Language Selection

English French German Italian Portuguese Spanish

Security

Linux Security: Systemd, Linux/CoinMiner.BC Malware, and C Code

Filed under
Linux
Security
  • Systemd Now Can Unlock Encrypted Boot Drives Using An External Password File

    Merged today into systemd is basic keydev support for cryptsetup-generator to allow unlocking an encrypted drive by using a key file that is stored on an external drive.

    The Dracut initramfs framework has already supported unlocking encrypted drives by relying upon a key file stored on an external HDD/SSD. But until now systemd hasn't supported key files being on external block devices (keydev).

    The newly-added support to systemd allows specifying a keydev block device based upon its UUID and a path to the key, using the added luks.uuid boot parameter.

  • A look a the Linux/CoinMiner.BC malware

    I recently had the “pleasure” of helping a friend with his GNU/Linux box which was acting up. Random system processes like initctl, dbus-daemon,ssh-agent, ibus-x11, icc-daemon or even a simple sleep would suddenly consume all the CPU resources in the background, often the graphical user interface would also lag. But he couldn’t find out why – every time he tried to debug the issue, e.g. by running top, the processes at fault suddenly disappeared.

    Turns out he had infected his machine with the Linux/CoinMiner.BC malware, probably by installing an unofficial Kodi plugin. Luckily all the malware seems to do is to mine some cryptocurrency in the background (hence the name “CoinMiner”). But it takes quite a few steps to avoid detection and ensure it isn’t easily removed.

    [...]

    In theory you could log out of all user sessions, log in as root (NOT via sudo!), kill all remaining user processes and then clean/remove the listed files. Creating a new user profile, migrating all the data you actually need and then deleting the old profile is theoretically much better.

    In practice your machine was compromised and you don’t know if the attackers did more than just infect it with a cryptominer. They could have used any number of security exploits to install a rootkit or something like that. Just backup your data and reinstall the whole machine.

  • Making C less dangerous

    The C language is very powerful, widely used—particularly in the Linux kernel—and very dangerous. One of the Linux engineers outlines how developers can cope with the programming language's security weaknesses.

    You can do almost anything with C, but that doesn't mean you should. C code runs quickly, but it has no safety belt. Even if you're a C expert, as are most of the Linux kernel developers, you can still make killer blunders.

    Besides the pitfalls of, say, misusing pointer aliasing, the C language itself has fundamental, unfixed bugs that await the unwary. It's those weaknesses that Kees "Case" Cook, Google Linux kernel security engineer, addressed in a seminar at the Linux Security Summit in Vancouver, Canada.

The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

Filed under
Linux
Google
Security

While Google got the NSA-developed Speck into the Linux kernel on the basis of wanting to use Speck for file-system encryption on very low-end Android (Go) devices, last month they decided to abandon those plans and instead work out a new "HPolyC" algorithm for use on these bottom-tier devices due to all the concerns over Speck potentially being back-doored by the US National Security Agency.

After Google reverted their plans to use Speck for file-system encryption, it was called for removal from the Linux kernel with no other serious users of this code... Speck had been added to the crypto code in Linux 4.17 and then to the fscrypt bits for file-system encryption with Linux 4.18.

Read more

Security: “Barack Obama” Ransomware, Wireshark Bugfix, Reproducible Builds Report, Synesthesia

Filed under
Security

John McAfee’s Android-centric product has been cracked

Filed under
Android
Security

Greg Kroah-Hartman and Linus Torvalds Upset at Intel Over CPU Defects and Negative Response

Filed under
Linux
Hardware
Security
  • Intel blocked kernel fixes on Meltdown and Spectre

    Linux kernel developer Greg Kroah-Hartman criticized Intel's slow initial response to the Spectre and Meltdown bugs in a talk at the Open Source Summit North America.

    Kroah-Hartman said that when Intel finally decided to tell Linux developers, the disclosure was siloyed.

    "Intel silenoed SuSE, they siloed Red Hat, they siloed Canonical. They never told Oracle, and they wouldn't let us talk to each other."

  • Linux Creator On Intel CPU Bugs: “It’s Unfair. We Have To Fix Someone Else’s Problems”

    Almost all modern CPUs use Speculative Execution as a means to improve performance and efficiency. Your computer’s processor performs tons of calculations in advance and chooses the correct one according to a program’s flow. It makes sense as an idle CPU is undoubtedly a wasted resource.

    When it comes to Linux creator Linus Torvalds, he likes the way speculative execution improves performance. What irritates him is the fact that not all incorrect calculations are completely discarded — this is what turned out to be the root cause of bugs like Spectre and Meltdown.

Security: Updates, 2FA with ssh on OpenBSD, and Germany's Research

Filed under
Security
  • Security updates for Monday
  • 2FA with ssh on OpenBSD

    Five years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there's no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don't want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you'd like to use it. You could use a bastion—and use only one yubikey—but I don't like the SPOF aspect of a bastion. YMMV.

    After I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can't do that using only the tools in base. This article focuses on OpenBSD; [...]

  • Germany, seeking independence from U.S., pushes cyber security research

    Germany announced a new agency on Wednesday to fund research on cyber security and to end its reliance on digital technologies from the United States, China and other countries.

Security: Titan Security Keys and More FUD From WhiteSource

Filed under
Security

​Linus Torvalds talks frankly about Intel security bugs

Filed under
Linux
Security

At The Linux Foundation's Open Source Summit North America in Vancouver, Linus Torvalds, Linux's creator, and Dirk Hohndel, VMware VP and chief open source officer, had a wide-ranging conversation about Linux security, open-source developer, and quantum computing.

Torvalds would really like his work to get back to being boring. It hasn't been lately because of Intel's CPU Meltdown and Spectre security bugs. The root cause behind these security holes was speculative execution.

In speculative execution, when a program does a calculation, which might go several ways, the processor assumes several results and works on them. If it's wrong, it goes back to the beginning and restarts with the correct data. Because CPUs are so fast these days, it's much quicker to do this than to have the hardware sit idle waiting for data.

Torvalds "loves speculative execution. CPUs must do this." But, Torvalds is annoyed that "people didn't think about the problems of taking shortcuts with speculative execution. We knew speculative work that wasn't used had to be thrown away." It wasn't. That problem is now baked in most modern processors. The long-term fix is a new generation of Intel CPUs.

Read more

Air Canada's Data Breach

Filed under
Security
  • Air Canada app data breach involves passport numbers

    It believes data has been stolen [sic] from about 20,000 of these, and has informed members of this group via email.

  • Air Canada confirms mobile app data breach

    According to an email to customers, attackers may have accessed basic profile data, including names, email addresses and phone numbers — but also more sensitive data that users may have added to their profiles, including passport numbers and expiry date, passport country of issuance, NEXUS numbers for trusted travelers, gender, dates of birth, nationality and country of residence.

  • Air Canada says 20,000 mobile app users affected by data breach

    The app stores names and contact information, which may have been accessed.

    It also may hold information such as passport and NEXUS card numbers, gender, birth date, nationality and credit card numbers.

Syndicate content

More in Tux Machines

today's howtos

Andrew Crouthamel: How I Got Involved in KDE

Since this blog is starting after the beginning of my contributions to KDE, the first few regular posts will be explaining my prior contributions, before moving into the present. Read more

Security: Debian LTS, Linux Potential Local Privilege Escalation Bug, Australia Wants to Mandate Back Doors, Equifax Breach the Fault of Equifax

Graphics: NVIDIA and Gallium3D

  • NVIDIA Vulkan Beta Adds New KHR_driver_properties & KHR_shader_atomic_int64
    Not to be confused with the new NVIDIA Linux/Windows drivers that should be out today for RTX 2070/2080 "Turing" support and also initial RTX ray-tracing support, there is also out a new Vulkan beta driver this morning. The NVIDIA 396.54.06 driver is this new Vulkan beta and as implied by the version number is still on the current stable branch and not in the Turing era. But this driver release is quite exciting as it does bring support for two new extensions... These extensions are very fresh and not yet in the official Vulkan specification: VK_KHR_driver_properties and VK_KHR_shader_atomic_int64.
  • GeForce RTX 2080 Ti Linux Benchmarks Coming Today, NVIDIA Driver Bringing Vulkan RTX
    NVIDIA's review/performance embargo has now lifted on the GeForce RTX 2080 series ahead of the cards shipping tomorrow. I should have out initial Linux benchmarks later today, assuming Linux driver availability. As wrote about yesterday, just yesterday I ended up receiving the GeForce RTX 2080 Ti for Linux benchmarking. But, unfortunately, no Linux driver yet... But I am told it will be posted publicly soon with the Windows driver. Assuming that happens within the hours ahead, I'll still have initial RTX 2080 Ti benchmarks on Ubuntu Linux out by today's end -- thanks to the Phoronix Test Suite and recently wrapping up other NVIDIA/AMD GPU comparison tests on the current drivers.
  • Intel's New Iris Gallium3D Driver Picks Up Experimental Icelake Bits, GL Features
    One of the talks we are most interested in at XDC2018 is on the Intel "Iris" Gallium3D driver we discovered last month was in development. We stumbled across the Iris Gallium3D driver that's been in development for months as a potential replacement to their "i965" classic Mesa driver. But they haven't really detailed their intentions in full, but we should learn more next week. This is particularly exciting the prospects of an official Intel Gallium3D driver as the company is also expected to introduce their discrete GPUs beginning in 2020 and this new driver could be part of that plan.