Language Selection

English French German Italian Portuguese Spanish

Security

Using Ksplice To Detect Exploit Attempts

Filed under
Linux
Security
HowTos

Ksplice is a very cool technology. Ksplice allows you to patch important security updates to your system without a reboot. The in-memory code is patched as well as on-disk components, closing all the gaps for a security vulnerability. All the while, your applications keep running.

A new feature of Ksplice is Known Exploit Detection. When you patch your system with Ksplice, not only is the security vulnerability closed, but also tripwires are laid down for privilege escalation vulnerabilities. If an attacker attempts to exploit a CVE you’ve patched, Ksplice notifies you.

Ksplice is both protecting your system and alerting you to suspicious activity. Very cool.

Read more

Also: Oracle's Ksplice Live Kernel Patching Picks Up Known Exploit Detection

Security: Windows, Marcus Hutchins, Phishing, OpenVPN, DARPA, DINSIC

Filed under
Security
  • The latest Windows patch is breaking even more PCs with antivirus installed

    Earlier this week we reported that Microsoft halted updates to Windows PCs running Sophos and Avast’s security solutions, following user complaints that their machines were locking up or failing to boot. Since then, the list of known issues for the rogue update was itself updated to acknowledge compatibility issues with Avira and ArcaBit antivirus installed, with Microsoft temporarily blocking updates to those affected systems, too. Today, Ars Technica noticed that Microsoft is investigating compatibility issues for systems with McAfee antivirus installed, though it hasn’t started blocking the April 9 update from those PCs just yet.

  • ‘WannaCry Hero’ Marcus Hutchins Pleads Guilty to Making Banking Malware [iophk: "It looks like they squeezed malware tech with a “plea bargain”. So I would take reports of a guilty plea with a large grain of salt. They probably threatened him with 1000s of years in prison as an alternative. The plea “deal” is not mentioned in the summary, thus misleading the public about the situation."]

    Marcus Hutchins, a security researcher known for helping stop the destructive WannaCry ransomware, plead guilty to hacking crimes on Friday.

    Hutchins was accused of writing a banking malware called Kronos in 2014, after he finished high school. The researcher was arrested in Las Vegas after attending the hacker conference Def Con in 2017. Days later, he plead not guilty in a Milwaukee courtroom. He was scheduled to be tried this summer.

  • Google will begin to block sign-ins from embedded browser frameworks in June

    Phishing — schemes to nab personal data with disguised malicious webpages and emails — constituted more than 70% of all cyber attacks in 2016, according to a Verizon report. In an effort to combat them, Google last year announced it would require users to enable JavaScript during Google Account sign-in so that it could run attack-detecting risk assessments, and today, the company said it’ll begin to block all sign-ins from embedded browser frameworks like Chromium Embedded Framework starting in June.

  • A deeper look into OpenVPN: Security vulnerabilities

    OpenVPN is the backbone of online security. It is supported in many popular virtual private network (VPN) providers such as NordVPN and ExpressVPN, and continues to receive frequent updates well into its 17th year in operation.

    It’s an unwritten rule of information technology, however, that popular security protocols will attract the largest contingent of hackers. As OpenVPN is open source, it is therefore much easier for hackers to locate and exploit security vulnerabilities within the software design.

    Nevertheless, the value of the open-source model is that it promotes open collaboration, thus encouraging other programmers to suggest changes to the design. This way, security vulnerabilities can be communicated directly to the developers, who then have the option to patch the software and eliminate the vulnerability.

  • DARPA’s New/Old Plan for a Hack-Proof Voting Machine

    The Pentagon’s top research arm is working to build a hack-proof voting machine by combining something brand new with something old – specifically, secure open-source hardware and software using advanced cryptography on one end, and good old paper on the other.

    The Defense Advanced Research Projects Agency (DARPA) recently awarded the tech company Galois a $10 million contract for the project, which grew out of a broader agency project to remedy hardware vulnerabilities, the snappily named SSITH, for System Security Integrated Through Hardware and Firmware.

    Galois, which focuses on ensuring the trustworthiness of hardware and software, will design the system, which will start with a different approach used by established voting machine makers, who have come under criticism over the vulnerabilities in their systems, Motherboard reported. For one, it will use open-source software, rather than the proprietary systems used by companies such as Election Systems & Software. It also will use open-source hardware, built from designs developed under the SSITH program.

  • New Attacks (and Old Attacks Made New)

    This is shown again in Fortinet's latest Global Threat Landscape Report for the fourth quarter of 2018, where we reported that exploits that targeted individual organizations — often variations of existing malware or the misuse of FOSS (free/open source software) security tools — continue to grow at a rapid pace: 10% over the quarter, while the number of unique exploits they experienced increased by 5%. This suggests that, despite some reports suggesting that malicious actors follow the same work routines as their victims, cybercriminals didn't take much of a break over the holidays. And as you would expect, all of this malware — especially botnets — is becoming more complex and harder to detect.

  • Security flaw in French government messaging app exposed confidential conversations

    Tchap wasn’t built from scratch. The DINSIC, France’s government agency in charge of all things digital, forked an open-source project called Riot, which is based on an open-source protocol called Matrix.

    In a few words, Matrix is a messaging protocol that features end-to-end encryption. It competes with other protocols, such as the Signal Protocol that is widely used by consumer apps, such as WhatsApp, Signal, Messenger’s secret conversations and Google Allo’s incognito conversions — Messenger and Allo conversations aren’t end-to-end encrypted by default.

  • French Government's 'Secure' WhatsApp Replacement Hacked In Just 90 Minutes

    In order to better protect official conversations, the French government developed its own secure instant messaging alternative to WhatsApp.

Security: Iran, Google, GrammaTech, FireEye and Latest FUD From WhiteSource

Filed under
Security
  • Someone is Leaking an Iranian Hacking Group's Arsenal

    For the last few weeks, someone has been publishing the source code of the hacking tools used by a high-level attack team that’s been linked to the Iranian government. The tools belong to a group known variously as APT34 and OilRig, and whoever is dumping them appears to have some interest in not just exposing the tools but also the group’s operations.

    The leaks began in late March on a Telegram channel and have continued through this week. Researchers at Chronicle, a security company owned by Google’s parent company, Alphabet, have examined the leaked tools and confirmed that they are indeed the same ones used by the OilRig attackers. OilRig has been connected to a number of intrusions at companies and government agencies across the Middle East and Asia, including technology firms, telecom companies, and even gaming companies. Whoever is leaking the toolset also has been dumping information about the victims OilRig has targeted, as well as data identifying some of the servers the group uses in its attacks.

  • Google will examine new Android developer accounts more closely

    For the better part of two years, Google has made a concerted effort to improve control over data in Android apps, chiefly by introducing system-level changes in Android, refining its Google Play developer policies, requiring developers to disclose the collection and use of sensitive data, and restricting access to certain permissions (like those involving SMS and call logs). But it hasn’t always been fully transparent with about these changes, and toward that end, the Mountain View company today announced that it’s “clarifying” several of its rules and reviewing the way it handles noncompliant apps.

  • GrammaTech Releasing Binary Analysis and Rewriting Interface into Open Source
  • Adobe Flash security tool Flashmingo debuts in open source community [Ed: Just kill Adobe Trash. The sooner, the better. This one helps openwashing of that malicious proprietary software blob, courtesy of CBS.]
  • Open Source Tool From FireEye Automates Analysis of Flash Files

    Security company FireEye this week announced the release of an open source tool designed to automate the analysis of Adobe Flash files in order to identify malware and prevent infections.

  • Counting Vulnerabilities In Open Source Projects and Programming Languages [Ed: Microsoft partner and anti-FOSS front group WhiteSource is once again using FUD in order to promote its brand and its non-FOSS 'services'; they advertise by bashing FOSS. Microsoft proud.]

Security Leftovers

Filed under
Security
  • Riccardo Padovani: Responsible disclosure: improper access control in Gitlab private project.

    As I said back in September with regard to a responsible disclosure about Facebook, data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a practical side.

  • Integrating Password and Privilege Management for Unix and Linux Systems[Ed: More spammy pages under the guise of "whitepaper"]

    Unix and Linux build the foundation for most business-critical systems. Thus, they present target-rich environments for cyber-attackers. Privileged Access Management (PAM) helps to mitigate such risks. To succeed, security teams must follow an integrated approach, covering both privilege elevation and centralized management of shared account credentials.

  • How Not to Acknowledge a Data Breach

    My guess is that what Wipro means by “zero-day” is a malicious email attachment that went undetected by all commercial antivirus tools before it infected Wipro employee systems with malware.

  • Facebook stored millions of Instagram passwords in plain text

    Facebook says it stored millions of Instagram users’ passwords in plain text, leaving them exposed to people with access to certain internal systems. The security lapse was first reported last month, but at the time, Facebook said it only happened to “tens of thousands of Instagram users,” whereas the number is now being revised up to “millions.” The issue also affected “hundreds of millions of Facebook Lite users” and “tens of millions of other Facebook users.”

  • Update: Facebook passwords for hundreds of millions of users were exposed to Facebook employees

    Facebook confirmed March 21 that hundreds of millions of user passwords were being stored in a “readable format” within its servers, accessible to internal Facebook employees—including millions more Instagram users than previously thought. Affected users will be notified, Facebook said, so they can change those passwords.

  • Facebook 'unintentionally' uploaded 1.5 million people's email contacts without asking

    This is how it unfolded: a security researcher spotted that Facebook was asking some users to put in their email passwords when they signed up with a new account to verify their identity. Business Insider then experimented with what would happen if you were brave/mad enough to do so and found that a message popped up saying it was "importing" its contacts without having the decency to check that was okay first.

    Apparently, 1.5 million people just accepted this as just one of those things, and the information was then used to build up Facebook's uncanny ability to predict when you know somebody.

  • In new gaffe, Facebook improperly collects email contacts for 1.5 million

    Facebook's privacy gaffes keep coming. On Wednesday, the social media company said it collected the stored email address lists of as many as 1.5 million users without permission. On Thursday, the company said the number of Instagram users affected by a previously reported password storage error was in the "millions," not the "tens of thousands" as previously estimated.

  • Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent

    Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network, Business Insider can reveal. The Silicon Valley company said the contact data was "unintentionally uploaded to Facebook," and it is now deleting them.

  • With Nation Distracted by Mueller Report, Facebook Admits Millions of Users' Passwords Affected by Latest Privacy Breach

    On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.

    "Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."

    The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.

Security Leftovers

Filed under
Security

10 Best Linux Password Managers

Filed under
GNU
Linux
Security

Password managers are applications created to enable users to keep their passwords in a single place and absolve themselves of the need to remember every single one of their passwords.

They, in turn, encourage clients to use passwords that are as complex as possible and remember a single master password. Modern password managers even go an extra mile to keep other information such as card details, files, receipts, etc. safely locked away from prying eyes.

You might be wondering which password manager app will work best on your Linux machine and I am here to answer your question with my list of the 10 best Linux password managers.

Read more

Security: DNS, Windows, Kaspersky and Lethal USB

Filed under
Security
  • The wave of domain hijackings besetting the Internet is worse than we thought

    The report was published Wednesday by Cisco’s Talos security group. It indicates that three weeks ago, the highjacking campaign targeted the domain of Sweden-based consulting firm Cafax. Cafax’s only listed consultant is Lars-Johan Liman, who is a senior systems specialist at Netnod, a Swedish DNS provider. Netnod is also the operator of i.root, one of the Internet’s foundational 13 DNS root servers. Liman is listed as being responsible for the i-root. As KrebsOnSecurity reported previously, Netnod domains were hijacked in December and January in a campaign aimed at capturing credentials. The Cisco report assessed with high confidence that Cafax was targeted in an attempt to re-establish access to Netnod infrastructure.

  • New Windows Zero-Day Vulnerability Grants Hackers Full Control Over PCs [Ed: The NSA already had these permissions. Now everyone has these.]

    According to the latest Kaspersky Lab Report, a Windows Zero-Day vulnerability is serving as a backdoor for hackers to take control of users’ PCs.

    The latest exploit utilizes a use-after-free attack and has a technical name CVE-2019-0895. The exploit is found in win32k.sys and grants hackers Local Privilege meaning they’re able to access resources usually outside of users’ capabilities.

  • New zero-day vulnerability CVE-2019-0859 in win32k.sys
  • AP Exclusive: Mysterious operative haunted Kaspersky critics

    He also asked Giles to repeat himself or speak louder so persistently that Giles said he began wondering “whether I should be speaking into his tie or his briefcase or wherever the microphone was.”

    “He was drilling down hard on whether there had been any ulterior motives behind negative media commentary on Kaspersky,” said Giles, a Russia specialist with London’s Chatham House thinktank who often has urged caution about Kaspersky’s alleged Kremlin connections. “The angle he wanted to push was that individuals — like me — who had been quoted in the media had been induced by or motivated to do so by Kaspersky’s competitors.”

  • Feds: Saint Rose grad used 'killer' device to fry computers

    In 2016, College of Saint Rose graduate assistant Vishwanath Akuthota said he believed there was a "lot of opportunity" for him at the school.

    On Monday, federal prosecutors said he took advantage of a different kind of opportunity — access to campus — when he destroyed dozens of computers at a cost of more than $50,000.

  • Student Uses “USB Killer” To Fry $58,000 Worth of Computers

OpenSSH 8.0 released

Filed under
Security
BSD

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Read more

Security: Updates, Oracle, Cisco, Buzzwords and Wi-Fi 'Hacking'

Filed under
Security

Gentoo News: Nitrokey partners with Gentoo Foundation to equip developers with USB keys

Filed under
Gentoo
Security

The Gentoo Foundation has partnered with Nitrokey to equip all Gentoo developers with free Nitrokey Pro 2 devices. Gentoo developers will use the Nitrokey devices to store cryptographic keys for signing of git commits and software packages, GnuPG keys, and SSH accounts.

Thanks to the Gentoo Foundation and Nitrokey’s discount, each Gentoo developer is eligible to receive one free Nitrokey Pro 2. To receive their Nitrokey, developers will need to register with their @gentoo.org email address at the dedicated order form.

A Nitrokey Pro 2 Guide is available on the Gentoo Wiki with FAQ & instructions for integrating Nitrokeys into developer workflow.

Read more

Syndicate content