Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, OpenSSL, Women in Cybersecurity, Back to Radio and Latest Black Duck FUD

Filed under
Security
  • Security updates for Monday
  • Oracle Joins SafeLogic to Develop FIPS Module for OpenSSL Security

    Oracle announced on Aug. 3 that it is joining SafeLogic in an effort to develop a much needed FIPS 140-2 module for the open-source OpenSSL cryptographic library.

    OpenSSL is widely used to help secure internet communication and infrastructure, though it currently is lacking a critical module for government standards, known as FIPS 140-2. The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government cyber-security standard used to certify cryptographic modules.

  • OpenSSL drops TLS 1.0/1.1 support for Debian Unstable and what does it mean for Debian sid users?
  • What Women in Cybersecurity Really Think About Their Careers

    For once, some good news about women in the cybersecurity field: A new survey shows that despite the low number of women in the industry, many feel empowered in their jobs and consider themselves valuable members of the team.

    The newly published "Women in Cybersecurity:  A Progressive Movement" report — a survey of women by a woman — is the brainchild of security industry veteran Caroline Wong, vice president of security strategy at Cobalt, who formerly worked at Cigital, Symantec, eBay, and Zynga.

    Wong says she decided to conduct the survey after getting discouraged with all of the bad news about women being underrepresented, underpaid, and even harassed in the technology and cybersecurity fields. The number of women in the industry has basically plateaued at 11% over the past few years.

  • Radio navigation set to make global return as GPS backup, because cyber

    The risk to GPS has caused a number of countries to take a second look at terrestrial radio navigation. Today there's broad support worldwide for a new radio navigation network based on more modern technology—and the system taking the early lead for that role is eLoran. As Reuters reports, South Korea is preparing to bring back radio navigation with eLoran as a backup system for GPS, and the United States is planning to do the same.

  • Open source vulnerabilities pose a serious risk for software startups [Ed: The Microsoft-connected FUD firm is at it again]

Security: WebKitGTK+, DEF CON. OpenSSL, and Ebury

Filed under
Security
  • Endgame for WebKit Woes

    In my original blog post On WebKit Security Updates, I identified three separate problems affecting WebKit users on Linux:

        Distributions were not providing updates for WebKitGTK+. This was the main focus of that post.
        Distributions were shipping a insecure compatibility package for old, unmaintained WebKitGTK+ 2.4 (“WebKit1”).
        Distributions were shipping QtWebKit, which was also unmaintained and insecure.

    Let’s review these problems one at a time.

  • Hackers breach dozens of voting machines brought to conference

    One of the nation’s largest cybersecurity conferences is inviting attendees to get hands-on experience hacking a slew of voting machines, demonstrating to researchers how easy the process can be.

    “It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia.

    The DEF CON cybersecurity conference is held annually in Las Vegas. This year, for the first time, the conference is hosting a "Voting Machine Village," where attendees can try to hack a number of systems and help catch vulnerabilities.

  • OpenSSL disables TLS 1.0 and 1.1

    I've just uploaded a version of OpenSSL to unstable that disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version.

  • Man jailed for role in spreading Linux malware

    OpenSSH is an implementation of the secure shell protocol; it runs on UNIX and Linux systems and is developed by the OpenBSD project.

    The malware in question is known as Ebury and is a backdoor that is used to steal OpenSSH credentials and keep access to a compromised server open.

Events: Hacker Summer Camp, DebConf

Filed under
Google
Security
Debian

Security: Kaspersky Ban, White Hat Hackers, and ESET FUD

Filed under
Security
  • US mulling complete federal ban on Kaspersky products

     

    Things are about to get worse for Kaspersky Lab in the US with the US Senate set to consider banning the use of its software in all federal agencies, using a provision in the National Defence Authorisation Act.  

  • If Hutchins is at fault, then the NSA needs to be pulled up too

    If American judicial authorities are going after British security researcher Marcus Hutchins for allegedly writing malware, then they will also have to indict people at the NSA who were responsible for creating Windows exploits that then leaked and led to massive ransomware attacks.

    Those attacks have left some companies incapable of returning to full production even now, with a case in point being the pharmaceutical giant Merck.

  • Protect the White Hat Hackers Who Are Just Doing Their Jobs

     

    Some lawmakers and regulators hope to protect security analysts who research, develop, and share tools across borders. The Wassenaar Arrangement, a voluntary agreement between 41 countries (including the US) that sets standards and licensing expectations for weapons export, specifically nods toward "intrusion software." But many security experts worry that vague language within the agreement could do more to hinder than support international digital defense research.

  • ESET Tries to Scare People Away From Using Torrents

Security: Updates, Keysigning, WannaCry, DJI and More

Filed under
Security
  • Security updates for Friday
  • DebConf17 Key Signing Party
  • Keysigning!
  • Faster reference-count overflow protection
  • A Solution to Hackers {sic}? More Hackers {sic}

     

    In other words: What if the problem we face is not too many bad hackers {sic}, but too few good ones?

  • Russian man sentenced to almost four years prison in US prison for 'botnet fraud'

     

    Maxim Senakh, of Veliky Novgorod in Russia, was arrested in Finland in 2015 and extradited to the USA to face charges. He pleaded guilty in March and was sentenced in Minnesota this month.

  • Staying Secure with Open Source [Ed: Let's talk about "Staying Secure with" proprietary software, where the code is all secret so you cannot see the bugs]

    Why did Heartbleed fail? One reason, while OSS may have more eyeballs on it, it suffers from inconsistent coding methodology.

  • Researchers say WannaCry operator moved bitcoins to “untraceable” Monero

     

    On Wednesday, the 52.2 bitcoins in the wallet were drained out over nine transactions, as detected by a bot created by Quartz's Keith Collins. Neutrino researchers traced the moved bitcoins to wallets associated with Monero.

  • What is the Kronos trojan and what is Marcus Hutchins accused of?

     

    Neither the indictment, nor the Department of Justice announcement, say how they connected him to the malware.  

  • The Indictment Against Malware Researcher Marcus Hutchines Is Really Weird

    So, yesterday, we wrote a quick post about recently-famous malware research Marcus Hutchins (famous for accidentally stopping the WannaCry attack) being detained by the FBI as he left Defcon. An hour or so later, we updated it with the details of the indictment which had been released. That had my quick response, which noted that the "evidence" didn't seem very strong. It just claims (without anything else) that Hutchins wrote the Kronos malware, and most of the indictment and most of the activity focuses on a second defendant (whose name is redacted) who apparently was out selling the malware. I was planning to write up a more thorough look at the indictment and its problems today, but last night, Orin Kerr beat me to it, and he (famed lawyer, law professor and former assistant US attorney) has a bit more expertise in the subject, so let's work off of his analysis.

  • WannaCry 'hero' to plead not guilty to accusation he wrote banking malware [iophk: "none of these even mention Microsoft Windows(tm)"]

     

    Marcus Hutchins, the celebrated security professional who was arrested Wednesday on federal charges he helped create and distribute malware that steals banking credentials, will be released from detention pending $30,000 bail, according to Las Vegas reporter Christy Wilcox and other news outlets.

  • Judge sets $30K bail in banking malware case for hacker who helped stop WannaCry attack

     

    "This is excellent news," said Nicholas Weaver, a computer scientist at the University of California at Berkeley. "The indictment is remarkably shallow even by indictment standards, which is disappointing because it adds considerable uncertainty and fosters distrust with the general security community."

  • Security researcher who neutralized WCry to be released on $30,000 bond

     

    Marcus Hutchins, the celebrated security professional who was arrested Wednesday on federal charges he helped create and distribute malware that steals banking credentials, will be released from detention pending $30,000 bail, according to Las Vegas reporter Christy Wilcox and other news outlets.

  • Army tells troops to stop using DJI drones immediately, because cyber

     

    But now all of those drones are getting pulled from service, as the result of classified findings in a May study by the Army Research Lab at Aberdeen Proving Grounds in Maryland, as well as a Navy memorandum citing "operational risks" in using DJI drones. The memorandum ordering the ban was obtained by Small UAS News.

  • US Army calls for units to discontinue use of DJI equipment

     

    According to a U.S. Army memo obtained by sUAS News, the U.S. Army Research Lab and U.S. Navy have concluded that there are operational risks associated with DJI equipment, a move that was run up the flag pole last month but kept under wraps.

  • US Army reportedly asks units to stop using DJI drones, citing cybersecurity concerns

     

    The memo notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017.  

  • Siemens, DHS warn of “low skill” exploits against CT and PET Scanners

    The Department of Homeland Security's Industrial Control System Computer Emergency Response Team (ICS-CERT) has issued an alert warning of four vulnerabilities in multiple medical molecular imaging systems from Siemens. All of these systems have publicly available exploits that could allow an attacker to execute code remotely—potentially damaging or compromising the safety of the systems. "An attacker with a low skill would be able to exploit these vulnerabilities," ICS-CERT warned.

    Siemens identified the vulnerabilities in a customer alert on July 26, warning that the vulnerabilities were highly critical—giving them a rating of 9.8 out of a possible 10 using the Common Vulnerability Scoring System. The systems affected include Siemens CT, PET, and SPECT scanners and medical imaging workflow systems based on Windows 7.

  • Announcing Our 2017 Security Audit Results

    A few months ago, we hired an independent security research firm to conduct an audit on the encryption specification used by Standard Notes. In building out our product, we spent a lot of time making sure our encryption is as strong and fool-proof as possible. While it's easy for one to feel confident of their own work, a security audit is a must for any privacy-focused project to assure the developers and customers alike that data being encrypted and transferred is done safely and securely.

  • 20 Docker security tools compared

    There are quite a few Docker security tools in the ecosystem, how do they compare? This is a comprehensive list of Docker security tools that can help you implement some of the container security best practices.

    Is Docker insecure? Not at all. Actually features like process isolation with user namespaces, resource encapsulation with cgroups, immutable images and shipping the minimal software and dependencies reduce the attack vector providing a great deal of protection. But, is there anything else we can do? There is much more than image vulnerability scanning and these are 20 container and Docker specific security tools that can help.

  • Is Your Business Vulnerable to Cyberattack?

    If you still believe that to be the case, you must have been living under a rock for the last year or so. Cyber attacks have increased in scale and sophistication, but they have also increased in frequency. The WannaCry ransomware event from earlier this year was the largest cyber attack in history, impacting over 200,000 devices in 150 countries including hospitals in the UK, a large telecom corporation in Spain, FedEx in the US and even the Russian government.

Tails 3 Offers Easy Anonymity for All

Filed under
Security
Debian

If you’re seriously concerned about privacy, you want to ensure you’re doing all the right things and not leaving behind a trace of what you’ve browsed. There are many reasons for this—some good, some bad. I’d like to focus on the good (naturally). In the past few years, it has become clear that tracking web histories is not a myth. Businesses, governments—anyone with the skills can make use of your browsing history. That is the very reason why technology like Tor has recently gained popularity.

Read more

Security and DRM: WannaCry Researcher, DDoS, Scotland, BA, Grsecurity, WannaCry Bitcoins, and EME

Filed under
Security
  • Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con

    Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

  • WannaCry researcher arrested by FBI for his role in Kronos malware campaign

    According to friends, the first clues came when Hutchins failed to text from the airport. “He was radio-silent before his flight which is very unusual,” one friend told The Verge, “and he wasn’t on the Wi-Fi on the plane.”

  • Briton who stopped WannaCry attack arrested over separate malware claims

    According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015.

  • Hacker Who Stopped WannaCry Charged With Writing Banking Malware

    Hutchins isn't the only member of the malware "conspiracy" named in the indictment against him. It accuses another person, whose name is redacted from the document, of doing what seems to be the majority of the legwork to distribute Kronos, including listing the malware for sale on criminal forums, creating a video advertisement that showed how it worked, and offering so-called "crypting" services meant to hide the malware from detection. The indictment also accuses Hutchins of helping update the malware in February 2015, at least six months after it first went on sale—the only hint that he may have worked on it after it was being actively used for criminal actions.

  • WannaCry 'hero' arrested for creating other malware

    According to an indictment provided to CNN Tech, Hutchins created the malware and shared it online. The Eastern District of Wisconsin returned a six-count indictment against Hutchins on July 12, 2017. It was unsealed at the time of his arrest.

  • WannaCry hero Hutchins arrested in US by FBI

    British security researcher Marcus Hutchins, who accidentally stopped the spread of the WannaCry ransomware that was affecting Windows machines in May, has been arrested by the FBI in Las Vegas.

  • After Defcon, the FBI arrested the UK national who stopped Wannacry

    According to a US Marshals spokesman, Hutchins was arrested by the FBI shortly after the Defcon/Blackhat conference in Las Vegas, though no one has disclosed the charge. His friends cannot locate him.

  • FBI arrests WannaCry hero Marcus Hutchins in Las Vegas over malware claims

    A young cyber expert who stopped the WannaCry global cyber attack has been arrested in the US for allegedly conspiring to advertise and sell a malicious software that targeted bank accounts.

  • Guy Who Accidentally Stopped WannaCry Ransomware Detained After Defcon

    As you may recall, earlier this year, when the WannaCry ransomware was spreading like wildfire, it was accidentally stopped by a security researcher in the UK who was (mostly) known only by the pseudonym MalwareTech. He wrote about the whole experience after having tweeted about it earlier. Basically he spotted the domain that WannaCry was pinging and saw that it wasn't registered -- so he registered it, if just to track the spread of the malware. But, that process actually stopped WannaCry from spreading due to the way the ransomware was designed. The story of someone accidentally stopping a massive malware breakout was a good one and it was widely covered by the press. MalwareTech got lots of good press out of it... and as a thank you, at least one UK publication doxxed him and revealed his name, his age, some of his social media photos and even what he liked to eat. That wasn't very nice. Still, now it's known that Marcus Hutchens is MalwareTech, and people should be thanking him.

  • Convicted Fraudster Uses DDoS Attack To Clean Up Search Results, Fails Spectacularly

    Nice work, Andrew. Generating a federal indictment is a surefire way to ensure your vanity search results remain unmarred by "offending court decisions." But this DDoS wasn't Rakhshan's only attempt to scrub the web of negative info. Searching through the Lumen (formerly Chilling Effects) database reveals post-alleged attack efforts Rakhshan made to clean up unflattering search results.

  • Scottish government whacked by two ransomware attacks in the past year

    The government noted that the actual number of attacks may be higher than it recorded, but added that it is ‘not always possible to identify or record unsuccessful incidents that could be defined as attacks, such as phising emails or those with potential malware that can be filtered before ever reaching the Scottish government.'

  • BA suffers yet more IT borkage causing 'chaos' at London airports

    The IT glitch, which was resolved at around 9am UK time, caused 'carnage' at check-in desks at the three London airports, according to pissed off holidaymakers.

  • Open-source advocate sued over comments on kernel hardening group

    A group that supplies a hardening patch for the Linux kernel has sued a well-known free and open-source practitioner for claiming that the patches in question violate the licence under which the kernel is distributed.

    The group, Grsecurity which has filed the lawsuit under its trading name Open Source Security, sells its patch to subscribers and has taken offence at Bruce Perens' characterisation of their efforts as presenting "a contributory infringement and breach of contract risk".

    Perens issued a statement on 28 June, detailing his reasons why users should avoid using the Grsecurity patch. "It (the patch) is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and cannot work without it," he wrote.

  • WannaCry hackers finally empty ransom wallets following bitcoin split

    The hackers {sic} behind WannaCry have cashed out more than $140,000 (£105,000) worth of bitcoins paid by victims of the ransomware bastard.

  • Bitcoin’s split gave the WannaCry hackers an instant boost to their profits

    In reality, the WannaCry hackers will have a tough time liquidating any of their holdings. It has become far more difficult for hackers to cash out because a major bitcoin exchange called btc-e, which allegedly is responsible for laundering 95% of ransomware funds, has gone offline.

  • WannaCry: hackers withdraw £108,000 of bitcoin ransom

    More than £108,000 in bitcoin paid by victims of the WannaCry ransomware attack, which crippled parts of the NHS as well as businesses in 150 countries worldwide, has been withdrawn from the digital wallets the funds were being held in.

  • Are Internet Standards Standing in the Way of Digital Accessibility?

     

    Disabled people often need to modify digital content so they can consume it. Some advocates are worried new standards will turn them into criminals.

  • DRM in web standards creates new barriers to accessibility

     

    But an equally important activity that DRM interferes with is accessibility adaptation, which, despite being protected in many countries' copyright laws, turns into a legal minefield if DRM has to be removed in order to make a copyrighted work accessible for people with disabilities.  

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Security: Updates, MacOS, AV Snakeoil, Containers, IoT, Windows Ransomware

Filed under
Security

Dumbo

Filed under
Microsoft
Security

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Read more

Syndicate content

More in Tux Machines

SysAdmins and Kernel Developers Advance Linux Skills with LiFT

The annual Linux Foundation Training (LiFT) Scholarships provide advanced open source training to existing and aspiring IT professionals from all over the world. Twenty-seven recipients received scholarships this year – the highest number ever awarded by the Foundation. Scholarship recipients receive a Linux Foundation training course and certification exam at no cost. Read more

New Antivirus Live CD Release Is Out Now Based on 4MLinux 24.0 and ClamAV 0.99.2

Every time a new major 4MLinux release is being prepped, Antivirus Live CD gets updated with the latest GNU/Linux technologies and Open Source components that have been included in the respective 4MLinux release. As such, Antivirus Live CD 24.0-0.99.2 is based on 4MLinux 24.0 and ClamAV 0.99.2 open-source antivirus software toolkit. "Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses," said Zbigniew Konojacki in the release announcement‏. "The latest version 24.0-0.99.2 is based on 4MLinux 24.0 and ClamAV 0.99.2." Read more

LibreOffice 6.0 Coming Soon to openSUSE Tumbleweed, Along with KDE Apps 17.12

A total of six snapshots have been released to the public this month, as OpenSuSE Project's Dominique Leuenberger announced this past weekend, and they brought lots of goodies, along with some of the latest GNU/Linux technologies and Open Source software components. But first, there's been a bunch of more python2->python3 conversions lately that you should know about. "For the ones that don’t know yet, the python2 -> python3 switches are especially of interest to SLE/Leap 15," said Dominique Leuenberger. "Minimizing the support surface for Python 2 in favor of Python 3 will lead to a much stronger, supportable product for the future. As Tumbleweed is the leading and trendsetting product, it is but natural that we get those changes as well." Read more

Linux Kernel 5.0 is Coming in the Summer of 2018

Linus Torvalds reveals the silly reason about why there will be a Linux Kernel 5 hopefully in the summer of 2018. He also discusses the need for new Linux Kernel maintainers. Read more