Language Selection

English French German Italian Portuguese Spanish

Security

Fscrypt's Adiantum Sent In For Linux 4.21 For Speedy Disk Encryption On Low-End Hardware

Filed under
Linux
Security

Besides Adiantum not carrying the baggage of being developed by the US National Security Agency (NSA) that led to the public outcry around Speck, Adiantum is faster than Speck so it's a win-win for developers and users.

With this PR adding Adiantum to the fscrypt code, it can now be used by EXT4 and F2FS as the current fscrypt users within the mainline kernel.

Read more

BSD and Security: LibreSSL, OpenBSD, and Latest Incidents (Cautionary Tales)

Filed under
Security
  • Ingo Schwarze -mandoc Better documentation – on the web and for LibreSSL video is now published

    Ingo shows that if a program is difficult to document, then it is likely due to serious flaws in the program's design.

  • [OpenBSD] Request for testing

    Hi,

    If you ever thought about getting more involved and learning a bit
    about buikdling a current OpenBSD, there's a call for testing at

    https://marc.info/?l=openbsd-tech&m=154521488707434&w=2

    Testing would provide me with valuable data about performance of
    memory management in multi-threaded applications.

    Thanks,

    -Otto

  • A Major [Cracking] Spree Gets Personal for German Politicians

    The trove of leaked documents is massive, but early assessments indicate that it seems focused less on exposing state secrets than it does on revealing deeply personal information about its targets. The exposed data includes internal political communications, like emails and scans of faxes, along with credit card information, home addresses, phone numbers, personal identification card details, private chat logs, and even voicemails from relatives and children.

  • “Security researcher” dumps files of German chancellor, legislators, bloggers

    Today, a German government spokesperson acknowledged that at least some of the documents appear to be genuine, dating back to 2017. German deputy government spokesperson Martina Fietz told reporters that "personal data and documents belonging to hundreds of politicians and public figures were published on the Internet... the government is taking this incident very seriously." The data includes home addresses, mobile telephone numbers, letters, invoices, and copies of identity documents.

  • Marriott Concedes 5 Million Passport Numbers Lost to [Crackers] Were Not Encrypted

    On Friday the firm said that teams of forensic and data analysts had identified “approximately 383 million records as the upper limit” for the total number of guest reservations records lost, though the company still says it has no idea who carried out the attack, and it suggested the figure would decline over time as more duplicate records are identified. The revised figure is still the largest loss in history, greater than the attack on Equifax, the consumer credit-reporting agency, which lost the driver’s license and Social Security numbers of roughly 145.5 million Americans in 2017, leading to the ouster of its chief executive and a huge loss of confidence in the firm.

    What made the Starwood attack different was the presence of passport numbers, which could make it far easier for an intelligence service to track people who cross borders. [...]

Security Leftovers

Filed under
Security
  • [Crackers] are using Chromecasts to broadcast security risks about Chromecast

    Yes, this isn't a Chromecast bug as such, more an inherent weakness in Universal Plug and Play, which is designed to make devices work easily with each other. In this case, it makes it a bit too easy when exposed to the wider internet. As a Google spokesperson told TechCrunch: "This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable."

  • The Elite Intel Team Still Fighting Meltdown and Spectre [Ed: Intel is, at the same time, putting back doors in all chips, so you know this 'security' work is a facade at best]

    A YEAR AGO today, Intel coordinated with a web of academic and independent researchers to disclose a pair of security vulnerabilities with unprecedented impact. Since then, a core Intel hacking team has worked to help clean up the mess—by creating attacks of their own.

    Known as Spectre and Meltdown, the two original flaws—both related to weaknesses in how processors manage data to maximize efficiency—not only affected generations of products that use chips from leading manufacturers like Intel, AMD, and ARM, but offered no ready fix. The software stopgaps Intel and others did roll out caused a slew of performance issues.

  • Cloud provider blames Ryuk ransomware for Christmas Eve attack

    According to cybersecurity journalist Brian Krebs, Data Resolution was infected with the Ryuk ransomware, which is the same ransomware thought to be behind the attacks on Tribune Publishing Company's network, which disrupted the publication of newspapers such as the Los Angeles Times and the Chicago Tribune late last week. Krebs reported the attack on Data Resolution temporarily gave the threat actors control of the cloud provider's data center domain.

    Data Resolution has over 30,000 customers worldwide and provides businesses with software hosting, cloud computing, data center services and business continuity systems. The cloud provider, which is based in San Juan Capistrano, Calif., hasn't made a public statement about the attack yet, but Krebs reported the company notified affected customers on Dec. 29 via a status update on Dropbox. The update said the Ryuk ransomware attack happened on Christmas Eve, with a point of origin of North Korea. "We all were attacked by North Korea," the customer notification said.

Security: Various Updates, Django Patches, and Latest FUD From Catalin Cimpanu

Filed under
Security

Security: 'Smart' Things, CloudLinux, No More Ransom, GRUB 2 Passwords and Encryption

Filed under
Security
  • [Crackers] Accessed Smart TVs to Play PewDiePie Propaganda Videos

    Owners of some Chromecasts and smart TVs might see an unusual message on their screens: A message and propaganda video imploring them to subscribe to PewDiePie on YouTube.

    [...]

    The devices are exposed to the [I]nternet, which allowed the duo to [crack] them and play their own media on them.

  • How our InfoSec Professionals stay one step ahead

    Our team knows the hacking world. We've recruited ethical hackers, OSCP-certified engineers, and seasoned IT professionals, all of whom are watching the dark web and its subversive operatives, watching how threats evolve and how attacks are planned. We routinely monitor zero-day exploits, examining use-cases thoroughly and responding with robust mitigation strategies.

    The fruits of intensive research and development are augmented by both human experience and machine learning. This sharpens our ability to produce timely and targeted WAF rule sets and blocking strategies in ways that no other security solution provider can match. To do our work, we must adopt the devious mind-set of a hacker. But we stay firmly attached to the ethical anchor of a trusted name in the Linux hosting world, CloudLinux.

  • No More Ransom, a global anti-ransomware initiative, announces ESET as new partner

    ESET has been announced as the latest partner of No More Ransom, an international initiative between Europol, the Dutch National Police and major cybersecurity organizations in the fight against ransomware. The collaborative project helps victims of ransomware attacks recover their personal data and has so far managed to decrypt the infected computers of 72,000 victims worldwide.

    With its 130 partners, the No More Ransom online portal hosts a collection of 59 free decryption tools from multiple security software vendors, covering 91 ransomware families. Users from around the world can access the tools for free in order to recover data held hostage by ransomware attacks. Launched in 2016, No More Ransom decryption tools have so far kept around USD 22 million out of the pockets of cybercriminals.

  • Passwords and Encryption

    More than just a boot manager, GRUB 2 can help you add another line of protection to your security defenses.

    A boot manager is almost as much of the Linux tradition as compiling a custom kernel. Traditionally, a boot manager has been used for choosing a kernel to start and for running multiple operating systems on a single computer. However, at a time when everybody is becoming security conscious, few are aware that GRUB 2, the most popular boot manager, is also capable of using passwords and encryption to provide another level of security [1]. Admittedly, GRUB 2 security is not enough by itself, but it is still worth adding to your in-depth defenses.

    GRUB 2 has existed for well over a decade and is rapidly replacing GRUB Legacy, the original version of the boot manager, especially in major distributions. As a result, its basic operation and traditional uses are reasonably well-known. However, before I dive into setting up passwords and encryption, a quick overview is useful, both as a reminder and as an introduction for those who might be still using GRUB Legacy or another boot manager, like the now discontinued LILO.

When Open Source And Cyber Security Bonds: Kali Linux, The Go-To OS For Penetration Testing

Filed under
GNU
Linux
Security

When we talk about hacking, the first thing comes to our mind is a guy in a hoodie who is involved in data fraud, identity theft, and maybe even cyber terrorism (thanks to Hollywood!) However, this is not the scenario all the time; not all hacking is necessarily the criminal, destructive act.

There is one form of hacking that is not related to any kind of criminal activity and organisations or institutes often use it to check their defences — Ethical Hacking or Penetration Testing. Today, with cybercrime gaining prominence, the concept of ethical hacking has become popular.

Read more

Also: Security updates for Thursday

Kodachi Builds Privacy Tunnel for Linux

Filed under
Reviews
Security

Online and Internet security are not topics that typical computer users easily comprehend. All too often, Linux users put their blind trust in a particular distribution and assume that all Linux OSes are equally secure.

However, not all Linux distros are created with the same degree of attention to security and privacy control. A misconfiguration of a firewall, or misapplied Web browser privacy and modem settings, can trash the best-designed Linux safety strategies.

Kodachi Linux offers an alternative to leaving your computer privacy and security to chance. It is developed by Oman-based Eagle Eye Digital Solutions, an IT firm with a focus on preserving computer privacy and anonymity.

The developers announced the release of Linux Kodachi 5.6 last month. Based on Debian 9.5 Xbuntu 18.04 Long-Term Support, it runs from a DVD or USB thumb drive as a live session OS for a completely isolated and secure Linux session on any computer for portable Linux convenience.

You also can install Kodachi to a hard drive. That method blunts one of the primary features of the distro, though. Running in a live session removes all traces of your Internet activity and your documents from the host computer when you remove the DVD or USB.

Otherwise, either option provides an anti-forensic, anonymous operating system with all the features a person concerned about privacy needs. In this sense, Kodachi gives you built-in techniques, gadgets and software designed to hamper a computer investigation seeking to intercept your email or breach your digital data.

Read more

Security: SandboxEscaper, USB, UPnP and IPMI

Filed under
Security
  • New Windows Zero-day Bug Allows Deleting Arbitrary Files

    A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files.

    Exploiting the bug requires winning a race condition on the machine, so a successful exploit can take some time as it will retry until it succeeds, the researcher who uses the online handle SandboxEscaper said in the release notes.

  • USB Type-C Authentication Program Launched To Protect Devices Against Hardware Attacks
  • You'll soon be able to shut down your Chromebook USB ports
  • Hackers hijack thousands of Chromecasts to warn of latest security bug

    Hackers have hijacked thousands of exposed Chromecast streaming devices to warn users of the latest security flaw to affect the device. But other security researchers say that the bug — if left unfixed — could be used for more disruptive attacks.

    The culprits, known as Hacker Giraffe and J3ws3r, have become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hackers hijacked forced the affected Chromecasts to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like themselves.

  • Google Was Aware Of This Chromecast Bug For Years; Now Hackers Are Exploiting It

    A security consultancy firm going by the name Bishop Fox informed Google of a UPnP bug in 2014 that has affected Chromecast devices and could allow hackers to play any YouTube video they want. Five years have passed, and the bug persists.

  • Hacker hijacks thousands of Chromecasts and smart TVs to play PewDiePie ad

    A hacker duo claims to have hijacked thousands of internet-exposed Chromecasts, smart TVs, and Google Home devices to play a video urging users to subscribe to PewDiePie's YouTube channel.

    [...]

    The devices expose these ports on internal networks, where users can send commands from their smartphones or computers to the devices for remote management purposes. But routers with incorrectly configured UPnP settings are making these ports available on the internet.

    This allowed FriendlyH4xx0r to set up a script that scans the entire internet for devices with these ports exposed. Once devices are identified, the hacker said another script renames the devices to "HACKED_SUB2PEWDS_#" and then tries to autoplay the video below.

  • Linux Servers Appear Most Affected by IPMI Enabled JungleSec Ransomware Attacks

    Linux servers top the list of victims to a ransomware attack that seems to take advantage of poorly configured IPMI devices.

Security: 'Darkoverlord', Patches, USB and More

Filed under
Security
  • BTC ransom: Hackers to release 9/11 files that will "top Snowden's finest work"

    On new years eve, the infamous hacker group, known as “Darkoverlord” revealed that they had hacked several legal firms including Hiscox Syndicates, Lloyd's of London and Silverstein's properties; the group asserted that they had stolen over 18,000 documents all allegedly relating to the 9/11 attacks.

    In a (fairly disturbing) message posted on Pastebin, the hackers detail the ransom request stating that they were: “welcoming 2019 with open arms and a big announcement”

    The post continues to ostentatiously provide details of the hacks, stressing that this particular instance was “quite peculiar” and that the documents in question “were not public, nor would this company want them public.”

  • Security updates for Wednesday
  • USB-C Is Going to Get A Lot More Secure
  • Upcoming Chrome OS Feature Secures USB Ports When The Device Is Locked
  • USB Type-C to Become More Secure With Authentication Standard

    The security of USB-based connections and devices is taking a step forward, with the official launch of the USB Type-C Authentication Program on Jan. 2

    USB devices have become ubiquitous in modern computing, and in recent years USB Type-C has been introduced on leading notebooks, smartphones and other connected devices because it enables faster data transfer and more power delivery than the larger USB Type-A interface, which has been widely deployed. While USB devices and interfaces have been broadly adopted and used across the computing landscape, they have also introduced new risks, by simply plugging in a malicious USB device.

  • Open-source devs: Wget off your bloated festive behinds and patch this user cred-blabbing bug

    Happy New Year! Oh, and if you include GNU's wget utility in software you write, pull down the new version released on Boxing Day and push out updates to your users.

    The popular utility retrieves internet-hosted HTTP/HTTPS and FTP/FTPS content and some years ago began storing extended attributes on disk as URIs.

Security: UEFI and Alleged Breach

Filed under
Security
  • First-Ever UEFI Rootkit Tied to Sednit APT

    Researchers hunting cyber-espionage group Sednit (an APT also known as Sofacy, Fancy Bear and APT28) say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks.

    The discussion of Sednit was part of the 35C3 conference, and a session given by Frédéric Vachon, a malware researcher at ESET who published a technical write-up on his findings earlier this fall (PDF). During his session, Vachon said that finding a rootkit targeting a system’s UEFI is significant, given that rootkit malware programs can survive on the motherboard’s flash memory, giving it both persistence and stealth.

  • Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks

    On Monday, New Year’s Eve, a hacker group announced it had breached a law firm handling cases related to the September 11 attacks, and threatened to publicly release a large cache of related internal files unless their ransom demands were met.

    The news is the latest public extortion attempt from the group known as The Dark Overlord, which has previously targeted a production studio working for Netflix, as well as a host of medical centres and private businesses across the United States. The announcement also signals a slight evolution in The Dark Overlord’s strategy, which has expanded on leveraging the media to exert pressure on victims, to now distributing its threats and stolen data in a wider fashion.

  • Hackers Threaten To Release Stolen Data Related to 9/11 Attacks

    In an announcement posted on Pastebin, the hacker group TheDarkOverlord told that it has been successful in breaching law firms that handle cases related to 9/11 attacks.

Syndicate content

More in Tux Machines

OpenSUSE/SUSE: SLES for SAP and Christian Boltz Introduced

  • SUSE Linux Enterprise Server for SAP Applications support update
    SUSE has announced effective December 1, 2018, two changes to its SUSE Linux Enterprise Server (SLES) for SAP Applications product. SLES for SAP Applications now includes support for a given service pack for 4.5 years with the regular subscription while the basic codestream is general available and itself fully maintained. This change reflects the request from clients to align OS upgrades with hardware life cycles. To explain this a bit further, this change affects SLES for SAP Applications 12 and 15 code streams. SLES for SAP Applications 11 is at the end of the general availability already, therefore SLES for SAP Applications 11 SP4 is the last service pack. If clients choose to stay on SLES for SAP Applications 11, then they will need to purchase LTSS to ensure ongoing support. This is especially true for clients that run SAP HANA 1 workloads on IBM Power Systems servers in Big Endian mode.
  • 2018-2019 openSUSE Board Elections: Meet incumbent Christian Boltz
    With two weeks to go until the ballots open on Monday, February 4, 2019, openSUSE News and the Elections Committee are running a “meet your candidates” series. Questions were sent out to the seven Candidates. The questions and answers will appear in the News, one Candidate each day, in alphabetical order.

ArchLabs Refresh Release, 2019.01.20

Gidday ArchLabbers, Happy New Year. With the new year comes an ISO refresh. All changes are listed at the change-log. If you encounter any issues, please post them at the forum. Also, ArchLabs related bugs need to be raised at BitBucket. Read more

Programming: Homebrew 1.9, JBoss EAP, Python, Qt and Inclusion

  • Homebrew 1.9 Adds Linux Support, Auto-Cleanup, and More
    The latest release of popular macOS package manager Homebrew includes support for Linux, optional automatic package cleanup, and extended binary package support. Linux support, merged from the Linuxbrew project, is still in beta and will become stable in version 2.0. It also enables the use of Homebrew on Windows 10 systems with the Windows Subsystem for Linux installed. Auto-cleanup is meant to optimize disk space occupation by removing all intermediate data that Homebrew generates when installing packages. This can be a significant amount when Homebrew actually builds the packages from sources instead of just installing binaries. Auto-cleanup is opt-in by setting the HOMEBREW_INSTALL_CLEANUP. This behaviour will become opt-out in version 2.0, where you will be able to set the HOMEBREW_NO_INSTALL_CLEANUP environment variable to disable auto-cleanup.
  • Streamline your JBoss EAP dev environment with Red Hat CodeReady Workspaces: Part 1
  • Counteracting Code Complexity With Wily - Episode 195
    As we build software projects, complexity and technical debt are bound to creep into our code. To counteract these tendencies it is necessary to calculate and track metrics that highlight areas of improvement so that they can be acted on. To aid in identifying areas of your application that are breeding grounds for incidental complexity Anthony Shaw created Wily. In this episode he explains how Wily traverses the history of your repository and computes code complexity metrics over time and how you can use that information to guide your refactoring efforts.
  • Qt Visual Studio Tools 2.3.1 Released
    The Qt VS Tools version 2.3.1 has now been released to the Visual Studio Marketplace.
  • Ben Cotton: Inclusion is a necessary part of good coding
    Too often I see comments like “some people would rather focus on inclusion than write good code.” Not only is that a false dichotomy, but it completely misrepresents the relationship between the two. Inclusion doesn’t come at the cost of good code, it’s a necessary part of good code. We don’t write code for the sake of writing code. We write code for people to use it in some way. This means that the code needs to work for the people. In order to do that, the people designing and implementing the technology need to consider different experiences. The best way to do that is to have people with different experiences be on the team. As my 7th grade algebra teacher was fond of reminding us: garbage in, garbage out.

Graphics: Vega, Radeon, Wayland on BSD

  • Vega 10 & Newer Getting More Fine-Grained PowerPlay Controls On Linux
    With the upcoming Linux 5.1 kernel cycle, discrete Radeon graphics cards based on Vega 10 and newer will have fine-grained controls over what PowerPlay power management features are enabled and the ability to toggle them at run-time. Queued into the work-in-progress AMDGPU code for the eventual Linux 5.1 kernel cycle is now a ppfeatures for sysfs. This new "ppfeatures" file on sysfs will allow for querying the PowerPlay features state and toggling them individually. This includes features like GFXOFF (the ability to turn off the graphics engine when idling), automatic fan control, LED display for GPU activity, the dynamic power management state for the various blocks, and other features. Up to now the PowerPlay features couldn't be toggled individually but just a blanket enable/disable.
  • AMD Radeon 7 Will Have Day One Linux Support
    Linux gamers shouldn't see a repeat performance of the Radeon RX 590 situation.
  • Wayland Support On The BSDs Continuing To Improve
    While Wayland was designed on and for Linux systems, the BSD support for Wayland and the various compositors has continued improving particularly over the past year or so but it's still a lengthy journey. In a little more than one year, the FreeBSD Wayland support has been on a steady rise. It's looking like this year could even mark the KDE Wayland session for FreeBSD potentially getting squared away. Besides KDE, the GNOME Wayland work for FreeBSD has advanced a bit and is available in some FreeBSD Ports but there has been some complications around libinput and its Linux'isms. Details on the current state of Wayland-related components in FreeBSD is drafted at the FreeBSD Wiki.