Security
Security Leftovers
Submitted by Roy Schestowitz on Friday 9th of March 2018 04:40:14 PM Filed under
-
Security updates for Friday
-
Memcached DDoS: This 'kill switch' can stop attacks dead in their tracks
The 1Tbps-plus memcached amplification attacks that hammered GitHub and other networks over the past week can be disarmed with a "practical kill switch", according to DDoS protection firm Corero.
-
Researchers Bypassed Windows Password Locks With Cortana Voice Commands
In Windows 10, the default setting tells Cortana to respond to any voice calling "Hey Cortana," even when the computer is locked. An alternate setting tries to limit this to just the computer owner by telling Cortana to "try to respond only to me." With this setting, the user provides voice-command samples to help the virtual assistant fingerprint and recognize it.
-
Cryptojacking attack uses leaked EternalBlue NSA exploit to infect servers
[Ed: Microsoft Windows back doors for NSA are now being exploited to infect servers]
-
NSA Exploit Leak is the Gift That Keeps on Giving
-
List Of Hackers Relased By An NSA Leak
At the point when the leaked version of Territorial Dispute keeps running on a target computer , it checks for signs of 45 distinct sorts of malware—perfectly marked SIG1 through SIG45—via looking for unique documents or registry keys those programs leave on victim machines.
SIG2 is malware utilized by another known Russian state hacker group, Turla.
- Login or register to post comments
Printer-friendly version
- Read more
- 1653 reads
PDF version
Security: Updates, DDOS. US and Election
Submitted by Roy Schestowitz on Thursday 8th of March 2018 05:13:36 PM Filed under
-
Security updates for Thursday
-
It just got much easier to wage record-breaking DDoSes
Now, two separate exploits are available that greatly lower the bar for waging these new types of attacks. The first one, called Memcrashed, prompts a user to enter the IP address to be targeted. It then automatically uses the Shodan search engine to locate unsecured memcached servers and abuses them to flood the target. Here's a screenshot showing the interface: [...]
-
Push to bolster election security stalls in Senate
But Lankford on Wednesday was forced to table an amendment to a bill moving through the Senate that was aimed at improving information-sharing between federal and state election officials on election cyber threats. State officials objected to the amendment.
-
Senate committee approves bill reorganizing Homeland Security’s cyber office
A key Senate panel on Wednesday advanced legislation to reauthorize the Department of Homeland Security (DHS) that includes a measure reorganizing the department’s cybersecurity wing.
The bill includes language that would reorganize and rename the office within the department that protects federal networks and critical infrastructure from physical and cyber threats, currently known as the National Protection and Programs Directorate (NPPD). Under the legislation, the entity would be transformed into an operational agency called the Cybersecurity and Infrastructure Security Agency.
- Login or register to post comments
Printer-friendly version
- Read more
- 1454 reads
PDF version
Security: Calling Cisco "Linux", DDoS Due to Bug, and Already Fixed Exim Bug
Submitted by Roy Schestowitz on Thursday 8th of March 2018 11:55:39 AM Filed under
-
Cisco hard-coded password bug gives attackers root on Linux machines [Ed: Liam Tung at it again. Lousy press with shoddy 'journalists' blame e Cisco bug or bug door on "Linux". Like blaming "Windows" for a Java bug...]
-
World's biggest DDoS attack record broken after just five days
-
400K+ Exim MTA affected by overflow vulnerability on Linux/Unix
- Login or register to post comments
Printer-friendly version
- Read more
- 1430 reads
PDF version
Security: Updates, Windows, Apple, and FUD
Submitted by Roy Schestowitz on Wednesday 7th of March 2018 09:46:09 PM Filed under
-
Security updates for Wednesday
-
Hackers Can Use Cortana To Compromise A Locked Windows PC [Ed: Misses the point that Microsoft, by virtue of turning all these PCs into listening devices for Big Brother, already compromised them all.]
Cortana is the AI-powered digital assistant that has one of its homes in Windows 10. It can do various tasks such as opening apps, doing simple math, suggest discount coupons, etc. But an Israel-based researcher duo, Tal Be’ery and Amichai Shulman, have discovered another thing Cortana can do. It can provide hackers a way to hack a Windows 10 PC, even if it’s locked.
An attacker can issue voice commands to Cortana and redirect the computer to a non-HTTPS website. The task is accomplished by attaching a USB network adapter to the target PC which intercepts the traffic and redirects the computer to the attacker’s malicious site to download malware.
-
iPhone Locked For 48 Years After 2-Year-Old Enters Wrong Passcode [Ed: Worry not, there are back doors for this bogus privacy and bogus security as FBI has already proven]
What is the worst thing that can happen when you enter a wrong passcode on your iPhone? Ask this Chinese woman who is the mother of a two-year-old.
-
Open-source Exim remote attack bug: 400,000 servers still vulnerable, patch now [Ed: Liam Tung makes an anti-FOSS piece out of admins who did not patch their server. Is CBS lacking actual news to report?]
-
Exim vulnerability opens 400,000 servers to remote code execution
-
New vulnerability in Exim software allows hackers to gain control of your mail server
-
Patch now! Half a million Exim mail servers need an urgent update
-
Buffer overflow in Unix mailer Exim imperils 400,000 email servers
-
400,000 servers at risk if open-source Exim remote attack bug is left unpatched
-
Securing open source leading up to GDPR enforcement [Ed: New Microsoft/Black Duck anti-FOSS drivel. Who writes this nonsense? Look at the arguments, it's pathetic dross.]
-
Snyk raises $7M to secure usage of open-source software for developers [Ed: Synk has mostly spread FUD and Microsoft-centric propaganda about FOSS. It's no friend.]
- Login or register to post comments
Printer-friendly version
- Read more
- 1591 reads
PDF version
Security Leftovers
Submitted by Roy Schestowitz on Wednesday 7th of March 2018 11:18:22 AM Filed under
-
A few things I've learned about computer networking
But I thought it could maybe be useful to list a bunch of concrete skills and concepts I’ve learned along the way. Like anything else, “computer networking” involves a large number of different concepts and skills and tools and I’ve learned them all one at a time. I picked most of these things up over the last 4 years.
-
Making security sustainable
Perhaps the biggest challenge will be durability. At present we have a hard time patching a phone that’s three years old. Yet the average age of a UK car at scrappage is about 14 years, and rising all the time; cars used to last 100,000 miles in the 1980s but now keep going for nearer 200,000. As the embedded carbon cost of a car is about equal to that of the fuel it will burn over its lifetime, we just can’t afford to scrap cars after five years, as do we laptops.
-
US senator grills CEO over the myth of the hacker-proof voting machine
Zetter unearthed a 2006 contract with the state of Michigan and a report from Pennsylvania's Allegheny County that same year that both showed ES&S employees using a remote-access application called pcAnywhere to remotely administer equipment it sold.
- Login or register to post comments
Printer-friendly version
- Read more
- 1704 reads
PDF version
Plasma 5.12.3 bugfix updates available for 17.10 backports PPA
Submitted by Rianne Schestowitz on Wednesday 7th of March 2018 09:48:13 AM Filed under

Users of Kubuntu 17.10 Artful Aardvark can now upgrade via our backports PPA to the 3rd bugfix release (5.12.3) of the Plasma 5.12 LTS release series from KDE.
(Testers of 18.04 Bionic Beaver will need to be patient as the Ubuntu archive is currently in Beta 1 candidate freeze for our packages, and but we hope to update the packages there once the Beta 1 is released)
The full changelog of fixes for 5.12.3 can be found here.
- Login or register to post comments
Printer-friendly version
- Read more
- 1759 reads
PDF version
Security: DDoS, Reproducible Builds, and Microsoft Word
Submitted by Roy Schestowitz on Wednesday 7th of March 2018 07:45:06 AM Filed under
-
Hackers Set New DDoS World Record: 1.7 Tbps
Not even a week has passed since the code sharing platform GitHub suffered the world’s biggest DDoS attack recorded at 1.35Tbps. Just four days later, the world record of the biggest DDoS has been broken in an attempt to take down the systems of an unknown entity identified as a “US-based service provider”.
-
DDoS Record Broken Again as Memcached Attack Hits 1.7 Tbps
The size of massive distributed denial-of-service attacks continues to grow, hitting yet another new high on March 5, with a report of a 1.7-Tbps attack.
The attack was reported by Netscout Arbor and came just four short days after the March 1 report of the then largest DDoS attack at 1.35 Tbps against GitHub. Both of the record breaking DDoS attacks were enabled via improperly configured memcached servers that reflected attack traffic, amplifying the total volume.
-
Reproducible Builds: Weekly report #149
-
Hacking operation uses malicious Word documents to target aid organisations
A newly uncovered 'nation-state level' cyber espionage operation has targeted humanitarian aid organisations around the globe via the use of backdoors hidden within malicious Word documents.
Dubbed Operation Honeybee based on the name of lure documents used during the attacks, the campaign has been discovered by security researchers at security company McAfee Labs after a new variant of the Syscon backdoor malware was spotted being distributed via phishing emails.
- Login or register to post comments
Printer-friendly version
- Read more
- 1537 reads
PDF version
Security: Updates, 4G LTE, and Chip Bugs Handling by Oracle and OpenIndiana
Submitted by Roy Schestowitz on Tuesday 6th of March 2018 08:11:49 PM Filed under
-
Security updates for Tuesday
-
Researchers detail new 4G LTE vulnerabilities allowing spoofing, tracking, and spamming
4G LTE isn’t nearly as secure or private as you think it is. Mobile privacy and security are both at risk. Researchers from Purdue University and the University of Iowa have released a new research paper detailing ten attacks on 4G LTE networks. Some attacks allow fake emergency alerts to be sent to a phone, others allow for the spoofing or tracking of the target’s location. The attacks could be carried out with less than $4,000 of equipment and open source 4G LTE software.
-
Oracle Brings KPTI Meltdown Mitigation To Linux 4.1
If for some reason you are still riding the Linux 4.1 kernel series, you really should think about upgrading to at least a newer LTS series in the near future. But if you still plan on riding it for a while longer, at least it's getting page table isolation support for Meltdown mitigation.
An Oracle kernel developer has posted patches bringing kernel page table isolation (KPTI, formerly known as KAISER) to the Linux 4.1 stable kernel series.
-
OpenIndiana Now Has KPTI Support Up For Testing To Mitigate Meltdown
The Solaris-derived OpenIndiana operating system now has KPTI (Kernel Page Table Isolation) support for testing to mitigate the Intel Meltdown CPU vulnerability.
Thanks in large part to the work done by Joyent on KPTI support for SmartOS/OmniOSce, the Illumos kernel used by OpenIndiana now has a KPTI implementation for testing. They have spun up some live install images for testing as well as an IPS repository containing a KPTI-enabled kernel build. With this KPTI work is also PCID (Process Context Identifier) support too.
-
A long two months
I had a quiet New Year's Eve and Day for the beginning of 2018. We had originally planned a trip away with my parents and some friends from southern California, but they all fell through -- my father was diagnosed with cancer late in 2017 and their trip to visit us in the U.S. was cancelled, and our friends work in medicine and wound up being on call. One of Lou's other friends came to visit us, instead: she was on a mission to experience midnight twice on January 1st by flying from Hong Kong to San Francisco. That might sound like an excuse to party hard, but instead we sat around an Ikea table playing board games, drinking wine and eating gingerbread. It was very pleasant.
[...]
To mitigate Meltdown (and partially one of the Spectre variants), you have to make sure that speculative execution cannot reach any sensitive data from a user context.
- Login or register to post comments
Printer-friendly version
- Read more
- 1577 reads
PDF version
Security: Memcached, Intel MKTME, and Open Source Security Podcast
Submitted by Roy Schestowitz on Tuesday 6th of March 2018 12:38:57 PM Filed under
-
Security researchers' warning over Linux feature used in biggest ever DDoS attack on Github [Ed: Crappy corporate media blames on Linux something which is neither Linux nor GNU. “Memcached is free and open-source software, licensed under the Revised BSD license. Memcached runs on Unix-like operating systems and on Microsoft Windows” -Wikipedia]
The distributed denial of service (DDoS) attack targeting Github last week, which at its peak involved 1.3 terabits per second (Tbps) of traffic, has been attributed to the exploitation of a feature that was never intended to be exposed to the internet
The eight-minute attack last Wednesday was more than twice the next-largest ever recorded DDoS attack. It took advantage of the Memcached feature of Linux in an attack described as "memcached amplification".
In these attacks, hackers inundate servers with small UDP-based packets. These are designed in a way so that they look like they were created by the target of the attack.
Akamai helped GitHub fend off the attack. The company explained that Memcached techniques "can have an amplification factor of over 50,000, meaning a 203 byte request results in a 100 megabyte response.
-
Secure memcached server to avoid DDoS amplification attacks
-
Intel MKTME Support Being Prepped For The Linux Kernel: Total Memory Encryption
Intel developers are working on bringing transparent memory encryption support to the Linux kernel that works in conjunction with upcoming Intel platforms.
-
Open Source Security Podcast: Episode 86 - What happens when 23 thousand certificates leak?
- Login or register to post comments
Printer-friendly version
- Read more
- 1277 reads
PDF version
Security: Updates, Ethereum. 4G LTE, and Compromised Guest Account
Submitted by Roy Schestowitz on Monday 5th of March 2018 08:52:23 PM Filed under
-
Security updates for Monday
-
Ethereum responds to eclipse attacks described by research trio
What is an "eclipse" attack? Amy Castor, who follows Bitcoin and Ethereum, walked readers in Bitcoin Magazine through this type of attack.
"An eclipse attack is a network-level attack on a blockchain, where an attacker essentially takes control of the peer-to-peer network, obscuring a node's view of the blockchain."
Catalin Cimpanu, security news editor for Bleeping Computer: "Eclipse attacks are network-level attacks carried out by other nodes by hoarding and monopolizing the victim's peer-to-peer connection slots, keeping the node in an isolated network."
Meanwhile, here are some definitions of Ethereum. It is an open software platform based on blockchain technology.
-
4G LTE Loopholes Invite Unwanted Phone And Location Tracking, Fake Emergency Alerts
In a new paper, the researchers at Purdue University and the University of Iowa have discovered vulnerabilities in three procedures of the LTE protocol.
The loopholes could be exploited to launch 10 new attacks, such as location tracking, intercepting calls and texts, making devices offline, etc. With the help of authentication relay attacks, an evil mind can connect to a network without credentials and impersonate a user. A situation of an artificial emergency can be created by issuing fake threat alerts, similar to the recent missile launch alerts in Hawai.
-
Compromised Guest Account
Some of the workstations I run are sometimes used by multiple people. Having multiple people share an account is bad for security so having a guest account for guest access is convenient.
If a system doesn’t allow logins over the Internet then a strong password is not needed for the guest account.
If such a system later allows logins over the Internet then hostile parties can try to guess the password. This happens even if you don’t use the default port for ssh.
- Login or register to post comments
Printer-friendly version
- Read more
- 1266 reads
PDF version

More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
today's leftovers
| OSS Leftovers
|
OpenBSD and NetBSD
| Security: Twitter and Facebook
|
Recent comments
16 hours 38 sec ago
1 day 21 hours ago
1 day 21 hours ago
2 days 9 hours ago
2 days 10 hours ago
3 days 5 hours ago
3 days 6 hours ago
4 days 10 hours ago
5 days 14 hours ago
6 days 21 hours ago