Language Selection

English French German Italian Portuguese Spanish

Microsoft

Proprietary and Openwashing: Facebook. Skype, LinkedIn, Talend, and Slack

Filed under
Microsoft

Angelfire

Filed under
Microsoft
Security

Today, August 31st 2017, WikiLeaks publishes documents from the Angelfire project of the CIA. Angelfire is an implant comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system. Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7).

Solartime modifies the partition boot sector so that when Windows loads boot time device drivers, it also loads and executes the Wolfcreek implant, that once executed, can load and run other Angelfire implants. According to the documents, the loading of additional implants creates memory leaks that can be possibly detected on infected machines.

Keystone is part of the Wolfcreek implant and responsible for starting malicious user applications. Loaded implants never touch the file system, so there is very little forensic evidence that the process was ever ran. It always disguises as "C:\Windows\system32\svchost.exe" and can thus be detected in the Windows task manager, if the operating system is installed on another partition or in a different path.

BadMFS is a library that implements a covert file system that is created at the end of the active partition (or in a file on disk in later versions). It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named "zf".

The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the 'UserInstallApp'.

Read more

Bugs? What bugs? Microsoft sees no evil.

Filed under
Microsoft

On Aug. 23, Microsoft released Windows 10 Fall Creators Update Build 16273. This late beta doesn’t introduce new features. It’s all about stabilizing the next Windows 10 update before releasing it to the public. In short, it’s a bug-fix version — with a twist. While Microsoft tells us which bugs have been fixed in this build, it doesn’t say anything about new bugs, or old bugs that haven’t been fixed.

Read more

Microsoft Openwashing of Visual Studio and LinkedIn

Filed under
Microsoft

Desktop: Entroware's New GNU/Linux Laptop, Microsoft Caught Red-handed

Filed under
GNU
Linux
Microsoft

Openwashing: Oracle, Mono, Microsoft and Red Hat

Filed under
Microsoft
  • Oracle Open Source Library now available to C and C++ developers [Ed: openwashing of a link to Oracle's proprietary lockin]

    The production release of the Oracle Database Programming Interface for C (ODPI-C), which gives more streamlined access to C and C++ developers to Oracle Database, has been launched on GitHub.

    The open-source wrapper is aimed primarily at language interface developers, allowing users to quickly call more common features of the Oracle Call Interface (OCI), the main C API for Oracle Database. But the company says that its conciseness makes it a flexible and accessible tool.

  • Mono 5.2 Released With Various Changes [Ed: Microsoft lockin painted as "open"]
  • Microsoft's .NET Core 2.0: What's new and why it matters
  • Microsoft Launches .NET Core 2.0 With Better Linux Support
  • Tips for finding partners open enough to work with you

    Imagine I'm working on the front line of an open organization, and I'm committed to following principles like transparency, inclusivity, adaptability, collaboration, community, accountability, and commitment to guide that front-line work. A huge problem comes up. My fellow front-line workers and I can't handle it on our own, so we discuss the problem and decide that one of us has to take it to top management. I'm selected to do that.

    When I do, I learn there is nothing we can do about the problem within the company. So management decides to let me present the issue to outside individuals who can help us.

    In my search for the expertise required to fix the problem, I learned that no single individual has that expertise—and that we must find an outside, skilled partner (company) to help us address the issue.

Slackware Security and Windows Insecurity

Filed under
Microsoft
Security
Slack
  • OpenJDK7 and Flash Player security updates (Aug ’17)

    On the blog of IcedTea release manager Andrew Hughes (aka GNU/Andrew) you can find the announcement for IcedTea 2.6.11 which builds OpenJDK 7u151_b01. This release includes the official July 2017 security fixes for Java 7. Note that the security updates for Java 8 were already pushed to my repository some time ago.

  • Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

    Miscreants are using various techniques, including the leaked NSA EternalBlue exploit also wielded by the WannaCry malware, to hack into laptops and other devices used by government and business travelers, FireEye researchers declared on Friday.

Microsoft Hardware Woes

Filed under
Hardware
Microsoft

Dumbo

Filed under
Microsoft
Security

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Read more

Syndicate content

More in Tux Machines

Openwashing Cars

  • Open source: sharing patents to speed up innovation
    Adjusting to climate change will require a lot of good ideas. The need to develop more sustainable forms of industry in the decades ahead demands vision and ingenuity. Elon Musk, chief executive of Tesla and SpaceX, believes he has found a way for companies to share their breakthroughs and speed up innovation. Fond of a bold gesture, the carmaker and space privateer announced back in 2014 that Tesla would make its patents on electric vehicle technology freely available, dropping the threat of lawsuits over its intellectual property (IP). Mr Musk argued the removal of pesky legal barriers would help “accelerate the advent of sustainable transport”. The stunning move has already had an impact. Toyota has followed Tesla by sharing more than 5,600 patents related to hydrogen fuel cell cars, making them available royalty free. Ford has also decided to allow competitors to use its own electric vehicle-related patents, provided they are willing to pay for licences. Could Telsa’s audacious strategy signal a more open approach to patents among leading innovators? And if more major companies should decide to adopt a carefree attitude to IP, what are the risks involved?
  • Autonomous car platform Apollo doesn't want you to reinvent the wheel
    Open source technologies are solving many of our most pressing problems, in part because the open source model of cooperation, collaboration, and almost endless iteration creates an environment where problems are more readily solved. As the adage goes, "given enough eyeballs, all bugs are shallow." However, self-driving vehicle technology is one rapidly growing area that hasn't been greatly influenced by open source. Most of today's autonomous vehicles, including those from Volkswagen, BMW, Volvo, Uber, and Google, ride on proprietary technology, as companies seek to be the first to deliver a successful solution. That changed recently with the launch of Baidu's Apollo.

today's leftovers

  • KDE Applications 18.04 Brings Dolphin Improvements, JuK Wayland Support
    The KDE community has announced the release today of KDE Applications 18.04 as the first major update to the open-source KDE application set for 2018.
  • Plasma Startup
    Startup is one of the rougher aspects of the Plasma experience and therefore something we’ve put some time into fixing [...] The most important part of any speed work is correctly analysing it. systemd-bootchart is nearly perfect for this job, but it’s filled with a lot of system noise.
  • Announcing Virtlyst – a web interface to manage virtual machines
    Virtlyst is a web tool that allows you to manage virtual machines. In essence it’s a clone of webvirtmgr, but using Cutelyst as the backend, the reasoning behind this was that my father in law needs a server for his ASP app on a Win2k server, the server has only 4 GiB of RAM and after a week running webvirtmgr it was eating 300 MiB close to 10% of all available RAM. To get a VNC or SPICE tunnel it spawns websockify which on each new instance around 20 MiB of RAM get’s used. I found this unacceptable, a tool that is only going to be used once in a while, like if the win2k freezes or goes BSOD, CPU usage while higher didn’t play a role on this.
  • OPNFV: driving the network towards open source "Tip to Top"
    Heather provides an update on the current status of OPNFV. How is its work continuing and how is it pursuing the overall mission? Heather says much of its work is really ‘devops’ and it's working on a continuous integration basis with the other open source bodies. That work continues as more bodies join forces with the Linux Foundation. Most recently OPNFV has signed a partnership agreement with the open compute project. Heather says the overall OPNFV objective is to work towards open source ‘Tip to top’ and all built by the community in ‘open source’. “When we started, OPNFV was very VM oriented (virtual machine), but now the open source movement is looking more to cloud native and containerisation as the way forward,” she says. The body has also launched a C-RAN project to ensure that NFV will be ready to underpin 5G networks as they emerge.
  • Ubuntu Podcast from the UK LoCo: S11E07 – Seven Years in Tibet - Ubuntu Podcast
  • Failure to automate: 3 ways it costs you
    When I ask IT leaders what they see as the biggest benefit to automation, “savings” is often the first word out of their mouths. They’re under pressure to make their departments run as efficiently as possible and see automation as a way to help them do so. Cost savings are certainly a benefit of automation, but I’d argue that IT leaders who pursue automation for cost-savings alone are missing the bigger picture of how it can help their businesses. The true value of automation doesn’t lie in bringing down expenses, but rather in enabling IT teams to scale their businesses.
  • Docker Enterprise Edition 2.0 Launches With Secured Kubernetes
    After months of development effort, Kubernetes is now fully supported in the stable release of the Docker Enterprise Edition. Docker Inc. officially announced Docker EE 2.0 on April 17, adding features that have been in development in the Docker Community Edition (CE) as well as enhanced enterprise grade capabilities. Docker first announced its intention to support Kubernetes in October 2017. With Docker EE 2.0, Docker is providing a secured configuration of Kubernetes for container orchestration. "Docker EE 2.0 brings the promise of choice," Docker Chief Operating Officer Scott Johnston told eWEEK. "We have been investing heavily in security in the last few years, and you'll see that in our Kubernetes integration as well."

today's howtos

Debian Milestones and Diversity Update

  • 15.010958904109589041
    And yes! On April 15, I passed the 15-year-mark as a Debian Developer.
  • 10 years + 1 day
    yesterday 10 years ago I became a Debian Developer.
  • Diversity Update
    Which brings us to a panel for the upcoming Debconf in Taiwan. There is a suggestion to have a Gender Forum at the Openday. I'm still not completely sure what it should cover or what is expected for it and I guess it's still open for suggestions. There will be a plan, let's see to make it diverse and great! I won't promise to send the next update sooner, but I'll try to get back into it. Right now I'm also working on a (German language) submission for a non-binary YouTube project and it would be great to see that thing lift off. I'll be more verbose on that front.