Language Selection

English French German Italian Portuguese Spanish

Security

Security: SSH Honey Keys and Chaos of Microsoft/NSA

Filed under
Security
  • SSH Honey Keys

    The thought behind honey keys is similar to Honeywords, a concept published a while ago to help identify attempts to use data collected in breaches to gain unauthorized access to a user account. In our case, the attacker attempts to authenticate with the honey key, the action is logged (or another action chosen by the defender) and an alarm is sounded for use of the key.

  • Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

    One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.

    On Monday, security firm Symantec reported that two of those advanced [attack] tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat [attack] group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.

  • Turla LightNeuron: An email too far

    Recently, ESET researchers have investigated a sophisticated backdoor used by the infamous espionage group Turla, also known as Snake. This backdoor, dubbed LightNeuron, has been specifically targeting Microsoft Exchange mail servers since at least 2014. Although no samples were available for analysis, code artefacts in the Windows version lead us to believe that a Linux variant exists.

  • Researchers discover highly stealthy Microsoft Exchange backdoor

    Aside from the Transport Agent, which is dropped in the Exchange folder located in the Program Files folder and registered in the mail server’s configuration, the backdoor also uses a DLL file containing most of the malicious functions needed by the Transport Agent.

    As mentioned before, the backdoor can block emails, modify their body, recipient and subject, created a new email, replace attachments, and re-create and re-send the email from the Exchange server to bypass the spam filter.

    It can create email and attachment logs, encrypt emails and store then, and parse JPG/PDF attachments and decrypt and execute the commands found in them.

    LightNeuron can also be instructed to write and execute files, delete and exfiltrate them, execute processes, disable itself, perform extensive logging (backdoor actions, debug, error, etc.) and perform automatic file exfiltration at a particular time of the day and night.

  • Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server

    "It's not really a vulnerability. They are using legitimate functionality [of Exchange]," he says.

    Microsoft was not available for comment at the time of this posting.

  • New backdoor targets Microsoft Exchange mail servers

    The malware was able to use the transport agent to read and modify every email passing through the server, compose and send emails, and block any email.

    ESET said LightNeuron used steganography to hide its commands inside a PDF document or a JPG image.

Security: FOSS Updates, Russia and China Having Fun With NSA Back Doors, SDDC, Firefox Issues Fixes

Filed under
Security

Security: Cyberseek, Ransom, Google, Huawei and GNOME

Filed under
Security
  • Wired for Safety: Cybersecurity professionals in demand

    We desperately need more cybersecurity professionals. The Bureau of Labor Statistics predicts a 28% increase in the need for cybersecurity professionals by 2021. In 2016, they estimated that there were 100,000 jobs open and Cyberseek suggests there were over 313,000 online job listings between 2017 and 2018.

  • How Does Ransomware Work (And Is It Still A Threat)? [Ed: All ransomware exploits or relies on inherently insecure systems, or those with back doors, like all the proprietary software operation systems (where part of the design is intentional insecurity)]

    Threats come and go, but one thing remains the same: the ability of cybercriminals to adapt to circumstances. A brief decline of interest in ransomware as criminals focused their attention on cryptojacking during the previous year appears to have come to an end, and ransomware attacks are once again escalating.

    In this post, we’ll explain what ransomware is, how it spreads, how prevalent it is and what you can do to protect yourself against it.

  • Google Releases Android Security Patch for May 2019, Includes 30 Security Fixes
  • Huawei Hypocrisy

    Theresa May almost certainly sacked Gavin Williamson not just on the basis of a telephone billing record showing he had a phone call with a Telegraph journalist, but on the basis of a recording of the conversation itself. It astonishes me that still, after Snowden and his PRISM revelations, after Wikileaks Vault 7 releases, and after numerous other sources including my own humble contribution, people still manage to avoid the cognitive dissonance that goes with really understanding how much we are surveilled and listened to. Even Cabinet Ministers manage to pretend to themselves it is not happening.

    The budget of the NSA, which does nothing else but communications intercept, is US $14.2 billion this year. Think about that enormous sum, devoted to just communications surveillance, and what it can achieve. The budget of the UK equivalent, GCHQ, is £1.2 billion, of which about 10% is paid by the NSA. Domestic surveillance in the UK has been vastly expanded and many taboos broken. But the bedrock of the system with regard to domestic intercepts is still that legal restrictions are dodged, as the USA’s NSA spies on UK citizens while the UK’s GCHQ spies on US citizens, and then the information is swapped. It was thus probably the NSA that harvested Williamson’s phone call, passing the details on. Given official US opposition to the UK employing Huawei technology, Williamson’s call would have been a “legitimate” NSA target.

    Mass surveillance works on electronic harvesting. Targeted phone numbers apart, millions of essentially random calls are listened to electronically using voice recognition technology and certain key words trigger an escalation of the call. Williamson’s call discussing Huawei, China, the intelligence services, and backdoors would certainly have triggered recording and been marked up to a human listener, even if his phone was not specifically targeted by the Americans – which it almost certainly was.

  • Georges Basile Stavracas Neto: Restricting users

    Imagine for a second that you are in an elementary school. The leadership is optimistic on exposing students to technology. They have set up big rooms with rows and rows of computers ready for their students to use.

    Would you give complete permissions to these teenagers using the computers? Would you allow them to install and uninstall programs as they wish, access any website they feel like, use for as much time they want?

Tails 3.13.2 is out

Filed under
Security
Debian

This release is an emergency release to fix a critical security vulnerability in Tor Browser.

Read more

Security: Updates, CPU Defects, New Exploits for Unsecure SAP Systems and Password Manager Improvements in Firefox 67

Filed under
Security

Security: Information Operations Kill Chain, Reproducible Builds, Dynamic Application Security Testing

Filed under
Security
  • Towards an Information Operations Kill Chain

    On a similar note, it's time to conceptualize the "information operations kill chain." Information attacks against democracies, whether they're attempts to polarize political processes or to increase mistrust in social institutions, also involve a series of steps. And enumerating those steps will clarify possibilities for defense.

    I first heard of this concept from Anthony Soules, a former National Security Agency (NSA) employee who now leads cybersecurity strategy for Amgen. He used the steps from the 1980s Russian "Operation Infektion," designed to spread the rumor that the U.S. created the HIV virus as part of a weapons research program. A 2018 New York Times opinion video series on the operation described the Russian disinformation playbook in a series of seven "commandments," or steps. The information landscape has changed since 1980, and information operations have changed as well. I have updated, and added to, those steps to bring them into the present day: [...]

  • Reproducible Builds in April 2019

    As a quick recap, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users pre-compiled. The motivation behind reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

  • 3 Opensource Tools for DAST

    DAST or Dynamic Application Security Testing is a method of black-box penetration testing. To understand why DAST is preferred over SAST, let’s take an example. Let’s assume you bought a new car, and you are ready for a test drive. You start the engine, it works, but when you try to stop the vehicle, the brake doesn’t work. You now know that you have a problem, you don’t know what it is, but there is a problem. The DAST approach will comprise of testing the brakes and related parts whereas the SAST approach will completely disassemble the car to look for a flaw. Although, SAST approach might look more precise at the same time is very overwhelming, but on the other hand, the DAST approach is more practical and real-world.

Security Leftovers

Filed under
Security

Security and DRM Leftovers

Filed under
Security
  • Why Do Infosec People Wear Masks?

    Others conduct security research and focus on disclosing security vulnerabilities to organizations, something which carries a significant amount of legal risk for the researchers, even when done responsibly. I have seen security researchers attacked, sued, slurred, accused and arrested when they try to tell organizations about their vulnerabilities, too often do organizations lash out and try to shoot the messenger.

    Unfortunately there are also trolls, serial harassers and people who try to make life hard for you if they discovered your true identity. There are toxic people in every industry and infosec has its fair share, people who will call your employers to try and have you fired if you disagree with them publicly, or say something they do not like. There are people who harass women and make life hell for them, this happens more often than anyone wants to admit and is a real problem for women in infosec.

  • CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD

    This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.

  • Right to Repair Bill Killed After Big Tech Lobbying In Ontario

    The bill, which was put forward by Liberal MPP Michael Coteau in February, aimed to force companies like Apple to provide small businesses and average consumers with official parts, diagnostic tools, and repair manuals upon request, and at a fair price. It would have been the first such law in North America—though 20 US states are considering similar legislation—and threatened to send consumer-friendly ripple effects throughout major electronic manufacturers’ global operations.

  • Controversial Wikipedia Edits Wipe Out Denuvo Crack History

    People interested in whether a particular Denuvo-protected game has been cracked or not can no longer quickly visit the relevant Wikipedia page and view the information easily. Controversial edits to the official Denuvo page have removed an easy-to-read column, in part due to the claim that the sources used to report pirate releases are unreliable.

  • Ubisoft Adopts ‘Silent Key Activation’ To Get Rid Of Game Activation Keys

    Ubisoft wants the gaming world to end the use of game activation keys in pursuit of burying the ‘grey market’ where reselling of game activation keys takes place.

    The grey market for game key resellers has always been a sore eye for publishers as they hurt sales directly and many of these keys are bought using stolen credit cards.

Security: Supermicro, Alastair MacGibbon, Ransom for Bitcoins

Filed under
Security
  • Supermicro ditching Chinese boards due to 'spying fears'

    The hardware company at the heart of a Bloomberg story, that claimed its supply chain had been compromised by agents in China in a bid to spy on some customers, is reportedly asking its suppliers to move manufacturing out of Beijing.

    A Nikkei report said server maker Supermicro Computer had issued the advice in a bid to address American customers' concerns about the risks of cyber spying. Supermicro earns more than 60% of its revenue in America.

    The move appears to be driven more by the trade tensions between the US and China. Last year, Supermicro used Chinese-made motherboards in less than half the 1.55 million servers it shipped, compared to more than 90% in 2017, according to Betty Shyu, a server analyst at Taipei-based Digitimes.

    The Bloomberg story, published in April last year, claimed that the supply chain manipulation had been done by implanting chips on mainboards made for it by a Chinese supplier.

  • Cyber security chief MacGibbon quits, set to enter private sector

    The head of the Australian Cyber Security Centre, Alastair MacGibbon, has handed in his resignation a fortnight before the nation goes to the polls.

    His leaving is apparently driven by a desire to capitalise on the growing market for cyber security specialists in the private sector.

  • Hackers Are Deleting Git Repos And Holding Code Ransom For Bitcoins

    Git hosting services like GitHub, Bitbucket, and GitLab are under ransom attack where hundreds of Git source code repositories have been wiped out and replaced with a ransom demand by attackers.

    The mysterious hackers have launched a coordinated attack across multiple Git repository platforms. It is unclear how this level of attack took place, but a ransom note left behind asks for a payment of 0.1 Bitcoin (around $570) in exchange for releasing the codes.

Security: Updates, Anitya, Dell, Password Manager Roundup and Apple is Faking It

Filed under
Security
  • Security updates for Friday
  • Get notified of new upstream releases

    There is a really useful service Anitya that resides on release-monitoring.org. It watches almost 20 thousand projects for new releases and notify about them.

    I maintain several packages in Fedora and the Fedora Project already makes it really convenient for me. It uses Anitya and opens a new bug against your package every time there is a new upstream release which I close once I update the package. But not every project gives you this service.

    I also maintain several apps on Flathub which doesn’t provide such a service (yet). And it’s even more important to know about new upstream releases because besides the apps themselves I also have to maintain their dependencies which are not available in runtimes. Especially Evolution has quite a few of them.

  • Remote Code Execution on most Dell computers

    What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, I’ll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to “proactively check the health of your system’s hardware and software” and which is “preinstalled on most of all new Dell devices”.

  • 17-Yr-Old Finds Dell Laptops And PCs Are Vulnerable To Remote Attack

    ell laptop and computer owners beware! Your machine is vulnerable to an attack that can be executed remotely to hijack your system — just by making you visit a malicious website.

    As reported by ZDNet, a 17-year-old security researcher, Bill Demirkapi, discovered a vulnerability in the Dell SupportAssist utility that allows attackers to execute malicious codes remotely.

  • Dell laptops and computers vulnerable to remote hijacks
  • Password Manager Roundup

    I used to teach people how to create "good" passwords. Those passwords needed to be lengthy, hard to guess and easy to remember. There were lots of tricks to make your passwords better, and for years, that was enough.

    That's not enough anymore.

    It seems that another data breach happens almost daily, exposing sensitive information for millions of users, which means you need to have separate, secure passwords for each site and service you use. If you use the same password for any two sites, you're making yourself vulnerable if any single database gets compromised.

    There's a much bigger conversation to be had regarding the best way to protect data. Is the "password" outdated? Should we have something better by now? Granted, there is two-factor authentication, which is a great way to help increase the security on accounts. But although passwords remain the main method for protecting accounts and data, there needs to be a better way to handle them—that's where password managers come into play.

  • Apple Is Telling Lawmakers People Will Hurt Themselves if They Try to Fix iPhones

    In recent weeks, an Apple representative and a lobbyist for CompTIA, a trade organization that represents big tech companies, have been privately meeting with legislators in California to encourage them to kill legislation that would make it easier for consumers to repair their electronics, Motherboard has learned.

    According to two sources in the California State Assembly, the lobbyists have met with members of the Privacy and Consumer Protection Committee, which is set to hold a hearing on the bill Tuesday afternoon. The lobbyists brought an iPhone to the meetings and showed lawmakers and their legislative aides the internal components of the phone. The lobbyists said that if improperly disassembled, consumers who are trying to fix their own iPhone could hurt themselves by puncturing the lithium-ion battery, the sources, who Motherboard is not naming because they were not authorized to speak to the media, said.

Syndicate content

More in Tux Machines

GNOME: Theming, Mutter and Sprint 1

  • App Devs Ask Linux Distros to “Stop Theming Our Apps”
    A group of independent Linux app developers have written an open letter to ask wider GNOME community to ask: “stop theming our apps”. The letter is addressed to the maintainers of Linux distributions who elect to ship custom GTK and icons themes by default in lieu of upstream defaults. By publicising the issues they feel stem from the practice of “theming” it’s hoped that distros and developers might work together to create a “healthier GNOME third party app ecosystem”.
  • A Group of Independent Linux App Developers Has Asked Wider GNOME Community To 'Stop Theming' Its Apps
  • GNOME's Mutter Makes Another Step Towards X11-Less, Starting XWayland On-Demand
    GNOME 3.34 feature development continues at full-speed with a lot of interesting activity this cycle particularly on the Mutter front. On top of the performance/lag/stuttering improvements, today Mutter saw the merging of the "X11 excision" preparation patches. The Mutter patches by longtime GNOME developer Carlos Garnacho around preparing for X11 excision were merged minutes ago.
  • Georges Basile Stavracas Neto: New Background panel, Calendar search engine, GTK4 shortcut engine (Sprint 1)
    GNOME To Do is full GTK4 these days. Which means it’s both a testbed for new GTK4 features, and also a way to give feedback as an app developer for the GTK team. Unfortunately, it also means To Do is blocked on various areas where GTK4 is lacking. One of these areas is keyboard shortcut. Last year, Benjamin wrote a major revamp for keyboard shortcuts. As part of this cycle, I decided to rebase and finish it; and also make To Do use the new API. Unfortunately, I failed to achieve what I set myself to. Turns out, adding a shortcuts engine to GTK4 is more involving and requires way more context than I had when trying to get it up to speed. I failed to predict that one week would have not been enough to finish it all. However, that does not mean all the efforts were wasted! The rebasing of the shortcuts engine was a non-trivial task successfully completed (see gtk!842), and I also fixed a few bugs while working on it. I also got a working prototype of GNOME To Do with the new APIs, and confirmed that it’s well suited — at least for a simpler application such as To Do. In retrospect, I believe I should have been more realistic (and perhaps slightly pessimistic) about the length and requirements of this task.

Programming: SVE2, Graphical Interface, Guile, Python and More

  • Arm SVE2 Support Aligning For GCC 10, LLVM Clang 9.0
    Given the significant performance benefits to Arm's Scalable Vector Extension 2 (SVE2), they are working on ensuring the open-source Linux compiler toolchains support these new CPU instructions ahead of SoCs shipping that support this big addition. Arm announced Scalable Vector Extension 2 (SVE2) recently as their latest advancement around SIMD programming and increasing data-level parallelism in programs. SVE2 is designed to ultimately deliver better SIMD performance than their long-available Neon extensions and to scale the performance with vector length increases as well as enabling auto-vectorization techniques. More details in this post on SVE2.
  • Intake: Discovering and Exploring Data in a Graphical Interface
    Do you have data that you’d like people to be able to explore on their own? Are you always passing around snippets of code to load specific data files? These are problems that people encounter all the time when working in groups and using the same datasources or when trying to distribute data to the public. Some users are comfortable interacting with data entirely programatically, but often it is helpful to use a GUI (Graphical User Interface) instead. With that in mind we have reimplemented the Intake GUI so that in addition to working in a jupyter notebook, it can be served as a web application next to your data, or at any endpoint.
  • lightening run-time code generation
    The upcoming Guile 3 release will have just-in-time native code generation. Finally, amirite? There's lots that I'd like to share about that and I need to start somewhere, so this article is about one piece of it: Lightening, a library to generate machine code.
  • Python Language Creator: “Male Attitude” Is Hurting The Programming Space
    Guido van Rossum is a famous name in the programming world. He is the creator of the Python programming language which was developed back in 1989. It is only since the last few years when this general-purpose programming language started gaining popularity. The number of Python users has increased significantly and it was not only named as the best programming language by IEEE but also the most asked-about language on Stack Overflow, overthrowing JavaScript — the all-time winner for decades.
  • Avant-IDLE: an experiment

Dear Ubuntu: Please Stop Packaging Epiphany If You Won’t Do It Properly

When users try Epiphany on Ubuntu, they receive a sub-par, broken browser. If you’re not willing to do this right, please just remove Epiphany from your repositories. We’d all be happier this way. You are the most popular distributor of Epiphany by far, and your poor packaging is making the browser look bad. Read more

Security Leftovers

  • Security updates for Friday
  • Episode 19: Democratizing Cybersecurity
    Katherine Druckman and Doc Searls talk to Alex Gounares of Polyverse Linux about Cybersecurity for everyone.
  • Introducing the Librem Tunnel
    You probably know by now that the Librem Tunnel is part of Librem One, a suite of privacy-protecting, no-tracking apps and services created by our team at Purism, which also includes Librem Mail, Librem Chat and Librem Social. Librem Tunnel offers an encrypted, no-logging, virtual private network tunnel, making sure all your network traffic is secure and your privacy fully protected. This means you can safely and conveniently use any public hotspot and not have to worry about how private your connection really is, using standards-based OpenVPN with any compatible client. You are not the product in Librem Tunnel: you will not be tracked, we do not sell your data, and we don’t advertise.
  • Trump Explains Why He Banned Huawei, And It’s Not Convincing
    The world’s two biggest economies are indulged in a trade war and the toll is being paid by the Chinese company Huawei, which is being erased from existence in the US. The US government has already blacklisted Huawei, causing a big blow to its growing smartphone business across the globe. After the temporary license ends in August, it won’t be able to do any business with US-based companies unless the ban is lifted.
  • Snort Alerts
    It was previously explained on LinuxHint how to install Snort Intrusion Detection System and how to create Snort rules. Snort is an Intrusion Detection System designed to detect and alert on irregular activities within a network. Snort is integrated by sensors delivering information to the server according to rules instructions. In this tutorial Snort alert modes will be explained to instruct Snort to report over incidents in 5 different ways (ignoring the “no alert” mode), fast, full, console, cmg and unsock. If you didn’t read the articles mentioned above and you don’t have previous experience with snort please get started with the tutorial on Snort installation and usage and continue with the article on rules before continuing this lecture. This tutorial assumes you have Snort already running.