Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

New Trojan Spies on Linux Users by Taking Screenshots and Recording Audio

Filed under
Linux
Security

Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.

Read more

Security Leftovers (Linux.Ekocms, Linux zero-day)

Filed under
Security

GParted 0.25.0 Lands with Progress Bars for EXT4 and NTFS Operations, Bugfixes

Filed under
Development
GNU
Linux
Security

The GParted development team was happy to announce today, January 18, the release and immediate availability for download of the GParted 0.25.0 open-source partition editor software for GNU/Linux operating systems.

Read more

Security Leftovers

Filed under
Security
  • OpenSSH, security, and everyone else

    For the moment we will continue to operate just like we have been. Things aren't great, but they're not terrible. Part of our problem is things aren't broken enough yet, we're managing to squeak by in most situations.

    The next step will be developing some sort of tribal knowledge model. It will develop in a mostly organic way. Long term security will be a teachable and repeatable thing, but we can't just jump to that point, we have to grow into it.

  • What Is A Web App Attack, How Does It Work — 5 Stages Of A Web App Attack

    A Web App Attack is one of the biggest threats faced by websites and online businesses. In this article, we are going to tell you about 5 stages of a Web App Attack — Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks — and how this attack works.

  • Google Fixes Cryptographic Key Security Issue in Go Programming Language

    Google has published version 1.5.3 of the Go programming language to address a security issue (CVE-2015-8618) in the math/big package that leaked one of the RSA keys used in TLS-encrypted communications.

Security Leftovers

Filed under
Security
  • Talking on Searchable Encryption at 32C3 in Hamburg, Germany

    This year again, I attended the Chaos Communication Congress. It’s a fabulous event. It has become much more popular than a couple of years ago. In fact, it’s so popular, that the tickets (probably ~12000, certainly over 9000) have been sold out a week or so after the sales opened. It’s gotten huge.

  • Things I learned from OpenSSH about reading very sensitive files

    You may have heard that OpenSSH had an exploitable issue with some bad client code (which is actually two CVEs, CVE-2016-0777 and CVE-2016-0778). The issue was reported by Qualys Security, who released a fascinating and very detailed writeup on the issues. While the direct problem is basically the same as in Heartbleed, namely trusting an attacker-supplied length parameter and then sending back whatever happened to be sitting in memory, Qualys Security identified several issues that allowed private keys to leak through this issue despite OpenSSH's attempts to handle them securely. The specific issues are also fascinating in how they show just how hard it is to securely read sensitive files.

  • How To Patch and Protect OpenSSH Client Vulnerability CVE-2016-0777 and CVE-2016-0778 [ 14/Jan/2016 ]

    The OpenSSH project released an ssh client bug info that can leak private keys to malicious servers. A man-in-the-middle kind of attack identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778. How do I fix OpenSSH's client vulnerability on a Linux or Unix-like operating system?

  • WhatsApp virus affects iOS and Android – and maybe more

    WhatsApp’s popular messaging app has been targeted yet again by cybercriminals – the latest attack affects both iOS and Android users.

    As part of a random phishing campaign, cybercriminals send fake emails represented as official WhatsApp content to spread malware when the 'message' is clicked on.

    The emails are being sent from a rogue email address, disguised with an umbrella branding “WhatsApp,” but if users look at the actual FROM email address, they will see it is not from the company.

Parsix GNU/Linux 8.5 (Atticus) and 8.0 (Mumble) Receive the Latest Security Updates

Filed under
GNU
Linux
Security

The development team behind the Debian-based Parsix GNU/Linux computer operating system announced this past weekend that new security updates are available in the default software repositories of the Parsix GNU/Linux 8.0 (Mumble) and Parsix GNU/Linux 8.5 (Atticus) releases.

Read more

Security Leftovers

Filed under
Security
  • Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

    The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014.

    [...]

    In July 2015, a hacker known only as “Phineas Fisher” targeted the Italian surveillance firm Hacking Team and stole some 400 GB of the company’s data, including internal emails, which he dumped online. The hack exposed the company’s business practices, but it also revealed the business of zero-day sellers who were trying to market their exploits to Hacking Team. The controversial surveillance firm, which sells its software to law enforcement and intelligence agencies around the world—including to oppressive regimes like Sudan, Bahrain, and Saudi Arabia—uses zero-day exploits to help sneak its surveillance tools onto targeted systems.

  • Flexible, secure SSH with DNSSEC

    With version 6.2 of OpenSSH came a feature that allows the remote host to retrieve a public key in a customised way, instead of the typical authorized_keys file in the ~/.ssh/ directory. For example, you can gather the keys of a group of users that require access to a number of machines on a single server (for example, an LDAP server), and have all the hosts query that server when they need the public key of the user attempting to log in. This saves a lot of editing of authorized_keys files on each and every host. The downside is that it's necessary to trust the source these hosts retrieve public keys from. An LDAP server on a private network is probably trustworthy (when looked after properly) but for hosts running in the cloud, that’s not really practical.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Server Hardening

    Server hardening. The very words conjure up images of tempering soft steel into an unbreakable blade, or taking soft clay and firing it in a kiln, producing a hardened vessel that will last many years. Indeed, server hardening is very much like that. Putting an unprotected server out on the Internet is like putting chum in the ocean water you are swimming in—it won't be long and you'll have a lot of excited sharks circling you, and the outcome is unlikely to be good. Everyone knows it, but sometimes under the pressure of deadlines, not to mention the inevitable push from the business interests to prioritize those things with more immediate visibility and that add to the bottom line, it can be difficult to keep up with even what threats you need to mitigate, much less the best techniques to use to do so. This is how corners get cut—corners that increase our risk of catastrophe.

  • There are no secure smartphones.
  • OpenSSH Flaw Could Leak Crypto Keys
  • How To Patch and Protect OpenSSH Client Vulnerability CVE-2016-0777 and CVE-2016-0778 [ 14/Jan/2016 ]

    The OpenSSH project released an ssh client bug info that can leak private keys to malicious servers. A man-in-the-middle kind of attack identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778. How do I fix OpenSSH's client vulnerability on a Linux or Unix-like operating system?

OpenSSH vulnerability could expose private credentials

Filed under
Red Hat
Security

So what exactly does this announcement mean? Since OpenSSH client version 5.4, there has been a feature called roaming that allows the client to resume a session that has been interrupted. Both the server and client would need to support roaming for this to work.

Server support was never added, but the feature is on by default for OpenSSH clients up to version 7.1p2. There are two vulnerabilities that stem from this feature and could be exploited when a user connects to an “evil” SSH server.

Read more

Syndicate content

More in Tux Machines

Salix 14.2 Xfce Edition Officially Released Based on Slackware 14.2, Xfce 4.12

After being in development for the past three months, the Salix 14.2 Xfce Edition operating system has finally hit the stable channels, and it is now available for download. Based on the Slackware 14.2 GNU/Linux distribution and built around the lightweight and highly customizable Xfce 4.12 desktop environment, Salix 14.2 Xfce Edition ships with numerous improvements and new features that some of you who managed to test-drive the Beta and Release Candidate pre-releases are already accustomed with. Of course, many of the core components and default applications have been updated to their latest versions. Read more

Leftovers: Security

  • Tor 0.2.8.7 Addresses Important Bug Related to ReachableAddresses Option
    The Tor Project, through Nick Mathewson, is pleased to inform the Tor community about the release and general availability of yet another maintenance update to the Tor 0.2.8 stable series.
  • Emergency Service Window for Kolab Now
    We’re going to need to free up a hypervisor and put its load on other hypervisors, in order to pull out the one hypervisor and have some of its faulty hardware replaced — but there’s two problems; The hypervisor to free up has asserted required CPU capabilities most of the eligible targets do not have — this prevents a migration that does not involve a shut down, reconfiguration, and restart of the guest.

TheSSS 19.0 Linux Server Out with Kernel 4.4.14, Apache 2.4.23 & MariaDB 10.1.16

TheSSS (The Smallest Server Suite) is one of the lightest Linux kernel-based operating systems designed to be used as an all-around server for home users, as well as small- and medium-sized businesses looking for a quick and painless way of distributing files across networks or to simply test some web-based software. Read more

GNOME Control Center 3.22 to Update the Keyboard Settings, Improve Networking

The upcoming GNOME 3.22 desktop environment is still in the works, and a first Beta build was seeded to public beta testers last week, bringing multiple enhancements and new features to most of its core components and apps. While GNOME 3.22 Beta was announced on August 22, it appears that the maintainers of certain core packages needed a little more time to work on various improvements and polish their applications before they were suitable for public testing. And this is the case of GNOME Control Center, which was recently updated to version 3.21.90, which means 3.22 Beta. Read more