Language Selection

English French German Italian Portuguese Spanish

Security

Microsoft Ransom (WannaCry), Logjam Revisited

Filed under
OSS
Security
  • Remember WannaCry Ransomware Attack? This Country Has Been Publicly Blamed By The U.S.
  • Liberating SSH from Logjam leftovers

    A recent Request for Comment at the Internet Engineering Task Force calls for SSH developers to deprecate 1,024-bit moduli.

    RFC 8270 was authored by Mark Baushke (at Juniper Networks but working as an individual) and Loganaden Velvindron (of Mauritian group Hackers.mu) in response to demand for a response to the 2015 Logjam bug.

    Logjam, discovered by Johns Hopkins cryptoboffin Matthew Green, would let a state-level actor attack Diffie-Hellman cryptosystems using 1,024-bit primes.

Security: Breaches, Russia Panic, and NSA Exploits

Filed under
Security

NSA Exploits and Keylogger in HP Hardware

Filed under
Security
  • Hackers use NSA exploits to mine Monero

    Zealot campaign used Eternalblue and Eternalsynergy to mine cryptocurrency on networks.

    Security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim's systems and networks.

    They said that the campaign was a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits.

  • NSA Cyberweapons Help Hackers Mine Cryptocurrency

    Hackers are using leaked NSA cyberweapons to mine cryptocurrency over vulnerable servers.

    The weapons can be used to take over Windows and Linux systems, and download malware that can mine the digital currency Monero, according to security provider F5 Networks.

  • Linux And Windows Machines Being Attacked By “Zealot” Campaign To Mine Cryptocurrency
  • How the Zealot Attack Uses Apache Struts Flaw to Mine Crypto-Currency

    Network security vendor F5 has discovered a new attack that makes use of known vulnerabilities including the same Apache Struts vulnerability linked to the Equifax breach to mine the Monero cryptocurrency.

    F5's threat researchers have dubbed the campaign "Zealot", which is also the name of a file that is part of multi-stage attack. The Zealot files include python scripts that trigger the EternalBlue and Eternal Synergy exploits that were first publicly disclosed by the Shadow Brokers hacking group and were allegedly first created by the U.S. National Security Agency (NSA) linked Equation Group.

  • HP’s Keylogger Not a Keylogger, Says Synaptics

    HP has recently come under fire for allegedly bundling a keylogger into its drivers, allowing the company or cybercriminals who could hijack it to record every keystroke of the user.

    But Synaptics, the company that builds and provides TouchPads for HP and other OEMs on the market, says the keylogger in question isn’t actually a keylogger, as it was implemented solely with the purpose of serving as a debug tool.

    In a security brief published recently, Synaptics says HP isn’t the only company that offers drivers with this debug tool included by default, but all OEMs featuring its hardware.

    “Each notebook OEM implements custom TouchPad features to deliver differentiation. We have been working with these OEMs to improve the quality of these drivers. To support these requirements and to improve the quality of the experience, Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the TouchPad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions,” the firm says.

Security: Hackers, Back Doors, Microsoft Scam and Bots

Filed under
Security
  • Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

    News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers.

    From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.

  • We need to talk about mathematical backdoors in encryption algorithms

    Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued.

    Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to enforce cryptographic control.

    In defence of cryptography, researchers have set out to validate technology that underpins the secure exchange of information and e-commerce. Eric Filiol,  head of research at ESIEA, the operational cryptology and virology lab, argued that only implementation backdoors (at the protocol/implementation/management level) are generally considered. Not enough effort is being put into looking for mathematical backdoors or by-design backdoors, he maintains.

  • How a Dorm Room Minecraft Scam Brought Down the Internet

     

    Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

  • Microsoft's Edge browser is in serious trouble

     

    Analytics firm Net Applications revised its methodology to cull bots from its browser share numbers and found that as much as half of the traffic to Edge on Windows 10 was artificially inflated.  

Security: Vista 10, Ransom, and "Zealot"

Filed under
Security
  • Face Palm: Windows 10 Bundled A Password Manager That Exposed Your Saved Passwords

    bout 16 months ago, a Google Project Zero researcher found a critical bug in a password manager named Keeper. The bug allowed Keeper to inject its trusted UI into untrusted web pages with a content script. This allowed websites to steal user passwords using techniques like clickjacking.

    In a surprising development, Tavis Ormandy, the same researcher, has found that Microsoft bundled the same password manager with Windows 10. “I recently created a fresh Windows 10 VM with a pristine image from MSDN, and found that a password manager called “Keeper” is now installed by default,” he said. Moreover, a similar flaw was again found in this pre-installed password manager, which remained present for eight days.

  • British companies 'stockpile' Bitcoin to use as ransomware hush money
  • "Zealot" Campaign Uses NSA Exploits to Mine Monero on Windows and Linux Servers

    An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.

    The campaign was detected by security researchers from F5 Networks, who named it Zealot, after zealot.zip, one of the files dropped on targeted servers.

Security: Mirai, Vista 10, Starbucks, and Hacking Team Investigation

Filed under
Security
  • Mirai IoT Botnet Co-Authors Plead Guilty

    The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

  • Google Researcher Finds Flaw in Pre-Installed Windows 10 Password Manager

    Google security researcher Tavis Ormandy, who has previously discovered, reported, and disclosed several major bugs in Windows and its features, came across a new security vulnerability affecting Microsoft users.

    This time, the flaw exists in the Keeper password manager that comes pre-installed in some Windows 10 versions, with Ormandy explaining that it’s similar to a vulnerability that he discovered in August 2016.

    “I remember filing a bug a while ago about how they were injecting privileged UI into pages,” Ormandy explained on December 14. “I checked and, they're doing the same thing again with this version,” he continues.

  • Starbucks Wi-Fi Turned People’s Laptops into Cryptocurrency Miners

    The free Wi-Fi that the Buenos Aires Starbucks offers to its customers was being used to mine for cryptocurrency, and what’s worse, it used people’s laptops to do it.

    The whole thing was discovered by Stensul CEO Noah Dinkin who actually paid a visit to the store and wanted to browse the web using the free Wi-Fi, only to discover that his laptop was unknowingly converted into a cryptocurrency miner.

    He then turned to Twitter to ask Starbucks if they know about the what he described as bitcoin mining taking place without customers knowing about it.

    “Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand,” he said in his tweet.

  • Italian Prosecutor Makes Request to Close Hacking Team Investigation

    The damaging data breach that exposed the secrets of an infamous surveillance tech company might go unsolved forever. After more than two years, the Italian prosecutor who was investigating the attack on the Milan-based Hacking Team has asked the case to be dismissed, according to multiple sources.

    On Monday, the Milan prosecutor Alessandro Gobbis sent a notice to the people under investigation informing them that he had sent the judge a request to shut down the investigation, according to a copy of the document obtained by Motherboard.

Parrot Security 3.10 Ethical Hacking OS Adds Full Firejail/AppArmor Sandboxing

Filed under
Security
Debian

ParrotSec devs released today a new stable version of their Debian-based Parrot Security OS ethical hacking and penetration testing GNU/Linux distribution.

There are many enhancements implemented in the Parrot Security OS 3.10 release, but the biggest new feature is the introduction of a full Firejail and AppArmor sandboxing system that should proactively protect the operating system from attacks by isolating its components with the combination of various security techniques.

"The first experiments were already introduced in Parrot 3.9 with the inclusion of Firejail, but we took almost a month of hard work to make it even better with the improvement of many profiles, the introduction of the AppArmor support and enough time to make all the tests," reads today's announcement.

Read more

Also: Parrot 3.10 is out

Red Hat: Common Criteria Certification and Thunderbolt

Filed under
Red Hat
Security

Security: Bolt, Updates, NIST, Starbucks

Filed under
Security

Introducing bolt: Thunderbolt 3 security levels for GNU/Linux

Filed under
GNU
Linux
Security

Today I released the first version 0.1 (aka "Accidentally Working") of bolt, a system daemon that manages Thunderbolt 3 devices. It provides a D-Bus API to list devices, enroll them (authorize and store them in the local database) and forget them again (remove previously enrolled devices). It also emits signals if new devices are connected (or removed). During enrollment devices can be set to be automatically authorized as soon as they are connected. A command line tool, called boltctl, can be used to control the daemon and perform all the above mentioned tasks (see the man page of boltctl(1) for details).

Read more

Syndicate content

More in Tux Machines

Openwashing: Microsoft, Apple and Symphony Software Foundation

Linux Foundation: Real-Time Linux (RT Linux), LF Deep Learning Foundation, OpenTracing and More

  • Developers: Prepare Your Drivers for Real-Time Linux
    Although Real-Time Linux (RT Linux) has been a staple at Embedded Linux Conferences for years -- here’s a story on the RT presentations in 2007 -- many developers have viewed the technology to be peripheral to their own embedded projects. Yet as RT, enabled via the PREEMPT_RT patch, prepares to be fully integrated into the mainline kernel, a wider circle of developers should pay attention. In particular, Linux device driver authors will need to ensure that their drivers play nice with RT-enabled kernels. At the recent Embedded Linux Conference in Portland, National Instruments software engineer Julia Cartwright, an acting maintainer on a stable release of the RT patch, gave a well-attended presentation called “What Every Driver Developer Should Know about RT.” Cartwright started with an overview of RT, which helps provide guarantees for user task execution for embedded applications that require a high level of determinism. She then described the classes of driver-related problems that can have a detrimental impact to RT, as well as potential resolutions. One of the challenges of any real-time operating system is that most target applications have two types of tasks: those with real-time requirements and latency sensitivity, and those for non-time critical tasks such as disk monitoring, throughput, or I/O. “The two classes of tasks need to run together and maybe communicate with one another with mixed criticality,” explained Cartwright. “You must resolve two different degrees of time sensitivity.” One solution is to split the tasks by using two different hardware platforms. “You could have an Arm Cortex-R, FPGA, or PLD based board for super time-critical stuff, and then a Cortex-A series board with Linux,” said Cartwright. “This offers the best isolation, but it raises the per unit costs, and it’s hard to communicate between the domains.”
  • Clarifying the Linux Real Time Issue
    I recently posted an article about the increasing development and availability of Linux-powered automation devices. This is a clear industry trend that’s unavoidable for anyone following the automation technology industry. Shortly after posting the article, I heard from a reader who wrote: “I read your article and I am surprised that you would promote the idea that anyone would use Linux for anything critical. It isn’t even a real-time control system. It can be used for non-critical applications, but the article implies that industry is adopting it for everything.” This reader brings up a valid point. Linux is not a real-time OS in and of itself. As Vibhoosh Gupta of GE Automation & Controls noted in the original article, GE uses “Type 1 hypervisor technology to run a real-time OS, such as VxWorks, running traditional control loops alongside our PAC Edge technology operating on Linux.” [...] The Linux Foundation launched the RTL (Real Time Linux) Collaborative Project in October 2015. According to the Foundation, the project was “founded by industry experts to advance technologies for the robotics, telecom, manufacturing and medical industries. The aim of the RTL collaborative project is mainlining the PREEMPT_RT patch.” While there are plenty of mission critical applications running Linux OS with real-time extensions—as highlighted by GE, Opto and Wago—the Linux Foundation notes on its site that there remains “much work to be done.”
  • Linux Launches Deep Learning Foundation For Open Source Growth In AI
    The Linux Foundation has launched the LF Deep Learning Foundation, an umbrella organisation which will support and sustain open source innovation in artificial intelligence, machine learning, and deep learning. The organisation will strive to make these critical new technologies available to developers and data scientists everywhere, said a statement published by LF. Founding members of LF Deep Learning include Amdocs, AT&T, B.Yond, Baidu, Huawei, Nokia, Tech Mahindra, Tencent, Univa, and ZTE, among others. LF Deep Learning, members are working to create a neutral space where makers and sustainers of tools and infrastructure can interact and harmonise their efforts and accelerate the broad adoption of deep learning technologies.
  • OpenTracing: Distributed Tracing’s Emerging Industry Standard
    What was traditionally known as just Monitoring has clearly been going through a renaissance over the last few years. The industry as a whole is finally moving away from having Monitoring and Logging silos – something we’ve been doing and “preaching” for years – and the term Observability emerged as the new moniker for everything that encompasses any form of infrastructure and application monitoring. Microservices have been around for a over a decade under one name or another. Now often deployed in separate containers it became obvious we need a way to trace transactions through various microservice layers, from the client all the way down to queues, storage, calls to external services, etc. This created a new interest in Transaction Tracing that, although not new, has now re-emerged as the third pillar of observability.
  • There’s a Server in Every Serverless Platform [Ed: "Serverless" is a lie. It's a server. One that you do not control; one/s that control/s you. Even Swapnil finally or belatedly gets it. The LF really likes buzzwords.]
    Serverless computing or Function as a Service (FaaS) is a new buzzword created by an industry that loves to coin new terms as market dynamics change and technologies evolve. But what exactly does it mean? What is serverless computing?
  • Take the Open Source Job Survey from Dice and The Linux Foundation
    Interest in hiring open source professionals is on the rise, with more companies than ever looking for full-time hires with open source skills and experience. To gather more information about the changing landscape and opportunities for developers, administrators, managers, and other open source professionals, Dice and The Linux Foundation have partnered to produce two open source jobs surveys — designed specifically for hiring managers and industry professionals.
  • Automotive Linux Summit & OS Summit Japan Schedule Announced [Ed: "Brian Redmond, Microsoft" so you basically go to an event about Linux and must listen to a talk from a company which attacks Linux with patent blackmail, bribes etc.]

Security: Updates, GrayKey, Google and Cilium

  • Security updates for Wednesday
  • Hackers Leaked The Code Of iPhone Cracking Device “GrayKey”, Attempted Extortion
    The mysterious piece of hardware GrayKey might give a sense of happiness to cops because they can get inside most of the iPhone models currently active, including the iPhone X. The $30,000 device is known to crack a 4-digit iPhone passcode in a matter of a few hours, and a six-digit passcode in 3 days, or possibly 11 hours in ideal scenarios. That’s why security experts suggest that iOS users should keep an alphanumeric passcode instead of an all-number passcode.
  • Someone Is Trying to Extort iPhone Crackers GrayShift With Leaked Code
    Law enforcement agencies across the country are buying or have expressed interest in buying GrayKey, a device that can unlock up-to-date iPhones. But Grayshift, the company that makes the device, has attracted some other attention as well. Last week, an unknown party quietly leaked portions of GrayKey code onto the internet, and demanded over $15,000 from Grayshift—ironically, the price of an entry-level GrayKey—in order to stop publishing the material. The code itself does not appear to be particularly sensitive, but Grayshift confirmed to Motherboard the brief data leak that led to the extortion attempt.
  • It's not you, it's Big G: Sneaky spammers slip strangers spoofed spam, swamp Gmail sent files
    Google has confirmed spammers can not only send out spoofed emails that appear to have been sent by Gmail users, but said messages also appear in those users' sent mail folders. The Chocolate Factory on Monday told The Register that someone has indeed created and sent spam with forged email headers. These not only override the send address, so that it appears a legit Gmail user sent the message, but it also mysteriously shows up in that person's sent box as if they had typed it and emitted themselves. In turn, the messages would also appear in their inboxes as sent mail.
  • Cilium 1.0 Advances Container Networking With Improved Security
    For last two decades, the IPtables technology has been the cornerstone of Linux networking implementations, including new container models. On April 24, the open-source Cilium 1.0 release was launched, providing a new alternative to IPtables by using BPF (Berkeley Packet Filter), which improves both networking and security. The Cilium project's GitHub code repository defines the effort as Linux Native, HTTP Aware Network Security for Containers. Cilium development has been driven to date by stealth startup Covalent, which is led by CEO Dan Wendlandt, who well-known in the networking community for his work at VMware on software-defined networking, and CTO Thomas Graf, who is a core Linux kernel networking developer.

Applications: KStars, Kurly, Pamac, QEMU

  • KStars 2.9.5 is out!
    Autofocus module users would be happy to learn that the HFR value is now responsive to changing seeing conditions. Previously, the first successful autofocus operation would set the HFR Threshold value of which subsequent measurements are compared against during the in-sequence-focusing step.
  • Kurly – An Alternative to Most Widely Used Curl Program
    Kurly is a free open source, simple but effective, cross-platform alternative to the popular curl command-line tool. It is written in Go programming language and works in the same way as curl but only aims to offer common usage options and procedures, with emphasis on the HTTP(S) operations. In this tutorial we will learn how to install and use kurly program – an alternative to most widely used curl command in Linux.
  • Pamac – Easily Install and Manage Software on Arch Linux
    Arch Linux is one of the most popular Linux distribution available despite its apparent technicality. Its default package manager pacman is powerful but as time always tells, it is a lot easier to get certain things done using a mouse because GUI apps barely require any typing nor do they require you to remember any commands; and this is where Pamac comes in. Pamac is a Gtk3 frontend for libalpm and it is the GUI tool that Arch Linux users turn to the most when they aren’t in the mood to manage their software packages via the terminal; and who can blame them? It was specifically created to be used with Pacman.
  • QEMU 2.12 Released With RISC-V, Spectre/Meltdown & Intel vGPU Action
    QEMU 2.12 is now officially available as the latest stable feature update to this important component to the open-source Linux virtualization stack.