Language Selection

English French German Italian Portuguese Spanish

Security

Security: Necurs, Uber, and Intel ME

Filed under
Security

Security: Firefox "Breach Alerts", Uber Crack, and Intel Back Doors

Filed under
Security
  • Firefox “Breach Alerts” Will Warn If You Visit A ‘Hacked’ Website

    One more thing is coming to add to the capabilities of the recently released Firefox 57 aka Firefox Quantum.

    Mozilla is working on a new feature for Firefox, dubbed Breach Alerts, which will warn users when they visit a website, whether it was hacked in the past or not.

  • GCHQ: change your passwords now even if Uber says it contained the breach

    Uber claims to have paid $100,000 to secure 57 million accounts exposed in a breach last year, but the UK's spy agency, GCHQ, suggests consumers don't place too much faith in Uber’s claim.

    The GCHQ's National Cyber Security Centre (NCSC) on Thursday published guidance for Uber users, reminding those affected by the firm’s just revealed 2016 breach they should take precautionary action even if their personal details may not have been compromised.

    The agency warned that Uber drivers and riders should “immediately change passwords” that were used for Uber.

  • Drive-By Phishing Scams Race Toward Uber Users

    Indeed, hardly any time elapsed after Uber came clean Tuesday about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses (see Fast and Furious Data Breach Scandal Overtakes Uber).

  • EU authorities consider creating data breach justice league to tackle uber hack

    Multiple investigations prompted by Uber's admission that it concealed a hack could join together for one big mega-probe into the incident.

    An EU working group which has responsibility for data protection will decide next week whether to co-ordinate different investigations taking place in the UK, Italy, Austria, Poland and the Netherlands.

  • Intel Didn't Heed Security Experts Warnings About ME [Ed: Intel refused to speak about back doors until it became too mainstream a topic, then pretended it's a "bug"]

    For nearly eight years, the chip maker has been turning a deaf ear on security warnings about the wisdom of Intel Management Engine.

Security: Uber Sued, Intel ‘Damage Control’, ZDNet FUD, and XFRM Privilege Escalation

Filed under
Security
  • Uber hit with 2 lawsuits over gigantic 2016 data breach

    In the 48 hours since the explosive revelations that Uber sustained a massive data breach in 2016, two separate proposed class-action lawsuits have been filed in different federal courts across California.

    The cases allege substantial negligence on Uber’s part: plaintiffs say the company failed to keep safe the data of the affected 50 million customers and 7 million drivers. Uber reportedly paid $100,000 to delete the stolen data and keep news of the breach quiet.

    On Tuesday, CEO Dara Khosrowshahi wrote: “None of this should have happened, and I will not make excuses for it.”

  • Intel Releases Linux-Compatible Tool For Confirming ME Vulnerabilities [Ed: ‘Damage control’ strategy is to make it look like just a bug.]

    While Intel ME security issues have been talked about for months, confirming fears that have been present about it for years, this week Intel published the SA-00086 security advisory following their own internal review of ME/TXE/SPS components. The impact is someone could crash or cause instability issues, load and execute arbitrary code outside the visibility of the user and operating system, and other possible issues.

  • Open source's big weak spot? Flawed libraries lurking in key apps [Ed: Linux basher Liam Tung entertains FUD firm Snyk and Microsoft because it suits the employer's agenda]
  • SSD Advisory – Linux Kernel XFRM Privilege Escalation

Security: UEFI, Updates, Uber

Filed under
Security

Recommended Privacy Tools (Apps, Add-Ons, Search Engines) for Ubuntu Users

Filed under
GNU
Linux
Security
Web
HowTos

This is an user-friendly list of tools to protect user's internet privacy for Ubuntu users. The tools including search engine (StartPagec.com), add-ons (HTTPS Everywhere, Disconnect), and programs (DNSCrypt Proxy, OpenVPN) that are easy for beginners to install on Ubuntu. This list introduces the importance of privacy for all of you (yes, please read PrivacyTools.io) and that protecting your privacy is not difficult. This list is kept short so you can learn one by one and exercise them on many computers you have. I wish this helps you a lot!

Read more

Security: Uber, Replacing x86 Firmware, 'IoT' and Chromebook

Filed under
Security
  • Key Dem calls for FTC to investigate Uber data breach

    A key Democrat is calling on the Federal Trade Commission (FTC) to investigate a massive Uber breach that released data on 57 million people, as well as the company's delay in reporting the cyber incident.

  • Multiple states launch probes into massive Uber breach
  • Replacing x86 firmware with Linux and Go

    The problem, Minnich said, is that Linux has lost its control of the hardware. Back in the 1990s, when many of us started working with Linux, it controlled everything in the x86 platform. But today there are at least two and a half kernels between Linux and the hardware. Those kernels are proprietary and, not surprisingly, exploit friendly. They run at a higher privilege level than Linux and can manipulate both the hardware and the operating system in various ways. Worse yet, exploits can be written into the flash of the system so that they persist and are difficult or impossible to remove—shredding the motherboard is likely the only way out.

  • Connected sex-toy allows for code-injection attacks on a robot you wrap around your genitals

    However, the links included base-64 encoded versions of the entire blowjob file, making it vulnerable to code-injection attacks. As Lewis notes, "I will leave you to ponder the consequences of having an XSS vulnerability on a page with no framebusting and preauthed connection to a robot wrapped around or inside someones genitals..."

  • Chromebook exploit earns researcher second $100k bounty

    For Google’s bug bounty accountants, lightning just struck twice.

    In September 2016, an anonymous hacker called Gzob Qq earned $100,000 (£75,000) for reporting a critical “persistent compromise” exploit of Google’s Chrome OS, used by Chromebooks.

    Twelve months on and the same researcher was wired an identical pay out for reporting – yes! – a second critical persistent compromise of Google’s Chrome OS.

    By this point you might think Google was regretting its 2014 boast that it could confidently double its maximum payout for Chrome OS hacks to $100,000 because “since we introduced the $50,000 reward, we haven’t had a successful submission.”

    More likely, it wasn’t regretting it at all because isn’t being told about nasty vulnerabilities the whole point of bug bounties?

  • Why microservices are a security issue

    And why is that? Well, for those of us with a systems security bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of microservices.

Ubuntu 17.10 Users Get Major Kernel Update, 20 Security Vulnerabilities Patched

Filed under
Security

If you're using the latest Ubuntu 17.10 (Artful Aardvark) operating system on your personal computer, you should know that it received it's first major kernel update since the official release back in October 19, 2017. The update addresses a total of 20 security vulnerabilities for Ubuntu 17.10's Linux 4.13 kernel packages, including the Raspberry Pi 2 one.

Among the security issues patched in this update, five are related to Linux kernel's USB subsystem, including a use-after-free vulnerability, which could allow a physically proximate attacker to crash the affected system by causing a denial of service (DoS attack) or possibly execute arbitrary code. Other three are related to the ALSA subsystem, including a race condition.

Read more

Security: Updates, Intel, Uber and HBO

Filed under
Security

Security: Updates, Intel, Torvalds

Filed under
Security
  • Security updates for Tuesday
  • Intel: We've found severe bugs in secretive Management Engine, affecting millions

    Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers.

    The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS).

  • Open Source Security Podcast: Episode 71 - GitHub's Security Scanner

    Josh and Kurt talk about GitHub's security scanner and Linus' security email. We clarify the esoteric difference between security bugs and non security bugs.

  • Linus Torvalds 'sorry' for swearing, blames popularity of Linux itself

    Linux overlord Linus Torvalds has apologised – a bit – for calling some security-centric kernel contributors “f*cking morons”.

    Torvalds unleashed a profanity-laden rant at Google developer Kees Cook, over the latter's proposal to harden the kernel.

    Another Google security chap, Matthew Garret, asked Torvalds “ Can you clarify a little with regard to how you'd have liked this patchset to look?”

    To which Torvalds responded that “I think the actual status of the patches is fairly good with the default warning.”

pfSense 2.4.2-RELEASE now available

Filed under
Security
BSD

We are excited to announce the release of pfSense® software version 2.4.2, now available for new installations and upgrades!

pfSense software version 2.4.2 is a maintenance release bringing security patches and stability fixes for issues present in previous pfSense 2.4.x branch releases.

pfSense 2.4.2-RELEASE updates and installation images are available now!

Read more

Syndicate content