Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security: Updates, Windows, Medtronic and FUD

Filed under
Security
  • Security updates for Thursday
  • Norwegian firm attack likely through Microsoft Active Directory: claim

    The Windows network at the Norwegian aluminium maker Norsk Hydro was probably infiltrated by attackers who planted the LockerGoga ransomware using something like scheduled tasks or services in Microsoft's Active Directory, a British security expert says.

  • Microsoft starts notifying Windows 7 users about end of support

    Microsoft’s end of support date means that Windows 7 users will no longer receive security updates, and the company wants consumers to upgrade to Windows 10 PCs instead. While the notification doesn’t mention Windows 10, Microsoft links to a new Windows 7 site that encourages consumers to upgrade their PCs.

  • Critical flaw lets [attackers] control lifesaving devices implanted inside patients

    The federal government on Thursday warned of a serious flaw in Medtronic cardio defibrillators that allows attackers to use radio communications to surreptitiously take full control of the lifesaving devices after they are implanted in a patient.

    Defibrillators are small, surgically implanted devices that deliver electrical shocks to treat potentially fatal irregular heart rhythms. In recent decades, doctors have increasingly used radios to monitor and adjust the devices once they're implanted rather than using older, costlier, and more invasive means. An array of implanted cardio defibrillators made by Medtronic rely on two types of radio-based consoles for initial setup, periodic maintenance, and regular monitoring. Doctors use the company's CareLink Programmer in clinics, while patients use the MyCareLink Monitor in homes to regularly ensure the defibrillators are working properly.

  • New vulnerability reporting platform aims to make open source safer [Ed: Ad disguised as an article for firm that works with Microsoft and never speaks about back doors in proprietary software]

Security: AccessEnforcer, Windows Ransomware Does Major Damage, Spammers Send Junk Mail to Thousands of Printers, Google Cleanup and More

Filed under
Security
  • VLANs and More Added to AccessEnforcer UTM Firewall

    AccessEnforcer Version 4.1 also updates firewall's operating system to OpenBSD 6.3. OpenBSD is one of the most secure operating systems in the world. Version 6.3 provides additional mitigations against the Spectre and Meltdown vulnerabilities and also mitigates against return-oriented programming and other memory corruption attacks. 

  • Norwegian aluminium firm slowly recovering from ransomware attack

     

    Norwegian aluminium maker Norsk Hydro says it has made some progress restoring its systems back to normal after being hit by Windows ransomware known as LockerGoGa on Monday evening.  

  • Spammers Send Junk Mail to Thousands of Printers

    Spam has been with us since the very first days of email, but a Russian marketing agency recently took things a stage further by sending good old-fashioned paper-based junk mail over the internet.

    The company claims to have advertised a graphic design course for its client Skillbox using a software bot that searched for online printers. It printed a one-page promotion on every device it found, directing them to a website boasting about its exploits.

    The website for the company's marketing campaign, which I am deliberately not linking to here, explains that "by the 2024", it is "94% likely" that bots will replace accountants, auditors, and financial analysts by the million. Consequently, it says, accountants (or anyone else worried about being replaced by AI) should learn graphic design instead. The stats come from a five-year-old Oxford Martin School report, but that needn't concern us here.

    What's more interesting is another statistic: 600,000. That’s how many printers the marketing agency claim to have clogged up with advertising, according to this report from Graham Cluley.

    [...]

    It wouldn't be the first time that someone had spammed printers online. In December, a hacker calling himself TheHackerGiraffe spammed 50,000 printers promoting popular YouTube celebrity PewDiePie. Other incidents have been much darker. Nazi nerd Andrew Aurenheimer, a.k.a. Weev, sent white supremacist messages to every printer in North America that he could find instead of using Shodan, he used Masscan, which is a mass IP port scanner. 

  • Android clampdown on calls and texts access trashes bunch of apps

    Android looks a little less open now that Google has begun to enforce draconian new rules on accessing a phone's call and text logs.

    Developers have been forced to remove features or in some cases change the fundamental nature of the application. One example is BlackBerry's Hub, an email client which also aggregated notifications from a variety of apps and presented them chronologically in a timeline. This application has lost its ability to includes calls and texts in that timeline.

    Exceptions created by Google don't seem to be honoured, developers complained. One said that an enterprise archiving app – a category specifically exempt from the clampdown – has been broken.

    Another developer, Miroslav Novosvetsky of MobileSoft, rued that he might have to withdraw his Callistics usage monitor app altogether.

  • The martian packet case in our Neutron floating IP setup

    A community member opened a bug the other day related to a weird networking behavior in the Cloud VPS service, offered by the Cloud Services team at Wikimedia Foundation. This VPS hosting service is based on Openstack, and we implement the networking bits by means of Neutron.

    Our current setup is based on Openstack Mitaka (old, I know) and the networking architecture we use is extensively described in our docs. What is interesting today is our floating IP setup, which Neutron uses by means of the Netfilter NAT engine.

    Neutron creates a couple of NAT rules for each floating IP, to implement both SNAT and DNAT. In our setup, if a VM uses a floating IP, then all its traffic to and from The Internet will use this floating IP. In our case, the floating IP range is made of public IPv4 addresses.

LibreOffice 6.2.2 Office Suite Released with More Than 50 Fixes, Download Now

Filed under
LibO
Security

While LibreOffice 6.1 is still the recommended version for those who want a more stable and well-tested LibreOffice office suite, LibreOffice 6.2.2 is here for technology enthusiasts and early adopters who want to get a taste of the latest new features and innovations in the free and open-source office suite used by millions of computer users worldwide.

"LibreOffice 6.2.2 represents the bleeding edge in term of features for open source office suites, and as such is not optimized for enterprise-class deployments, where features are less important than robustness. Users wanting a more mature version can download LibreOffice 6.1.5, which includes some months of back-ported fixes.," said Italo Vignoli.

Read more

Security: Turris, New BSD Router Project Release and PuTTY Has Holes

Filed under
Security
  • Turris: secure open-source routers

    One of the other things it is doing is creating open-source home routers. It started because CZ.NIC wondered about how safe home users are from network attacks. Are there active attacks against home users? And, if so, how frequent are they and what kinds of attacks are being made? To figure out the answer, the organization created Project Turris to create a secure router that it gave away. These routers would monitor the network and report suspicious traffic back to the project. They also served as endpoints for some honeypots that the project was running.

    CZ.NIC wanted to make the Turris router "the right way", he said, so the organization made it all open source. The router has automatic security updates and users are given root access on the device. It also sported some "interesting hardware", Hrušecký said; it had a two-core PowerPC CPU, 2GB of RAM, and 256MB of NAND flash.

    Based on the information provided by the Turris routers, CZ.NIC researchers started publishing reports about what they were finding. That led some people to ask if they could get the routers themselves, because they felt that other router makers were "not doing things right". That led to the creation of commercial Turris routers: the Turris Omnia (which was reviewed here in 2016) and the upcoming Turris Mox. Those routers will still allow people to participate in the research if they choose to.

    Building the routers with free and open-source software (FOSS) is really the only way to go, he said. The project knew that it was not going to be able to compete with small, cheap routers, so it created routers with lots of capability that would allow them to run lots of different kinds of services. FOSS makes it easy to get started on a project like this because there is lots of available software that can be easily integrated into the OS.

    These routers allow users to do whatever they want and people believe they are more capable than they truly are, Hrušecký said. That means they break things in "really creative ways". Sometimes they will make custom changes, completely outside of the OS framework, which get overwritten with the next automatic update. These are "tricky problems" to handle; the project would not have if it locked its users out. At some "dark moments" he understands why some companies do that.

  • BSD Router Project Release 1.92 (2019/03/20)
  • Putty 0.71 Fixes Weakness That Allows Fake Login Prompts

    The latest version of PuTTY SSH and Telnet client adds protection against spoofing the terminal authentication prompt to steal login info. Recently released, the update comes after a 20-month hiatus and fixes a total of eight security issues.

    An attacker taking advantage of this weakness could allow authentication on a malicious server with no password and at the start of the session send the text PuTTY shows when prompting for the private key passphrase.

The Many Flavors of Linux

Filed under
GNU
Linux
Security

Linux is not as popularly used in both the security- and user-focused computing worlds as other OSes such as Windows and macOS, but it can still be used for both. In fact, depending on your needs, there are many different flavors of Linux you can use.

And the different versions have key differences between them. Aside from security user-focused distros, there are what can be considered unique Linux distros that have their own specific uses, weird as they may be. This article will detail some of the many flavors of Linux available today and will leave you with a better understanding of their differences, and you will be in a better position to select the distro of Linux for your needs.

Read more

Security: Updates, Microsoft, Mirai, Reproducible Builds and PuTTY

Filed under
Security

Tor-Powered Tails 3.13 Anonymous Linux OS Adds Extra Security and Latest Updates

Filed under
Security
Debian

Powered by the Linux 4.19.28 kernel, the Tails 3.13 operating system is now available with latest TOR technologies to help you stay hidden while surfing the Internet, including the Tor Browser 8.0.7 anonymous web browser and Tor 0.3.5.8 client and server for the anonymous Tor network.

However, probably the most important addition in the Tails 3.13 release is the updated Intel microcode to version 3.20180807a.2, which adds an extra security measure against more variants of the well-known Spectre, Meltdown, and L1TF (Level 1 Terminal Fault) security vulnerabilities.

Read more

Security: Elsevier Left Users’ Passwords Exposed Online and Norsk Hydro of Norway Got Windows Cracked

Filed under
Security
  • Education and Science Giant Elsevier Left Users’ Passwords Exposed Online

    It’s not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.

  • Norwegian aluminium firm goes manual after Windows ransomware attack

    Norwegian aluminium maker Norsk Hydro has been under what it describes as "an extensive cyber attack" that has affected several areas of the company's operations. The malware affecting the firm is believed to the LockerGoga ransomware that attacks Windows systems.

  • “Severe” ransomware attack cripples big aluminum producer

    Norsk Hydro of Norway said the malware first hit computers in the United States on Monday night. By Tuesday morning, the infection had spread to other parts of the company, which operates in 40 countries. Company officials responded by isolating plants to prevent further spreading. Some plants were temporarily stopped, while others, which had to be kept running continuously, were switched to manual mode when possible. The company’s 35,000 employees were instructed to keep computers turned off but were allowed to use phones and tablets to check email.

Security: Updates, Trust, IPFire 2.21 and Superuserss

Filed under
Security
  • 40 Linux Server Hardening Security Tips [2019 edition]
  • Why Trust Is Key for Cyber-Security Risk Management

    "Trust" is an often-overused term, but according to Rohit Ghai, president of RSA Security, trust is the key to understanding and managing digital risk.

    In a video interview with eWEEK, Ghai discusses his views on trust, where the concept of an artificial intelligence "digital twin" fits in and why there could well be a need to redefine industry cyber-security categories to better reflect how risk management technologies should work. He also provides insight into how RSA Security's products, including Archer, Netwitness and SecurID, fit together to help organizations provide trust and manage risk.

    "As long as we pay attention to the idea of risk and trust co-existing and taking a risk orientation to security, I think we'll be fine," Ghai said. "Trust is important. We are living in an era where people are losing faith or trust in technology, and we have to act now to restore it."

  • IPFire 2.21 - Core Update 129 is ready for testing

    The next release is available for testing - presumably going to be last release in the 2.21 series before we bring some bigger changes. This update has a huge number and significant changes for IPsec as well as many updates to the core system and various smaller bug fixes.

  • Superuser accounts: What they are and how to secure them

    Most security technologies are helpless in protecting against superusers because they were developed to protect the perimeter – but superusers are already on the inside. Superusers may be able to change firewall configurations, create backdoors and override security settings, all while erasing traces of their activity.

    Insufficient policies and controls around superuser provisioning, segregation and monitoring further heighten risks. For instance, database administrators, network engineers and application developers are frequently given full superuser-level access. Sharing of superuser accounts among multiple individuals is also a rampant practice, which muddles the audit trail. And in the case of Windows PCs, users often log in with administrative account privileges –far broader than what is needed.

Syndicate content

More in Tux Machines

R.I.P. mrdocs (1963–2019)

The Scribus Team is deeply saddened to announce the loss of our friend and colleague Peter Linnell who in the end lost his long battle against cancer. It is no understatement to say that without Peter Scribus wouldn’t be what it is today. It was Peter who spotted the potential of Franz Schmid’s initially humble Python program and, as a pre-press consultant at the time, contacted Franz to make him aware of the necessities of PostScript and PDF support, among other things. Peter also wrote the first version of the Scribus online documentation, which resulted in his nickname “mrdocs” in IRC and elsewhere. Until recently, and despite his detoriating health, Peter continued to be involved in building and releasing new Scribus versions. Read more

New features in OpenStack Neutron

OpenStack is the open source cloud infrastructure software project that provides compute, storage, and networking services for bare-metal, container, and VM workloads. To get a sense of the core functionality and additional services, check out the OpenStack map. The platform has a modular architecture that works across industry segments because infrastructure operators can choose the components they need to manage their infrastructure in the way that best supports their application workloads. The modules are also pluggable to provide further flexibility and make sure they can be used with a specific storage backend or software-defined networking (SDN) controller. Neutron is an OpenStack project to provide a de-facto standard REST API to manage and configure networking services and make them available to other components such as Nova. Read more

today's leftovers

  • Full Circle Weekly News #125
  • Why Open19 Designs Matter for Edge Computing [Ed: Openwashing Microsoft without even any source code]
    On the opening day of this year's Data Center World in Phoenix, Yuval Bachar, LinkedIn's principal engineer of data center architecture, was on hand to explain why the social network's Open19 Project will be an important part of data centers' move to the edge.
  • Course Review: Applied Hardware Attacks: Rapid Prototying & Hardware Implants
    Everyone learns in different ways. While Joe is happy to provide as much help as a student needs, his general approach probably caters most to those who learn by doing. Lecture is light and most of the learning happens during the lab segments. He gives enough space that you will make mistakes and fail, but not so badly that you never accomplish your objective. If you read the lab manual carefully, you will find adequate hints to get you in the right direction. On the other hand, if you’re a student that wants to site in a classroom and listen to an instructor lecture for the entire time, you are definitely in the wrong place. If you do not work on the labs, you will get very, very, little out of the course. The rapid prototyping course is a good introduction to using the 3D printer and pcb mill for hardware purposes, and would be valuable even for those building hardware instead of breaking it. It really opened my eyes to the possibilities of these technologies. On the other hand, I suspect that the hardware implants course has limited application. It’s useful to learn what is possible, but unless you work in secure hardware design or offensive security that would use hardware implants, it’s probably not something directly applicable to your day to day.
  • Nulloy – Music Player with Waveform Progress Bar
    I’ve written a lot about multimedia software including a wide range of music players, some built with web-technologies, others using popular widget toolkits like Qt and GTK. I want to look at another music player today. You may not have heard of this one, as development stalled for a few years. But it’s still under development, and it offers some interesting features. It’s called Nulloy. The software is written in the C++ programming language, with the user interface using the Qt widget toolkit. It’s first release was back in 2011.
  • A Complete List of Google Drive Clients for Linux

Security Leftovers