Language Selection

English French German Italian Portuguese Spanish

Security

Security: Kaspersky, GDPR, NIST, Voting

Filed under
Security
  • Kaspersky purged from 'vast majority' of US government systems

    Michael Duffy, who leads cybersecurity and communications at the DHS, explained that fewer than half of their agencies were using Kaspersky's anti-virus software.

  • The EU’s GDPR is even more relevant to Linux systems, and here is why

    This new regulation represents a tightening of the data protection laws. The new regulation requires far faster responses to data breaches (within 72 hours), and the maximum penalty for breaching the legislation has increased by over four times to twenty million euros or four percent of a business’s annual global turnover, whichever is higher. In addition, GDPR will unify the processes by which EU countries regulate their data security. This will ensure breaches are easier to report, investigate and respond to the new supervisory authorities being introduced.

  • New Network Security Standards Will Protect Internet’s Routing

    Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the National Institute of Standards and Technology (NIST) will reduce the risk of messages being intercepted or stolen. These standards address a security weakness that has been a part of the internet since its earliest days.

  • Disney-branded internet filter had Mickey Mouse security

    A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month.

    That's what Cisco Talos's William Largfent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand.

    Whatever its qualities in filtering an screen time management, the US$99 box is riddled with 23 vulns, as the Talos post discloses.

  • Episode 68 - Ruining the Internet: Episode 68 - Ruining the Internet
  • Security updates for Wednesday
  • Trump administration reportedly kills vehicle-to-vehicle safety mandate [Updated]
  • Members of Congress want you to hack the US election voting system

    This summer, DefCon's "Voting Machine Hacking Village" turned up a host of US election vulnerabilities (PDF). Now, imagine a more mainstream national hacking event backed by the Department of Homeland Security that has the same goal: to discover weaknesses in voting machines used by states for local and national elections.

    That might just become a reality if federal legislation (PDF) unveiled Tuesday becomes law. The proposal comes with a safe harbor provision to exempt participants from federal hacking laws. Several federal exemptions for ethical hacking that paved the way for the DefCon hacking village expire next year.

    The bipartisan "Securing America's Voting Equipment Act" also would provide election funding to the states and would designate voting systems as critical infrastructure—a designation that would open up communication channels between the federal government and the states to share classified threat information.

Security: Nextcloud, Microsoft/Windows, Canonical/Ubuntu

Filed under
Security

pfSense 2.3.5-RELEASE now available

Filed under
Security

As we have promised, will will continue to deliver security and stability fixes to the pfSense 2.3.x line even after we have released pfSense 2.4.0, since i386 and NanoBSD were deprecated in pfSense 2.4.0. These updates will continue for a minimum of one year after the pfSense 2.4.0 release date, which means they will continue through at least October 2018.

Read more

Security: Certificate Authorities, Coverity SPAM, and WordPress Patches

Filed under
Security
  • Mozilla devs discuss ditching Dutch CA, because cryptowars

    Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list.

    The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries, and also grants broad-based interception powers to Dutch security services.

  • Francisco Partners Acquires Comodo's Certificate Authority Business

    Private equity firm Francisco Partners announced on Oct. 31 that it has acquired the SSL/TLS Certificate Authority (CA) business from security firm Comodo Group. Financial terms of the deal are not being publicly disclosed.

    "This is a carve-out of the Comodo SSL business, which is now going to be a separate legal and operational entity," Bill Holtz, CEO of Comodo CA told eWEEK.

  • Open source developers make progress in adopting secure practices [Ed: Coverity marketing disguised as an article. Because journalism is dead. The business model is PR as 'reports']
  • WordPress 4.8.3 Security Release

Security: UEFI, Windows and NSA Back Doors

Filed under
Security
  • Replace Your Exploit-Ridden Firmware with Linux

    With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.

  • Your Windows Login Details Can Be Stolen By Hackers Without User Interaction

    From time to time, the security researchers continue to make us realize that Windows operating system is full of loopholes that can be exploited by hackers to steal our data. One such vulnerability was patched by Redmond in recent patch Tuesday.

  • NSA hacking tool EternalRomance found in BadRabbit

    Several research firms have named EternalRomance as the tool BadRabbit used to spread through an organisation once the ransomware was installed in a host computer. When the cyber-attack first sprang up on 24 October there were many reports claiming that EternalBlue, the tool made famous with the Petya/NotPetya attacks that took place earlier this year, was the culprit, but this was quickly disproven by researchers. However, EternalRomance does share at least one similarity with the other attack, each exploits the same Microsoft vulnerability.

Security: Joanna Rutkowska and Microsoft's NSA Back Doors

Filed under
Security

Security: Updates, Reaper, KRACK, Cryptographic kKeycards, Flexera's FUD, Google Play, Windows BadRabbit

Filed under
Security
  • Security updates for Friday
  • Assessing the threat the Reaper botnet poses to the Internet—what we know now
  • KRACK, ROCA, and device insecurity

    It is a fairly bleak picture from a number of different viewpoints. One almost amusing outcome of this mess is contained near the end of Vanhoef's KRACK web page. He notified OpenBSD of the flaw in mid-July with an embargo (at the time) until the end of August. OpenBSD leader Theo de Raadt complained about the length of the embargo, so Vanhoef allowed OpenBSD to silently patch the flaw. "In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo." That might not quite be the outcome De Raadt was hoping for with his (quite reasonable) complaint, especially given that Vanhoef strongly hints that there are other WiFi vulnerabilities in the pipeline.

  • A comparison of cryptographic keycards

    An earlier LWN article showed that private key storage is an important problem to solve in any cryptographic system and established keycards as a good way to store private key material offline. But which keycard should we use? This article examines the form factor, openness, and performance of four keycards to try to help readers choose the one that will fit their needs.

    I have personally been using a YubiKey NEO, since a 2015 announcement on GitHub promoting two-factor authentication. I was also able to hook up my SSH authentication key into the YubiKey's 2048 bit RSA slot. It seemed natural to move the other subkeys onto the keycard, provided that performance was sufficient. The mail client that I use, (Notmuch), blocks when decrypting messages, which could be a serious problems on large email threads from encrypted mailing lists.

    So I built a test harness and got access to some more keycards: I bought a FST-01 from its creator, Yutaka Niibe, at the last DebConf and Nitrokey donated a Nitrokey Pro. I also bought a YubiKey 4 when I got the NEO. There are of course other keycards out there, but those are the ones I could get my hands on. You'll notice none of those keycards have a physical keypad to enter passwords, so they are all vulnerable to keyloggers that could extract the key's PIN. Keep in mind, however, that even with the PIN, an attacker could only ask the keycard to decrypt or sign material but not extract the key that is protected by the card's firmware.

  • Study Examines Open Source Risks in Enterprise Software [Ed: Microsoft network promotes anti FOSS 'study' (marketing by Flexera)]
  • Google Play Protect is 'dead last' at fingering malware on Android

    Last month, German software testing laboratory AV-Test threw malware at 20 Android antivirus systems – and now the results aren't particularly great for Google.

    Its Play Protect system, which is supposed block malicious apps from running on your handheld, was beaten by every other anti-malware vendor.

  • NSA hacking tool EternalRomance found in BadRabbit

Security: UEFI Risks and Bad Rabbit (Microsoft Windows Strikes Again)

Filed under
Security

Security: Reaper, Bad Rabbit, Kaspersky, CAPTCHA Weaknesses

Filed under
Security

Security: Updates, Microsoft Windows TCO (Bad Rabbit), Back Doors, Honeypot, Security by Obscurity

Filed under
Security
  • Security updates for Thursday
  • Security updates for Wednesday
  • New ransomware strain spreads in some European countries [iophk: "Microsoft Windows TCO"]

     

    A new strain of Windows ransomware, dubbed Bad Rabbit, is spreading in eastern Europe through drive-by attacks, the security firm Kaspersky Lab reported overnight.  

  • Bad Rabbit Ransomware Attack Is On The Rise — Here’s What You Need To Know
  • New wave of data-encrypting malware hits Russia and Ukraine

    Beaumont went on to say that Bad Rabbit relies on hard-coded credentials that are commonly used in enterprise networks for file sharing and takes aim at a particularly vulnerable portion of infected computers' hard drives known as the master boot record. A malicious file called infpub.dat appears to be able to use the credentials to allow the Bad Rabbit to spread to other Windows computers on the same local network, Kaspersky Labs' blog post added. In a second blog post, Eset said the malware also uses the Mimikatz network administrative tool to harvest credentials from the affected systems.

  • What is Bad Rabbit ransomware?
  • The DOJ's Bizarre Subpoena Over An Emoji Highlights Its Ridiculous Vendetta Against A Security Researcher

    Yesterday we broke the crazy story of how the DOJ issued a subpoena to Twitter attempting to identify five Twitter users, not because of anything they had done, but because someone else the DOJ disliked -- a security researcher named Justin Shafer -- had tweeted an emoji at them in response to a discussion about a different case. You can read all the details in that original post, in case you missed it yesterday. There was so much craziness in that story that I didn't even get to cover all of it. Some of those named in the subpoena have posted their thoughts -- including Ken "Popehat" White and Keith Lee. I suggest reading both, as the subpoena directed at each of them was particularly silly, given that both freely make their identities public. The DOJ didn't seem to do even the slightest research into the accounts it was demanding info on, or it would have known just how easy it was to "unmask" White and Lee.

  • Modern Cybersecurity Totally Futile in Quantum Computing Era

    Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at 15-25 years.

  • 4 extra-strength container security tools for Docker and Kubernetes

    Docker-style containers aren’t just a way to deploy software more quickly or flexibly. They can also be a way to make software more secure. Automatic analysis of the software components that go into containers, behavioral policies that span container clusters and multiple application versions, and innovative new developments in tracking and managing vulnerability data are just some of the ways containers are bolstering security for the entire application lifecycle.

    How much of this comes out of the box, though, is another story. Container products provide the basics, but not always more than that, leaving more advanced monitoring or management solely in the hands of the admin. Here are four recently revamped products and services that bring additional kinds of security to containers, both in the cloud and in your own datacenter.

  • Worker who snuck NSA malware home had his PC backdoored, Kaspersky says

    The NSA worker's computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network. When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst.

  • Open Source Security Podcast:  Episode 67 - Cyber won
  • Increase your network security: Deploy a honeypot
  • Security by Obscurity

    Today this blog post turned up on Hacker News, titled “Obscurity is a Valid Security Layer”. It makes some excellent points on the distinction between good and bad obscurity and it gives an example of good obscurity with SSH.

  • My password keeps me safe. (Not necessarily!)
Syndicate content

More in Tux Machines

Raspberry Pi arrives on PC/104… sort of

Crowd Supply is hosting a “Pi/104” carrier for the RPi Compute Module 3 featuring PC/104 OneBank expansion, a 40-pin RPi header, and -25 to 80°C support. Here’s something we haven’t seen before. Developer Adam Parker has launched a stackable PC/104 form factor carrier board on Crowd Supply designed to work with the Linux-driven Raspberry Pi Compute Module 3. The industrial-targeted carrier provides -25 to 80°C support and an 8-36V input with screw terminal connector. Read more

Today in Techrights

today's leftovers

  • Blockchain Moves Beyond its 'Moonshot' Phase
  • Some reading
    I've complained previously about disliking benchmarking. More generally, I'm not really a fan of performance analysis. I always feel like I get stuck at coming up with an approach to "it's going slower, why" beyond the basics. I watched a video of Brendan Gregg's talk from kernel recipes, and ended up going down the black hole1 of reading his well written blog. He does a fantastic job of explaining performance analysis concepts as well as the practical tools to do the analysis. He wrote a book several years ago and I happily ordered it. The book explains how to apply the USE method to performance problems across the system. This was helpful to me because it provides a way to generate a list of things to check and how to check them. It addresses the "stuck" feeling I get when dealing with performance problems. The book also provides a good high level overview of operating systems concepts. I'm always looking for references for people who are interested in kernels but don't know where to start and I think this book could fill a certain niche. Even if this book has been out for several years now, I was very excited to discover it.
  • Introducing container-diff, a tool for quickly comparing container images
    The Google Container Tools team originally built container-diff, a new project to help uncover differences between container images, to aid our own development with containers. We think it can be useful for anyone building containerized software, so we’re excited to release it as open source to the development community.
  • NATTT – A Modern Multi-Platform Time Conscious Tracker App
    It’s not that there aren’t already a lot of time tracker apps but my conscience wouldn’t let me sleep if I didn’t tell you about NATTT. So grab your cup of whatever you’re probably drinking as we delve into this app a little. NATTT is an acronym for “Not Another Time Tracking Tool”; a free and multi-platform app with which you can keep track of your work and how much you have spent at it.
  • Running Bitcoin node and ElectrumX server
  • todo.txt done
  • GNOME's Calendar & TODO Applications Are Looking Better For v3.28
    Adding to the growing list of changes for GNOME 3.28 are improvements to the Calendar and To Do applications by Georges Stavracas. Stavracas has been reworking the month view of GNOME Calendar and it's looking much better, some applications for Calendar via libdazzle, and more.
  • Compact DAQ systems offer a choice of 12- or 16-bit I/Os
    Advantech’s Linux-ready “MIC-1810” and “MIC-1816” DAQ computers offer 12- and 16-bit analog I/O, respectively, plus 24x DIOs, Intel CPUs, and 4x USB ports. Advantech’s MIC-1810 and MIC-1816 are digital acquisition computers that run Linux or Windows 7/8/10 on Intel 3rd Gen “Ivy Bridge” processors. If the aging CPU is a turn-off, keep in mind that many DAQ applications don’t require that much processing power, and perhaps Advantech’s “entry-level” label for the systems extends to the price, as well. The 165 x 130 x 59mm, DIN-rail mountable systems should also prove useful for environments with limited space.

Security: New Release of HardenedBSD, Windows Leaks Details of Windows Back Doors

  • Stable release: HardenedBSD-stable 11-STABLE v1100054
  • Kaspersky blames NSA hack on infected Microsoft software
    Embattled computer security firm Kaspersky Lab said Thursday that malware-infected Microsoft Office software and not its own was to blame for the hacking theft of top-secret US intelligence materials. Adding tantalizing new details to the cyber-espionage mystery that has rocked the US intelligence community, Kaspersky also said there was a China link to the hack.
  • Investigation Report for the September 2014 Equation malware detection incident in the US
    In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
  • Kaspersky: Clumsy NSA leak snoop's PC was packed with malware
    Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. Last month, anonymous sources alleged that in 2015, an NSA engineer took home a big bunch of the agency's cyber-weapons to work on them on his home Windows PC, which was running the Russian biz's antimalware software – kind of a compliment when you think about it. The classified exploit code and associated documents on the personal system were then slurped by Kremlin spies via his copy of Kaspersky antivirus, it was claimed.