Language Selection

English French German Italian Portuguese Spanish

Security

Security: Linux.BtcMine.174, Password Hashing and Latest Updates

Filed under
Security
  • New Linux crypto-miner steals your root password and disables your antivirus [Ed: Yes, well, when a machine gets totally cracked it can get totally trashed; but that does not mean GNU/Linux is inherently not secure as Catalin Cimpanu always wants us to think]

    The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174.

  • Password Hashing And Why We Need It

    Password hashing is the process of encrypting a user’s password before storing it into a database. The encryption is one way and passwords once hashed cannot be decrypted to their original text value.

  • Security updates for Friday

Security: ECCploit, SIM-Swapping and More

Filed under
Security
  • Potentially disastrous Rowhammer bitflips can bypass ECC protections

    Dubbed ECCploit, the new Rowhammer attack bypasses ECC protections built into several widely used models of DDR3 chips. The exploit is the product of more than a year of painstaking research that used syringe needles to inject faults into chips and supercooled chips to observe how they responded when bits flipped. The resulting insights, along with some advanced math, allowed researchers in Vrije Universiteit Amsterdam's VUSec group to demonstrate that one of the key defenses against Rowhammer isn't sufficient.

  • 21-Year-Old Hacker Steals $1 Million In Cryptocurrency By Targeting Silicon Valley Execs’ Phones

    As per a report from The New York Post, a 21-year-old con man from Manhattan was able to steal about $1 million in cryptocurrency with his SIM-swapping scheme.

    The young man, named Nicholas Truglia, performed these activities from his apartment. He targeted and robbed Robert Ross, a Silicon Valley executive, according to the officials.

  • Man hacked into Silicon Valley execs’ phones to steal cryptocurrency: cops

    Twenty-one-year-old Manhattan con man Nicholas Truglia hacked into the phones of Silicon Valley bigwigs to try to steal their cryptocurrency — and in one instance, pulled it off, authorities said Tuesday.

    Truglia, who claims on Facebook to be a Harvard University student, targeted the Who’s Who of the Bay Area from his cushy West 42nd Street high-rise apartment, officials said.

    “It’s a new way of doing an old crime,” said deputy DA Erin West of Santa Clara Superior Court to The Post. “It’s a pervasive problem, and it involves millions of dollars.”

    Truglia stole $1 million from San Francisco father of two Robert Ross in the SIM-swapping scheme, according to officials and court records.

Linux Stable Updates Are Dropping The Performance-Pounding STIBP

Filed under
Linux
Security

The Linux stable trees that recently received STIBP "Single Thread Indirect Branch Predictors" after back-porting from Linux 4.20 are seeing the code reverted. This is the change that recently caused major slowdowns in Linux performance for workloads like Python, PHP, Java, code compilation, and other workloads like some games.

After a week of benchmarks showing how STIBP is/was regressing the Linux 4.20 kernel performance big time, which also upset Linus Torvalds with the performance impact not being communicated when the patches were merged, the code is being dropped from the stable branches. This STIBP support for cross-hyperthread Spectre V2 mitigation was back-ported to the supported Linux 4.14 and 4.19 LTS series, but due to the sizable performance regressions set on by default, the code is being reverted.

Read more

Security: Updates, JavaScript Risks, and PageUp Deflection

Filed under
Security
  • Security updates for (US) Thanksgiving Day
  • E-commerce site is infected not by one, but two card skimmers

    Payment card skimming that steals consumers’ personal information from e-commerce sites has become a booming industry over the past six months, with high-profile attacks against Ticketmaster, British Airways, Newegg, and Alex Jones’ InfoWars, to name just a few. In a sign of the times, security researcher Jérôme Segura found two competing groups going head to head with each other for control of a single vulnerable site.

    The site belongs to sportswear seller Umbro Brasil, which as of Tuesday morning was infected by two rival skimmer groups. The first gang planted plaintext JavaScript on the site that caused it to send payment card information to the attackers as customers were completing a sale. The malicious JavaScript looked like this: [...]

  • PageUp blames poor post-breach media management on PR outfit

    Human resources firm PageUp People has blamed its PR agency for its failure in media management following a massive data breach that it reported in June, but has not revealed any technical details of the investigation into the breach that the company instituted.

Security: Amazon's Very Black Friday, Media FUD Against "Linux", Open Source vs. Obscure/Secret Security Software

Filed under
Security
  • Amazon Exposed Customer Names & Email IDs In A ‘Technical Error’

    The biggest shopping day of the year, Black Friday is almost here, but the largest online retailer Amazon seems to have suffered from a data breach.

    Some Amazon customers received mail from the company on Tuesday, stating that their names and email IDs were “inadvertently disclosed” due to a “technical error.”

  • Mirai Evolves From IoT Devices to Linux Servers [Ed: This affects already-cracked servers and has nothing to do with Linux; it's about unpatched software and components that just happen to run on top of GNU/Linux]

    Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
    Researchers from Netscout Alert have discovered what they believe are the first non-IoT versions of Mirai malware in the wild.

    The new versions are very similar in behavior to the original version of Mirai written for Internet of Things devices, but they are tailored to run on Linux servers instead. Unlike the original Mirai, the new versions do not try and propagate in a worm-like fashion. Instead, attackers are delivering them via exploits in a more targeted manner.

    Netscout researchers say they have observed what appears to be a relatively small number of threat actors attempting to deliver the malware on Linux servers by exploiting a recently disclosed vulnerability in Hadoop YARN. The YARN vulnerability is a command injection flaw that gives attackers a way to remotely execute arbitrary shell commands on a vulnerable server. Many of the servers running Hadoop YARN are x86-based.

  • Malware scum want to build a Linux botnet using Mirai [Ed: This is about Hadoop YARN, it's not about GNU/Linux, but corporate media likes to call Windows "PC" and everything else is just "LINUX". Blaming "LINUX" for holes in Hadoop YARN is the same as 1) blaming Apple for holes in PhotoShop on "MAC" PCs; 2) blaming Microsoft for holes in Firefox or Chrome. But one should just realise media works to increase "hits" and headlines with "LINUX" 'sell' better.]
  • Open Source vs. Proprietary Security Software [Ed: Proprietary means secret, so you cannot tell what the program is even doing, so that program in its own right is a security risk.]

    The standoff between open source and proprietary software simply depends on the needs of your organization. If cost is a big issue, then walking the open source path will be wise. On the flip side, proprietary software will be great enough for organizations looking for convenience.

Security: Intruders, Microsoft, Amazon

Filed under
Security

Patches For The Better Spectre STIBP Approach Revised - Version 7 Under Review

Filed under
Linux
Security

Version 7 of the task property based options to enable Spectre V2 userspace-userspace protection patches, a.k.a. the work offering improved / less regressing approach for STIBP, is now available for testing and code review.

Tim Chen of Intel sent out the seventh revision to these patches on Tuesday night. Besides the Spectre V2 app-to-app protection modes, these patches include the work for disabling STIBP (Single Thread Indirect Branch Predictors) when enhanced IBRS (Indirect Branch Restricted Speculation) is supported/used, and allowing for STIBP to be enabled manually and just by default for non-dumpable tasks.

Read more

Travel Laptop Tips in Practice

Filed under
GNU
Linux
Security

As I've mentioned in previous articles, I recommend buying a cheap, used computer for travel. That way, if you lose it or it gets damaged, confiscated or stolen, you're not out much money. I personally bought a used Acer Parrot C710 for use as a travel computer, because it's small, cheap and runs QubesOS pretty well once you give it enough RAM.

Read more

Security: Updates, Azure AD, Bitwarden, University of Cambridge, Adobe Hole

Filed under
Security
  • Security updates for Wednesday
  • How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks

    Azure AD is the de facto gatekeeper of Microsoft cloud solutions such as Azure, Office 365, Enterprise Mobility. As an integral component of their cloud ecosystem, it is serving roughly 12.8 million organizations, 950+ million users worldwide, and 90% of Fortune 500 companies on a growing annual basis. Given such a resume, one might presume that Azure Active Directory is secure, but is it?

    Despite Microsoft itself proclaiming “Assume Breach” as the guiding principle of their security strategy, if you were to tell me a week ago that Azure or Office 365 was vulnerable to rudimentary attacks and that it could not be considered secure, then I probably would have even laughed you out of the room. But when a client of ours recently had several of their Office 365 mailboxes compromised by a simple brute-force attack, I was given no alternative but to question the integrity of Azure AD as a whole instead of attributing the breach to the services merely leveraging it and what I found wasn’t reassuring.

    After a simple “Office 365 brute force” search on google and without even having to write a line of code, I found that I was late to the party and that Office 365 is indeed susceptible to brute force and password spray attacks via remote Powershell (RPS). It was further discovered that these vulnerabilities are actively being exploited on a broad scale while remaining incredibly difficult to detect during or after the fact. Skyhigh Networks named this sort of attack “Knock Knock” and went so far as estimating that as many as 50% of all tenants are actively being attacked at any given time. Even worse, it seems as if there is no way to correct this within Azure AD without consequently rendering yourself open to denial of service (DOS) attacks.

  • Looking for an open source password manager? Give Bitwarden a spin

    Everyone needs a password manager to surf the web safely -- they enable you to set virtually crack-proof passwords for all your online accounts, plus store a range of other sensitive data too, all locked behind a single master password.

    If you’re unsatisfied with your current offering, or looking to support an open source alternative, then look at 8bit Solutions LLC’s Bitwarden 1.10.0 and Bitwarden for mobile 1.19.4.

  • This ML Algorithm Can Find Hackers Who Have Broken In Before

    Cybersecurity agencies generally focus on preventing hackers from getting inside systems instead of stopping them from leaking information out. Now a new cybersecurity company called Darktrace is acting on this idea.

    They have developed a tool, in collaboration with mathematicians from the University of Cambridge, that uses machine learning to catch internal breaches.

  • UserLAnd Now Available on F-Droid, New Darktrace Cybersecurity Company, France Is Dumping Google, KDE Bug Day Focusing on Okular November 27th and SuperTux Alpha Release

    A new cybersecurity company called Darktrace has developed a tool in collaboration with the University of Cambridge that uses machine learning to detect internal security breaches. According to FossBytes, Darktrace created an algorithm that "recognizes new instances of unusual behavior". This technique is "based on unsupervised learning, which doesn't require humans to specify what to look for. The system works like the human body's immune system."

  • Did you hear? There's a critical security hole that lets web pages hijack computers. Of course it's Adobe Flash's fault
  • Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

Security: Reproducible Builds, NSC, Apple and Microsoft

Filed under
Security
Syndicate content

More in Tux Machines

Linux 4.20--rc76

Well, that's more like it. This is a *tiny* rc7, just how I like it. Maybe it's because everybody is too busy prepping for the holidays, and maybe it's because we simply are doing well. Regardless, it's been a quiet week, and I hope the trend continues. The patch looks pretty small too, although it's skewed by a couple of bigger fixes (re-apply i915 workarounds after reset, and dm zoned bio completion fix). Other than that it's mainly all pretty small, and spread out (usual bulk of drivers, but some arch updates, filesystem fixes, core fixes, test updates..) Read more Also: Linux 4.20-rc7 Kernel Released - Linux 4.20 Should Be Released In Time For Christmas

Android Leftovers

1080p Linux Gaming Performance - NVIDIA 415.22 vs. Mesa 19.0-devel RADV/RadeonSI

Stemming from the recent Radeon RX 590 Linux gaming benchmarks were some requests to see more 1080p gaming benchmarks, so here's that article with the low to medium tier graphics cards from the NVIDIA GeForce and AMD Radeon line-up while using the latest graphics drivers on Ubuntu 18.10. This round of benchmarking was done with the GeForce GTX 980, GTX 1060, GTX 1070, and GTX 1070 Ti using the newest 415.22 proprietary graphics driver. On the AMD side was using the patched Linux 4.20 kernel build (for RX 590 support) paired with Mesa 19.0-devel via the Padoka PPA while testing the Radeon RX 580 and RX 590. Read more

Sparky SU 0.1.0

This tool provides Yad based front-end for su (spsu) allowing users to give a password and run graphical commands as root without needing to invoke su in a terminal emulator. It can be used as a Gksu replacement to run any application as root. Read more