Language Selection

English French German Italian Portuguese Spanish

Security

Warning: Grsecurity: Potential contributory infringement risk for customers

Filed under
Linux
Security

It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement risk.

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

Read more

Six Things to Do to Secure Your Linux System

Filed under
Linux
Security

Tuesday's Petya slam dunk by the bad guys, which may or may not have been a state sponsored swipe at Ukraine, was only one of several wake-up calls during the last couple of months for the folks taking care of IT security.

At least they should have been wake-up calls, but by the carnage left behind it looks as if a lot of folks have been operating their server rooms on autopilot. Not only were there patches at the ready to plug the vulnerabilities Petya used to do whatever it did (other than the fact that it probably wasn't ransomware, what it did hasn't been entirely sorted out yet), but I've heard credible first hand reports from several largish corporations that didn't have available backups.

Read more

Important CentOS 7 Linux Kernel Security Update Patches Five Vulnerabilities

Filed under
OS
Security

CentOS maintainer Johnny Hughes recently published a new security advisory for user of the CentOS 7 operating system series to inform them about an important kernel security update.

Read more

Security: Systemd, ELSA, and OutlawCountry

Filed under
Security

Security: Microsoft Windows as Attack Vector and More

Filed under
Security
  • Does Maersk Count as US Critical Infrastructure?

    By all appearances, Nyetna primarily targeted Ukraine. But in hitting Ukraine, it significantly disabled one of the key cogs to the global economy, the world’s biggest container shipping company. Does that count as an attack on the US, or at least its critical infrastructure?

  • That "ransomware" attack was really a cyberattack on Ukraine
  • Global cyber attack likely cover for malware installation in Ukraine: police official

    The primary target of a crippling computer virus that spread from Ukraine across the world this week is highly likely to have been that country's computer infrastructure, a top Ukrainian police official told Reuters on Thursday.

    Cyber security firms are trying to piece together who was behind the computer worm, dubbed NotPetya by some experts, which has paralyzed thousands of machines worldwide, shutting down ports, factories and offices as it spread through internal organizational networks to an estimated 60 countries.

    Ukrainian politicians were quick on Tuesday to blame Russia, but a Kremlin spokesman dismissed "unfounded blanket accusations". Kiev has accused Moscow of two previous cyber strikes on the Ukrainian power grid and other attacks since Russia annexed Crimea in 2014.

  • NotPetya is, er, not ransomware, victims unlikely to get files back

    Security software company Kaspersky has warned that there is "little hope for victims to recover their data" if they fall victim to the ransomware bastard because the installation ID displayed in the ransomware note, sent with the ransom so that the appropriate decryption key can be sent back, is entirely randomly generated.

  • Don’t include social engineering in penetration tests

    I encourage you to explicitly forbid social engineering attacks in your pentest scopes. Instead, try simulating the kinds of compromises that social engineering attacks lead to, with an emphasis on detection and response. This provides much more satisfying and useful outcomes, without the risks that allowing social engineering introduces.

Security Leftovers: Security Updates, Systemd, Sonatype, and Petya Ransomware

Filed under
Security

Canonical Outs Important Kernel Update for All Supported Ubuntu Linux Releases

Filed under
Security
Ubuntu

After patching a recently discovered systemd vulnerability in Ubuntu 17.04 and Ubuntu 16.10, Canonical today released a new major kernel update for all of its supported Ubuntu Linux operating systems, including Ubuntu 17.04, Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS (HWE), patching up to fifteen security flaws.

Read more

Security: OutlawCountry, WatchGuard FUD, SambaCry FUD, Overhyped Systemd Bug

Filed under
Security
  • OutlawCountry

    Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

    The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

  • WatchGuard survey indicates Linux, Web servers becoming hot targets for cyber attacks [Ed: Watchguard is a Microsoft buddy from Seattle. Its own site says it "recently became an official member of the Microsoft Partner Network”. Watch out for press releases and 'journalists' who copy-paste their PR (we saw several). Anti-Linux FUD.]
  • The SambaCry scare gives Linux users a taste of WannaCry-Petya problems [Ed: only for those who mimic/simulate Windows]
  • ​Linux's systemd vulnerable to DNS server attack
  • Systemd Bug Lets Attackers Hack Linux Boxes via Malicious DNS Packets

Security: GNU/Linux Updates, Reproducible Builds, Kaspersky, and "Choosing Windows for your organization should get you fired"

Filed under
Security
  • Security updates for Wednesday
  • Security updates for Tuesday
  • Reproducible Builds: week 113 in Stretch cycle
  • Multiple vulnerabilities found in Kaspersky Lab's Anti-Virus for Linux File Server [Newsflash: PROPRIETARY software for security is itself a security menace]

    People expect their anti-virus to protect them from malware and exploits but sometimes, even these products have their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, researchers at network security firm Core Security, have found a number of possible exploits in the Web Management Console for Kaspersky's Anti-virus for Linux File Servers.

  • Pentagon draft budget bans Kaspersky Lab products

    The draft budget said, in an amendment proposed by Senator Jeanne Shaheen, a Democrat from New Hampshire, that it "prohibits the DOD from using software platforms developed by Kaspersky Lab due to reports that the Moscow-based company might be vulnerable to Russian government influence."

  • Choosing Windows for your organization should get you fired

    I know. That’s harsh.

    But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job.

    For years, we’ve had one trojan, worm and virus after another. And almost every single one is specifically targeting Microsoft Windows. Not MacOS. Not Linux. Not DOS. Not Unix. Windows.

    Wannacry managed to infect hundreds of thousands of highly vulnerable Windows installations around the globe. It was a huge problem for many major institutions that fill their organizations with the operating system from Redmond, Washington.

    But did you learn your lesson? No.

    Then another bit of ransomware comes along, called NotPetya, and manages to take out critical systems at freaking Chernobyl. Also airports and banks. Oh, and hospitals. Can’t forget about the hospitals.

  • Met Police still running using Windows XP on 18,000 PCs

    Indeed, it would appear that the pace of change is slowing, with Metropolitan Police using Windows XP on 35,000 PCs in April 2015, 27,000 in August 2016, and 19,000 in December last year, according to Freedom of Information (FOI) Act requests.

  • Ransomware attack 'not designed to make money', researchers claim
  • Pnyetya: Yet Another Ransomware Outbreak

    The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.”

  • The Petya ransomware is starting to look like a cyberattack in disguise
  • ‘Petya’ Ransomware Outbreak Goes Global

    Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker {sic} group calling itself the Shadow Brokers.

  • Latest Ransomware Hackers Didn't Make WannaCry's Mistakes

    And while it owes its rapid spread in part to EternalBlue, the same stolen NSA exploit WannaCry leveraged, it lacks several of the traits that made WannaCry—which turned out to be an unfinished North Korean project gone awry—easier to stop.

  • A new ransomware outbreak similar to WCry is shutting down computers worldwide [Ed: Windows and NSA back doors]

    News organizations reported potentially serious disruptions around the world, with organizations throughout Ukraine being hit particularly hard. In that country, infections reportedly hit metro networks, power utility companies, government ministry sites, airports, banks, media outlets, and state-owned companies. Those affected included radiation monitors at the Chernobyl nuclear facility. A photograph published by Reuters showed an ATM at a branch of Ukraine's state-owned Oschadbank bank that was inoperable. A message displayed on the screen demanded a payment to unlock it. Meanwhile, Reuters also reported that Ukrainian state power distributor Ukrenergo said its IT systems were also hit by a cyber attack but that the disruption had no impact on power supplies or broader operations. Others hit, according to Bloomberg, included Ukrainian delivery network Nova Poshta, which halted service to clients after its network was infected. Bloomberg also said Ukraine's Central Bank warned on its website that several banks had been targeted by hackers.

  • AlertSec Aims to Make Encryption Security More Accessible

    Ebba Blitz isn't a typical technology industry CEO and the company she leads isn't a typical security vendor either. Blitz joined AlertSec after a career in journalism in Sweden where she honed her craft of making complex subjects more understandable which is what she's now doing in a different capability with security at AlertSec

    "We help small and medium sized companies get the same level of security that larger enterprises normally have, in terms of full-disk encryption and we manage it for them," Blitz said.

  • Don't panic, but Linux's Systemd can be pwned via an evil DNS query
  • Global ransomware attack causes turmoil

    The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

  • Episode 53 - A plane isn't like a car

    Josh and Kurt talk about security through obscurity, airplanes, the FAA, the Windows source code leak, and chicken sandwiches.

  • WikiLeaks Dump Reveals a Creepy CIA Location-Tracking Trick

    If you're using a Windows laptop or PC you could add another group to the list: the CIA.

  • WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices

    The whistleblowing platform released what appears to be the CIA's user manual for the ELSA project as evidence.
    WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA "Brutal Kangaroo” hacking tool.

  • Ohio Gov. Kasich’s website, dozens of others defaced using year-old exploit

    DNN Platform is a popular content management system (particularly with state and local governments) based on Windows Server and the ASP.NET framework for Microsoft Internet Information Server. DNN Platform is open source and available for free—making it attractive to government agencies looking for something low cost that fits into their existing Windows Server-heavy organizations. A review of the HTML source of each of the sites attacked by Team System DZ showed that they were running a vulnerable version of the content management system DNN Platform—version 7.0, which was released in 2015.

  • Linux malware gaining favor among cybercriminals [Ed: Doug Olenick, Online Editor, rewrote a press release of a company that needs to badmouth GNU/Linux (for SALES)]
Syndicate content

More in Tux Machines

Tizen News

OSS Leftovers

  • How Open Source Tech Helps Feds Solve Workforce Turnover Issues
    Just as a mainframe from decades ago might be ready for retirement, the IT staff who originally procured and installed that system might also be preparing for a new phase in their lives. It’s up to the current and next generation of government IT employees to prepare for that eventuality, but there are indications they may not be ready, despite evidence that older IT professionals are retiring or will soon be leaving their positions. Unfortunately, a skills gap exists even among younger generation IT workers. Agencies are scrambling to find personnel with expertise in cloud service management, cybersecurity, technical architecture and legacy technologies, such as common business-oriented language (COBOL) and mainframes, among other areas. At the same time that many workers are getting ready to retire, leaving behind a wealth of knowledge, many younger IT professionals are struggling to gain the knowledge they will need to take their agencies into the future.
  • Introducing Fn: “Serverless must be open, community-driven, and cloud-neutral”
    Fn, a new serverless open source project was announced at this year’s JavaOne. There’s no risk of cloud lock-in and you can write functions in your favorite programming language. “You can make anything, including existing libraries, into a function by packaging it in a Docker container.” We invited Bob Quillin, VP for the Oracle Container Group to talk about Fn, its best features, next milestones and more.
  • Debian seminar in Yokohama, 2017/11/18
    I had attended to Tokyo area debian seminar #157. The day’s special guest is Chris Lamb, the Debian Project Leader in 2017. He had attended to Open Compliance Summit, so we invited him as our guest.
  • Overclock Labs bets on Kubernetes to help companies automate their cloud infrastructure
    Overclock Labs wants to make it easier for developers to deploy and manage their applications across clouds. To do so, the company is building tools to automate distributed cloud infrastructure and, unsurprisingly, it is betting on containers — and specifically the Kubernetes container orchestration tools — to do this. Today, Overclock Labs, which was founded two years ago, is coming out of stealth and announcing that it raised a $1.3 million seed round from a number of Silicon Valley angel investors and CrunchFund — the fund that shares a bit of its name and history with TechCrunch but is otherwise completely unaffiliated with the blog you are currently reading.
  • MariaDB Energizes the Data Warehouse with Open Source Analytics Solution
    MariaDB® Corporation, the company behind the fastest growing open source database, today announced new product enhancements to MariaDB AX, delivering a modern approach to data warehousing that enables customers to easily perform fast and scalable analytics with better price performance over proprietary solutions. MariaDB AX expands the highly successful MariaDB Server, creating a solution that enables high performance analytics with distributed storage and parallel processing, and that scales with existing commodity hardware on premises or across any cloud platform. With MariaDB AX, data across every facet of the business is transformed into meaningful and actionable results.
  • AT&T Wants White Box Routers with an Open Operating System [Ed: AT&T wants to openwash its surveillance equipment]
    AT&T says it’s not enough to deploy white box hardware and to orchestrate its networks with the Open Network Automation Platform (ONAP) software. “Each individual machine also needs its own operating system,” writes Chris Rice, senior vice president of AT&T Labs, Domain 2.0 Architecture, in a blog post. To that end, AT&T announced its newest effort — the Open Architecture for a Disaggregated Network Operating System (dNOS).
  • Intel Lands Support For Vector Neural Network Instructions In LLVM
  • p2k17 Hackathon report: Antoine Jacoutot on ports+packages progress
  • GCC 8 Feature Development Is Over
    Feature development on the GCC 8 compiler is over with it now entering stage three of its development process. SUSE's Richard Biener announced minutes ago that GCC 8 entered stage three development, meaning only general bug fixing and documentation updates are permitted.
  • 2018 Is The Year For Open Source Software For The Pentagon
  • Open-source defenders turn on each other in 'bizarre' trademark fight sparked by GPL fall out
    Two organizations founded to help and support developers of free and open-source software have locked horns in public, betraying a long-running quarrel rumbling mostly behind the scenes. On one side, the Software Freedom Law Center, which today seeks to resolve licensing disputes amicably. On the other, the Software Freedom Conservancy, which takes a relatively harder line against the noncompliance of licensing terms. The battleground: the, er, US Patent and Trademark Office. The law center has demanded the cancellation of a trademark held by the conservancy.
  • Open Source Underwater Glider: An Interview with Alex Williams, Grand Prize Winner
    Alex Williams pulled off an incredible engineering project. He developed an Autonomous Underwater Vehicle (AUV) which uses a buoyancy engine rather than propellers as its propulsion mechanism and made the entire project Open Source and Open Hardware.

Programming Leftovers

Security: Linux, Free Software Principles, Microsoft and Intel

  • Some 'security people are f*cking morons' says Linus Torvalds
    Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel. Torvalds' ire was directed at open software aficionado and member of Google's Pixel security team Kees Cook, who he has previously accused of idiocy. Cook earned this round of shoutiness after he posted a request to “Please pull these hardened usercopy changes for v4.15-rc1.”
  • Free Software Principles
    Ten thousand dollars is more than $3,000, so the motives don't add up for me. Hutchins may or may not have written some code, and that code may or may not have been used to commit a crime. Tech-literate people, such as the readers of Linux Magazine, understand the difference between creating a work and using it to commit a crime, but most of the media coverage – in the UK, at least – has been desperate to follow the paradigm of building a man up only to gleefully knock him down. Even his achievement of stopping WannaCry is decried as "accidental," a word full of self-deprecating charm when used by Hutchins, but which simply sounds malicious in the hands of the Daily Mail and The Telegraph.
  • New warning over back door in Linux
    Researchers working at Russian cyber security firm Dr Web claim to have found a new vulnerability that enables remote attackers to crack Linux installations virtually unnoticed. According to the anti-malware company, cyber criminals are getting into the popular open-source operating system via a new backdoor. This, they say, is "indirect evidence" that cyber criminals are showing an increasing interest in targeting Linux and the applications it powers. The trojan, which it's calling Linux.BackDoor.Hook.1, targets the library libz primarily. It offers compression and extraction capabilities for a plethora of Linux-based programmes.
  • IN CHATLOGS, CELEBRATED HACKER AND ACTIVIST CONFESSES COUNTLESS SEXUAL ASSAULTS
  • Bipartisan Harvard panel recommends hacking [sic] safeguards for elections
     

    The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year. Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton’s campaign chair, John Podesta, have succeeded because basic security practices were not followed.  

  • Intel Chip Flaws Leave Millions of Devices Exposed
     

    On Monday, the chipmaker released a security advisory that lists new vulnerabilities in ME, as well as bugs in the remote server management tool Server Platform Services, and Intel’s hardware authentication tool Trusted Execution Engine. Intel found the vulnerabilities after conducting a security audit spurred by recent research. It has also published a Detection Tool so Windows and Linux administrators can check their systems to see if they're exposed.