Language Selection

English French German Italian Portuguese Spanish


Security: Cryptography, Google and Firmware Backdoor on a Laptop in Less Than 5 Minutes

Filed under

Security: Phishing and Processor Defects

Filed under
  • This Former Hacker Now Helps The New York Times Stay Safe Online

    Those attacks can include trolling, threats and harassment, as well as persistent and innovative phishing emails that can look as if they come from other colleagues within the newsroom or even friends outside of work. And once a hacker [sic] gets a journalist’s user names and passwords, “there’s nothing that you can do to get that data back,” she said.

  • Google 'kills' phishing stone dead with 2FA FIDO security keys

    Google gave its employees Yubikeys and told them they'd have to use them to access their company accounts, so there.

    They have, and did, and the results were amazing.

    No one - yes - that's zero people, or nought per cent, succumbed to a phishing attack once the security key policy was introduced.

  • More mitigations against speculative execution vulnerabilities

    Philip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.

Security: Google, Intel, Internet of 'Things', Kubernetes

Filed under
  • Google: Security Keys Neutralized Employee Phishing

    Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

  • Intel Prepares "Enhanced IBRS" As Better Spectre V2 Protection For Future CPUs

    An Intel engineer has today published a patch providing support for enhanced IBRS within the Linux kernel, which aims to provide better Spectre Variant Two protection by default with future generations of Intel CPUs.

    The Enhanced IBRS (Indirect Branch Restricted Speculation) is simpler from the software perspective while also being able to yield greater performance than the basic IBRS method offered for current x86 CPUs.

  • Cybercrims use cameras, printers for DDoS attacks

    Kaspersky Lab has published its latest report on botnet-assisted DDoS attacks for the second quarter of 2018. Over the last three months, the company’s experts have observed cybercriminals recall old vulnerabilities, make use of cameras and printers for DDoS attacks, expand their list of victims, and monetise their efforts using cryptocurrency.

  • Linux bots account for 95 percent of DDoS attacks as attackers turn to the past

    Activity by Windows-based DDoS botnets decreased almost seven fold over the quarter, while the activity of Linux-based botnets grew by 25 percent. This has resulted in Linux bots accounting for 95 percent of all DDoS attacks in Q2, which also caused a sharp increase in the share of SYN flood attacks -- up from 57 percent to 80 percent.

  • 11 Ways (Not) to Get Hacked

    Kubernetes security has come a long way since the project's inception, but still contains some gotchas. Starting with the control plane, building up through workload and network security, and finishing with a projection into the future of security, here is a list of handy tips to help harden your clusters and increase their resilience if compromised.

Security Updates and Google Warnings

Filed under

Security: Solaris, Bluetooth and EnduraData

Filed under

Microsoft Security Shambles

Filed under
  • In the opaque world of government hacking, private firms grapple with allegiances

    According to the employee, these disclosures sometimes happened before anyone informed the victim. In many cases, the activity was never publicly detailed. Microsoft is a well-known partner of U.S. law enforcement.


    When CyberScoop asked Microsoft to elaborate on the tech accord, the company refused to respond. Instead, the company sent a series of unrelated links to Microsoft’s software vulnerability disclosure policy. The disclosure policy does not answer whether Microsoft has informed or currently informs the U.S. government about cyber-espionage operations that it doesn’t publicly document.

  • DHS: Russian hackers [sic] got into control rooms of US utilities [iophk: "Microsoft Windows TCO + Windows mentality"]

    Department of Homeland Security (DHS) officials told the Journal that hackers [sic] working for a state-sponsored group known as Dragonfly or Energetic Bear were able to get inside the networks of U.S. utilities to the point that they could have disrupted power service and caused blackouts.

  • Microsoft Pulls July .NET Framework Patches Following App Failures

    Microsoft acknowledged that some organizations were adversely affected by the .NET Framework monthly updates that were released almost two weeks ago on "update Tuesday" (July 10).

  • If at first you, er, make things worse, you're probably Microsoft: Bug patch needed patching

    A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched.

    In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript.

    This is all according to researchers at Qihoo 360, who today claimed a security hole in the scripting engine was only partially resolved in Redmond's May Patch Tuesday, and was only permanently patched in this month's batch of fixes.

    Designated CVE-2018-8174, the flaw was a use-after-free() vulnerability in the scripting engine that could be exploited by a booby-trapped web page, when opened with Internet Explorer, or a malicious document, when opened by Office, to execute arbitrary devilish code with the current user's rights.

Security: Passwords Used by Daemons, Latest Updates and Reproducible Builds

Filed under
  • Passwords Used by Daemons

    When SSL support for Apache was first released the standard practice was to have the SSL private key encrypted and require the sysadmin enter a password to start the daemon. This practice has mostly gone away, I would hope that would be due to people realising that it offers little value but it’s more likely that it’s just because it’s really annoying and doesn’t scale for cloud deployments.

  • Security updates for Monday
  • Reproducible Builds: Weekly report #169

HardenedBSD 11-STABLE v1100056.1 Released

Filed under

For those relying upon BSD in security-critical environments, a new HardenedBSD 11-STABLE update is now available for this security-enhanced fork of FreeBSD.

HardenedBSD continues to be a "fork" of FreeBSD focused on shipping the maximum security potential. HardenedBSD adds in extra security technologies, exploit mitigations, and other tweaks compared to what is shipped by default in FreeBSD stable. HardenedBSD 11-STABLE v1100056.1 is available today as a minor update compared to their previous stable update from several weeks back.

Read more


Security: Data Security and Back Doors (ME) in Hardware

Filed under
  • Episode 106 - Data isn't oil, it's nuclear waste

    Josh and Kurt talk about Cory Doctorow's piece on Facebook data privacy. It's common to call data the new oil but it's more like nuclear waste. How we fix the data problem in the future is going to require solutions we can't yet imagine as well as new ways of thinking about the problems.

  • Intel Patches New ME Flaws That Could Let Hackers Run Arbitrary Code: Check For Patches

    Talking specifically about the flaws, the first one is CVE-2018-3627. Described as a logic bug, this easily exploitable bug allows code execution. CVE-2018-3628 is the more dangerous sibling which enables comprehensive remote code execution in the AMT process; it’s also identified as a “Buffer overflow in HTTP handler.”

  • Intel patches new ME vulnerabilities

    In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. Both advisories describe vulnerabilities with which an attacker could execute arbitrary code on the Minute IA PCH microcontroller.

    The vulnerabilities are similar to ones previously discovered by Positive Technologies security experts last November (SA-00086). But that was not the end of the story, as Intel has now released fixes for additional vulnerabilities in ME.

  • Why Intel will never let owners control the ME

    Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.

    The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.

    This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.

Security: Huawei, Singapore, and Voting Machines With Back Doors

Filed under
Syndicate content

More in Tux Machines

A Look At The Windows vs. Linux Scaling Performance Up To 64 Threads With The AMD 2990WX

This past week we looked at the Windows 10 vs. Linux performance for AMD's just-launched Ryzen Threadripper 2990WX and given the interest from that then ran some Windows Server benchmarks to see if the performance of this 64-thread CPU would be more competitive to Linux. From those Windows vs. Linux tests there has been much speculation that the performance disparity is due to Windows scheduler being less optimized for high core/thread count processors and its NUMA awareness being less vetted than the Linux kernel. For getting a better idea, here are benchmarks of Windows Server 2019 preview versus Ubuntu Linux when testing varying thread/core counts for the AMD Threadripper 2990WX. Toggled via the BIOS was SMT as well as various CCX configurations and each step of the way comparing the Windows Server 2019 Build 17733 performance to that of Ubuntu 18.04 LTS with the Linux 4.18 kernel in various multi-threaded benchmarks supported under both operating systems. Read more

Kernel: RISC-V and Virtual Machine

  • RISC-V's Linux Kernel Support Is Getting Into Good Shape, Userspace Starting To Work
    The RISC-V open-source processor ISA support within the mainline kernel is getting into good shape, just a few releases after this new architecture port was originally added to the Linux Git tree. The RISC-V code for Linux 4.19 includes the ISA-mandated timers and first-level interrupt controllers, which are needed to actually get user-space up and running. Besides the RISC-V first-level interrupt controller, Linux 4.19 also adds support for SiFive's platform-level interrupt controller that interfaces with the actual devices.
  • A Hearty Batch Of KVM Updates Land In Linux 4.19
    There is a lot of new feature work for the Kernel-based Virtual Machine (KVM) within the Linux 4.19 kernel.

Kate/KTextEditor Picks Up Many Improvements To Enhance KDE Text Editing

Even with KDE's annual Akademy conference happening this past week in Vienna, KDE development has been going strong especially on the usability front. The Kate text editor and the KTextEditor component within KDE Frameworks 5 have been the largest benefactors of recent improvements. This KDE text editing code now has support for disabling syntax highlighting entirely if preferred. When using syntax highlighting, there have been many KTextEditor enhancements to improve the experience as well as improvements to the highlighting for a variety of languages from JavaScript to YAML to AppArmor files. Read more

KStars v2.9.8 released

KStars 2.9.8 is released for Windows, MacOS, and Linux. It is a hotfix release that contains bug fixes and stability improvements over the last release. Read more Also: KDE Itinerary - How did we get here?