Language Selection

English French German Italian Portuguese Spanish

Security

Nasty security bug found and fixed in Linux apt

Filed under
Linux
Security

If you want to install a program on the Debian/Ubuntu/Mint Linux distribution family, you almost always end up using the core software installer program Advanced Package Tool (apt). It works well, but security researcher Max Justicz recently found a nasty way to make a man-in-the-middle attack on apt.

Adding salt to this wound, Justicz found the hole would enable a remote attacker to execute arbitrary code as root on any system installing any package. To understand how it attacks, you need to understand how apt works.

Read more

Security Updates, Reproducible Builds and More Debian Maintenance

Filed under
Security
Debian
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #195

    As part of the Debian Long Term Support (LTS) effort it was noticed that an old package was failing to build beyond ~2015.

  • Kai-Chung Yan: My Open-Source Activities from November to December 2018

    I do not work on open-source full-time, although I sincerely would love to. Therefore the posts may cover a ridiculously long period (even a whole year).

    Debian

    Debian is a general-purpose Linux distribution that is widely used on the planet. I am a Debian Developer who works on packages related to Android SDK and the Java ecosystem.

    After a month of hardwork, I finally finished the packaging of android-platform-art. The tricky part was that this package is the first of our Android SDK packages that fails to build using GCC, which was realized only after I had patched an awful lot of code.

  • Free Software Activities in December 2018

    Hello again for another of my monthly updates on my work on Debian Science and the FreeCAD ecosystem.

    There's only a few announcement items since I was mostly enjoying my holidays, but several important things were accomplished this month. Also, since there's not much time left before the release of Debian 10, there's some consideration to be done towards what I'll be working on in the next few months.

OPNsense 19.1-RC1 released

Filed under
Security
BSD

For almost four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.

Download links, an installation guide[1] and the checksums for the images can be found below as well.

Read more

Also: OPNsense 19.1-RC1 Released With Many Improvements To This BSD Firewall Platform

Security: Updates, SDNs, Oklahoma’s Department of Securities (ODS)

Filed under
Security
  • Security updates for Monday
  • Break free from traditional network security

    From a security stance, the network is becoming perimeterless, and rather than a hard network barrier, the corporate network needs to be porous; security inside the network has to be zero-trust.

    The experts Computer Weekly contacted regarding perimeterless network security generally agree that such an architecture is not easy to achieve, but software-defined networking (SDN) and containerisation offer network security architects a sound foundation on which to implement a perimeterless network security strategy.

  • State agency exposes 3TB of data, including FBI info and remote logins

    Oklahoma’s Department of Securities (ODS) exposed three terabytes of files in plain text on the public internet this month, which contained sensitive data including social security numbers, details of FBI investigations, credentials for remote access to computers, and the names of AIDS patients.

    Researchers at security company UpGuard found the files using the Shodan search engine, which indexes internet-connected devices. In this case, they ran across an unsecured rsync server registered to ODS.

    Rsync is a utility commonly found on Unix and Linux systems that enables administrators to synchronize files between different computers. It is used for ‘delta’ syncing, in which one computer copies to another only the parts of files that have changed, enabling them to maintain identical copies of the files in different locations.

Security: Bogdan Popa's Latest Microsoft FUD, Banks With Windows, Huawei Scare, and It's Possible to Install Malicious Things on Google

Filed under
Security
  • Linux Virus Removes Security Software to Mine Monero [Ed: Bogdan Popa, "Microsoft News Editor" (basically the Microsoft PR/propagandist of Softpedia), only ever writes about GNU/Linux to attack it. Here too he uses a misleading title, a provocative headline and picture. These are already-compromised machines. It's not a "Linux" issue per se. So yeah... Microsoft loves Linux... Linux FUD.]
  • Hackers Wield Commoditized Tools to Pop West African Banks

    Symantec says. Attackers also used an open source, remote administration tool for Windows called UltraVNC, then infected systems with Cobalt Strike malware, which can also provide backdoors onto PCs and download additional malware. "Communication with the C&C server was handled by dynamic DNS infrastructure, which helped shield the location of the attackers."

  • Huawei and Apple smartphones are both made in China, so what is the difference?

    Do Huawei phones really pose that much more of a security risk than iPhones in the face of China's potential espionage threat? A

  • Google Play malware used phones’ motion sensors to conceal itself

    Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection—they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks.

  • New Android Malware Uses Motion Sensors To Stay Hidden

    ecurity measures are not the only ones seeing improvements! Malicious apps are also figuring out new ways to enhance its working, and one such Android malware proves this.

Security: ThreadX, Kali Linux, Rocke and Data Loss

Filed under
Security
  • Vulnerabilities Found in Highly Popular Firmware for WiFi Chips

    WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction.

    The security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software powering Wi-Fi chips.

    The firmware is also powering the Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC) from Marvell, present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.

  • Wolf Halton on what’s changed in tech and where we are headed

    The tech industry is changing at a massive rate especially after the storage options moved to the cloud. However, this has also given rise to questions on security, data management, change in the work structure within an organization, and much more. Wolf Halton, an expert in Kali Linux, tells us about the security element in the cloud. He also touches upon the skills and knowledge that should be inculcated in your software development cycle in order to adjust to the dynamic tech changes at present and in the future. Following this, he juxtaposes the current software development landscape with the ideal one.

  • Rocke coinminer disables cloud protection agents

    A group of hackers that specializes in infecting servers with cryptocurrency mining software has started disabling security software agents used in cloud environments to evade detection. Known as Rocke in the security industry, the group has been active since at least April 2018 and is known for exploiting critical vulnerabilities in web application frameworks and servers like Apache Struts, Oracle WebLogic and Adobe ColdFusion.

  • Malware used by “Rocke” group evolves to evade detection by cloud security products
  • Malware uninstalls cloud security products from Linux machines

    After removing the cloud security, the malware then proceeded to mine the monero cryptocurrency on its hosts.

  • I Nearly Lost All Of My Data!

    At this point I’m really worried. You see, I cancelled my off-site Amazon Glacier backups around 6 months ago. What are the chances of both a 4 disk RAID failing AND a USB drive at the same time? Not likely, I thought. Boy was I wrong

Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

Filed under
Linux
Security

With the Linux 5.1 kernel cycle that should get underway in just over one month's time, there will now be the long in development work (it's been through 15+ rounds of public code review!) for supporting atomic replace and cumulative patches.

Read more

IPFire 2.21 - Core Update 127 is available for testing

Filed under
GNU
Linux
Security

New year, new update ready for testing! We have been busy over the holidays and are bringing you an update that is packed with new features and many many performance improvements.

This is quite a long change log, but please read through it. It is worth it!

Read more

Security: Bo Weaver, New Scares, Clones With Malware

Filed under
Security
  • Bo Weaver on Cloud security, skills gap, and software development in 2019

    Bo Weaver, a Kali Linux expert shares his thoughts on the security landscape in the cloud. He also talks about the skills gap in the current industry and why hiring is a tedious process. He explains the pitfalls in software development and where the tech is heading currently.

    Bo, along with another Kali Linux expert Wolf Halton were also interviewed on why Kali Linux is the premier platform for testing and maintaining Windows security. They talked about advantages and disadvantages for using Kali Linux for pentesting. We also asked them about what they think about pentesting in cybersecurity, in general. They have also talked about their stance about the role of pentesting in cybersecurity in their interview titled, “Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity”

    [...]

    I laugh and cry at this term. I have a sticker on my laptop that says “There is no Cloud…. Only other people’s computers.” Your data is sitting on someone else’s system along with other people’s data. These other people also have access to this system. Sure security controls are in place but the security of “physical access” has been bypassed.

    You’re “in the box”. One layer of security is now gone.
    Also, your vendor has “FULL ACCESS” to your data in some cases. How can you be sure what is going on with your data when it is in an unknown box in an unknown data center? The first rule of security is “Trust No One”. Do you really trust Microsoft, Amazon, or Google? I sure don’t!!! Having your data physically out of your company’s control is not a good idea. Yes, it is cheaper but what are your company and its digital property worth?

    [...]

    In software development, I see a dumbing down of user interfaces. This may be good for my 6-year-old grandson, but someone like me may want more access to the system. I see developers change things just for the reason of “change”. Take Microsoft’s Ribbon in Office. Even after all these years, I find the ribbon confusing and hard to use. At least, with Libre Office, they give you a choice between a ribbon and an old school menu bar. The changes in Gnome 3 from Gnome 2. This dumbing down and attempting to make a desktop usable for a tablet and a mouse totally destroyed the usability of their desktop. What used to take 1 click now takes 4 clicks to do.

  • Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity [Interview]
  • Cloud security products uninstalled by mutating malware [Ed: Affects already-compromised servers]

    Linux is more prevalent than one might think, Microsoft Azure is now predominantly run on Linux servers - it's not just the Chinese cloud environments being hosted via Linux, it's likely that your business is running at least one cloud service on a Linux server too.

  • Google Play still has a clone problem in 2019 with no end in sight

    A fake app tries to clone another app in name, looks, and functionality, often also adding something like malware. Despite Google’s best efforts, both types of apps were fairly common in 2018.

Security: Cincoze Back Doors (ME), Windows 10 Mobile Killed (No More Patches), New FUD About 'Linux Servers'

Filed under
Security
  • Industrial Apollo Lake mini-PC features dual GbE with PoE

    Cincoze announced a compact, rugged “DA-1100” embedded PC with an Apollo Lake SoC, triple display support, dual GbE ports with PoE, 4x USB 3.0 ports, SATA, and expansion via mini-PCIe and homegrown add-on modules.

    Cincoze has updated its “entry level” Intel Bay Trail based DA-1000 industrial mini-PC, which is sold under the same name in the U.S. by Logic Supply. The new Apollo Lake based DA-1100, which is now referred to as an edge computer is not only a bit faster, but offers a few key enhancements, including PoE and triple displays. No pricing was listed by Taiwan-based Cincoze, but Logic Supply sold the earlier DA-1000 at $569 and up including a 32GB SATA SSD. It’s possible the new model will end up at Logic Supply as well.

  • Microsoft is Ending Windows 10 Mobile Support on December 10th, 2019

    After the end of support, Windows Phones will continue to work, but some features will eventually shut down. Automatic and manual backups for settings and apps will cease after March 10, 2020. And services like photo upload and device restore will stop December 2020.

  • Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report [Ed: They make it sound like GNU/Linux is the problem; but it relies on already-compromised GNU/Linux systems]

    A new cryptojacking malware has the ability to disable cloud-based security measures to avoid detection on Linux servers, research by information security company Palo Alto Networks Jan. 17 reveals.

    The malware in question mines Monero (XMR) and is reportedly a modified version of one used by the so-called “Rocke” group, originally discovered by cybersecurity firm Talos in August last year. According to the research, one of the first things that the malware does is check for other cryptocurrency mining processes and add firewall rules to block any other cryptojacking malware.

Syndicate content

More in Tux Machines

Today in Techrights

Q4OS Linux Revives Your Old Laptop and Give it Windows Looks

Q4OS is a lightweight Linux distribution based on Debian. It imitates the look and feel of Windows. Read the complete review to know more about Q4OS Linux. Read more

Android Leftovers

today's leftovers

  • Clear Linux Has A Goal To Get 3x More Upstream Components In Their Distro
    For those concerned that running Clear Linux means less available packages/bundles than the likes of Debian, Arch Linux, and Fedora with their immense collection of packaged software, Clear has a goal this year of increasing their upstream components available on the distribution by three times. Intel Fellow Arjan van de Ven provided an update on their bundling state/changes for the distribution. In this update he shared that the Clear Linux team at Intel established a goal this year to have "three times more upstream components in the distro. That's a steep growth, and we want to do that with some basic direction and without reducing quality/etc. We have some folks figuring out what things are the most desired that we lack, so we can add those with most priority... but this is where again we more than welcome feedback."
  • The results from our past three Linux distro polls
    You might think this annual poll would be fairly similar from year to year, from what distros we list to how people answer, but the results are wildly different from year to year. (At the time of the creation of each poll, we pull the top 15 distributions according to DistroWatch over the past 12 months.) Last year, the total votes tallied in at 15,574! And the winner was PCLinuxOS with Ubuntu a close second. Another interesting point is that in 2018, there were 950 votes for "other" and 122 comments compared to this year with only 367 votes for "other" and 69 comments.
  • Fedora Strategy FAQ Part 3: What does this mean for Fedora releases?
    Fedora operating system releases are (largely) time-based activity where a new base operating system (kernel, libraries, compilers) is built and tested against our Editions for functionality. This provides a new source for solutions to be built on. The base operating systems may continue to be maintained on the current 13 month life cycle — or services that extend that period may be provided in the future. A solution is never obligated to build against all currently maintained bases.
  • How open data and tools can save lives during a disaster
    If you've lived through a major, natural disaster, you know that during the first few days you'll probably have to rely on a mental map, instead of using a smartphone as an extension of your brain. Where's the closest hospital with disaster care? What about shelters? Gas stations? And how many soft story buildings—with their propensity to collapse—will you have to zig-zag around to get there? Trying to answer these questions after moving back to earthquake-prone San Francisco is why I started the Resiliency Maps project. The idea is to store information about assets, resources, and hazards in a given geographical area in a map that you can download and print out. The project contributes to and is powered by OpenStreetMap (OSM), and the project's entire toolkit is open source, ensuring that the maps will be available to anyone who wants to use them.
  • Millions of websites threatened by highly critical code-execution bug in Drupal

    Drupal is the third most-widely used CMS behind WordPress and Joomla. With an estimated 3 percent to 4 percent of the world's billion-plus websites, that means Drupal runs tens of millions of sites. Critical flaws in any CMS are popular with hackers, because the vulnerabilities can be unleashed against large numbers of sites with a single, often-easy-to-write script.

  • Avoiding the coming IoT dystopia
    Bradley Kuhn works for the Software Freedom Conservancy (SFC) and part of what that organization does is to think about the problems that software freedom may encounter in the future. SFC worries about what will happen with the four freedoms as things change in the world. One of those changes is already upon us: the Internet of Things (IoT) has become quite popular, but it has many dangers, he said. Copyleft can help; his talk is meant to show how. It is still an open question in his mind whether the IoT is beneficial or not. But the "deep trouble" that we are in from IoT can be mitigated to some extent by copyleft licenses that are "regularly and fairly enforced". Copyleft is not the solution to all of the problems, all of the time—no idea, no matter how great, can be—but it can help with the dangers of IoT. That is what he hoped to convince attendees with his talk. A joke that he had seen at least three times at the conference (and certainly before that as well) is that the "S" in IoT stands for security. As everyone knows by now, the IoT is not about security. He pointed to some recent incidents, including IoT baby monitors that were compromised by attackers in order to verbally threaten the parents. This is "scary stuff", he said.