandal, Reproducible Builds, 'Smart' Cars, and Security by Isolating Insecurity

Filed under
Security

Security: Updates, Kaspersky, Hype, FUD, and More

Filed under
Security
  • Security updates for Tuesday
  • Local governments keep using this software — but it might be a back door for Russia

    Local and state government agencies from Oregon to Connecticut say they are using a Russian brand of security software despite the federal government’s instructions to its own agencies not to buy the software over concerns about cyberespionage, records and interviews show.

    The federal agency in charge of purchasing, the General Services Administration, this month removed Moscow-based Kaspersky Lab from its list of approved vendors. In doing so, the agency’s statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it. Kaspersky has strongly denied coordinating with the Russian government and has offered to cooperate with federal investigators.

    The GSA’s move on July 11 has left state and local governments to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost. The lack of information from the GSA underscores a disconnect between local officials and the federal government about cybersecurity.

  • Linux file manager flaw leaves security "Bad Taste" [Ed: This is more like a Windows issue. Hype with logo, brand etc.]

    recently patched flaw in the Linux-based GNOME Files file manager has been discovered that could enable hackers to create malicious Windows-based MSI files which would run malicious VBScript code on Linux.

  • The need for open source security in medical devices [Ed: Using the Microsoft-connected Black Duck to bolster the idea that only FOSS has security issues]

    Wireless and wearable technologies have brought about dramatic improvements in healthcare, allowing patients mobility while providing healthcare professionals with easier access to patient data. Many medical devices that were once tethered to patients, positioned next to hospital beds, or at a fixed location, are now transportable. Evolving from the traditional “finger-prick” method of glucose monitoring, wearable devices equipped with sensors and wireless connectivity now assist with monitoring blood sugar levels, connect with health-care providers, and even deliver medication. Critical life-sustaining devices, such as pacemakers, can be checked by doctors using wireless technology and reduce the time a patient needs to spend at the hospital while allowing the doctor to react more rapidly to patient problems.

  • Open Source Innovation Strengthens Cloudera’s Cybersecurity Solutions
  • 8 Things Every Security Pro Should Know About GDPR

Security: BKK, Password Managers, Kaspersky, Fruitfly, WHISTL, IoT and More

Filed under
Security
  • 18 year old guy arrested for reporting a shamefully stupid bug in the new Budapest e-Ticket system

     

    This last one was the one found by the 18 year old gentleman I started my story with. According to him, he doesn't even know how to program yet (he'll start the university this autumn). He just used the developer tools in the browser, that everybody has access to, saw that the price was being sent back to the server when he was about to make a purchase, and tried if he could change it. A monthly pass costs 9500HUF (about 30EUR) and he modified the price to 50HUF. When he got the confirmation that it worked and was able to see his pass in the app, he immediately emailed the BKK (the Transport Authority) that there was a serious problem. He got an email that his pass was invalidated, but otherwise they didn't get back to him. Instead, when it got leaked out to the press, and in a few hours everyone were talking about the above issues (not just this one), BKK together with T-Sytems Hungary started to what I would call massively covering their arses.  

  • How to use a password manager (and why you really should)

     

    Password managers remove both of these problems by generating and storing complex passwords for you. The password manager lives in your browser and acts a digital gatekeeper, filling in your login info when you need to get on a certain site. You just have to remember one (very secure!) master password for the manager itself, and everything else is taken care of for you. (For a quick introduction on creating a secure but memorable master password, check out this article.)  

  • US local govts still using Kaspersky software despite federal ban

     

    US local government agencies across the country are continuing to use software from Kaspersky Lab even though the federal government removed the company from a list of approved software suppliers for two government-wide purchasing contracts that are used to buy technology services.  

  • “Perverse” malware infecting hundreds of Macs remained undetected for years

    Besides the means of infection being unknown, the exact purpose of the malware is also unclear. Wardle said he found no evidence the malware can be used to install ransomware or collect banking credentials. That largely removes the possibility that Fruitfly developers were motivated by financial profit. At the same time, the concentration of home users largely rules out chances the malware was designed by state-sponsored hackers to spy on targets.

  • Exclusive: WHISTL Labs will be Cyber Range for Medical Devices

     

    The facilities, dubbed WHISTL, will adopt a model akin to the Underwriters Laboratory, which tests electrical devices, but will focus on issues related to cyber security and privacy, helping medical device makers “address the public health challenges” created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium (MDISS).

  • Smart fridges and TVs should carry security rating, police chief says

     

    Barton, the national policing lead for crime operations, proposed the idea as part of efforts to protect households from fraudsters and hackers in the era of the Internet of Things, where otherwise “dumb” devices can be put online and be interconnected for automation and smart appliance activities.

  • 'Devil's Ivy' Is Another Wake-Up Call for IoT Security
Syndicate content

More in Tux Machines

Microsoft EEE

  • Why the Windows Subsystem for Linux Matters to You – Even if You Don’t Use it [Ed: Microsoft pulling an EEE on GNU/Linux matters. Sure it does... while suing GNU/Linux with software patents Microsoft says it "loves Linux".]
  • Canonical Teams Up with Microsoft to Enable New Azure Tailored Ubuntu Kernel
    In a joint collaboration with Microsoft's Azure team, Canonical managed to enable a new Azure tailored Ubuntu kernel in the Ubuntu Cloud Images for Ubuntu 16.04 LTS on Azure starting today, September 21, 2017. The Azure tailored Ubuntu kernel is now enabled by default for the Ubuntu Cloud images running the Ubuntu 16.04 LTS (Xenial Xerus) operating system on Microsoft's Azure cloud computing platform, and Canonical vows to offer the same level of support as the rest of its Ubuntu kernels until the operating system reaches end of life.

Servers: Kubernetes, Cloud Native Computing Foundation (CNCF), and Sysadmin 101

  • Kubernetes Snaps: The Quick Version
    When we built the Canonical Distribution of Kubernetes (CDK), one of our goals was to provide snap packages for the various Kubernetes clients and services: kubectl, kube-apiserver, kubelet, etc. While we mainly built the snaps for use in CDK, they are freely available to use for other purposes as well. Let’s have a quick look at how to install and configure the Kubernetes snaps directly.
  • Kubernetes is Transforming Operations in the Enterprise
    At many organizations, managing containerized applications at scale is the order of the day (or soon will be). And few open source projects are having the impact in this arena that Kubernetes is. Above all, Kubernetes is ushering in “operations transformation” and helping organizations make the transition to cloud-native computing, says Craig McLuckie co-founder and CEO of Heptio and a co-founder of Kubernetes at Google, in a recent free webinar, ‘Getting to Know Kubernetes.’ Kubernetes was created at Google, which donated the open source project to the Cloud Native Computing Foundation.
  • Kubernetes gains momentum as big-name vendors flock to Cloud Native Computing Foundation
    Like a train gaining speed as it leaves the station, the Cloud Native Computing Foundation is quickly gathering momentum, attracting some of the biggest names in tech. In the last month and a half alone AWS, Oracle, Microsoft, VMware and Pivotal have all joined. It’s not every day you see this group of companies agree on anything, but as Kubernetes has developed into an essential industry tool, each of these companies sees it as a necessity to join the CNCF and support its mission. This is partly driven by customer demand and partly by the desire to simply have a say in how Kubernetes and other related cloud-native technologies are developed.
  • The Cloud-Native Architecture: One Stack, Many Options
    As the chief technology officer of a company specialized in cloud native storage, I have a first hand view of the massive transformation happening right now in enterprise IT. In short, two things are happening in parallel right now that make it radically simpler to build, deploy and run sophisticated applications. The first is the move to the cloud. This topic has been discussed so much that I won’t try to add anything new. We all know it’s happening, and we all know that its impact is huge.
  • Sysadmin 101: Leveling Up
    I hope this description of levels in systems administration has been helpful as you plan your own career. When it comes to gaining experience, nothing quite beats making your own mistakes and having to recover from them yourself. At the same time, it sure is a lot easier to invite battle-hardened senior sysadmins to beers and learn from their war stories. I hope this series in Sysadmin 101 fundamentals has been helpful for those of you new to the sysadmin trenches, and also I hope it helps save you from having to learn from your own mistakes as you move forward in your career.

Databases: PostgreSQL 10 RC1 and Greenplum

  • PostgreSQL 10 RC1 Released
    The PostgreSQL Global Development Group announces today that the first release candidate of version 10 is available for download. As a release candidate, 10 RC 1 should be identical to the final release of the new version. It contains fixes for all known issues found during testing, so users should test and report any issues that they find.
  • PostgreSQL 10 Release Candidate 1 Arrives
    PostgreSQL 10 has been queuing up improvements to declarative partitioning, logical replication support, an improved parallel query system, SCRAM authentication, performance speed-ups, hash indexes are now WAL, extended statistics, new integrity checking tools, smart connection handling, and many other promising improvements. Our earlier performance tests of Postgre 10 during its beta phase showed some speed-ups over PostgreSQL 9.
  • Pivotal Greenplum Analytic Database Adds Multicloud Support
    Pivotal’s latest release of its Greenplum analytic database includes multicloud support and, for the first time, is based entirely on open source code. In 2015, the company open sourced the core of Pivotal Greenplum as the Greenplum Database project. “This is the first commercially available release that we are shipping with the open source project truly at its core,” said Elisabeth Hendrickson, VP of data research and development at Pivotal.

Graphics: NVIDIA Progress, VC4/VC5, Intel's Linux Driver & Mesa

  • NVIDIA 384.90 Linux Driver Brings Fixes, Quadro P5200 Support
    One day after releasing updated GeForce Linux legacy drivers, NVIDIA is now out with an update to their long-lived 384 branch. The NVIDIA 384 Linux series is the current latest series for their proprietary driver. Coming out today is the 384.90 update that is primarily comprised of bug fixes but also includes Quadro P5200 support.
  • NVIDIA Continues Prepping The Linux Desktop Stack For HDR Display Support
    Besides working on the new Unix device memory allocator project, they have also been engaged with upstream open-source Linux developers over preparing the Linux desktop for HDR display support. Alex Goins of the NVIDIA Linux team presented on their HDR ambitions for the Linux desktop and the work they are still doing for prepping the X.Org stack for dealing with these next-generation computer displays. This is a project they have also been looking at for more than one year: NVIDIA Is Working Towards HDR Display Support For Linux, But The Desktop Isn't Ready.
  • The State Of The VC4 Driver Stack, Early Work On VC5
    ric Anholt of Broadcom just finished presenting at XDC2017 Mountain View on the state of the VC4 driver stack most notably used by the Raspberry Pi devices. Additionally, he also shared about his early work on the VC5 driver for next-generation Broadcom graphics.
  • Intel's Linux Driver & Mesa Have Hit Amazing Milestones This Year
    Kaveh Nasri, the manager of Intel's Mesa driver team within the Open-Source Technology Center since 2011, spoke this morning at XDC2017 about the accomplishments of his team and more broadly the Mesa community. Particularly over the past year there has been amazing milestones accomplished for this open-source driver stack.