Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Episode 19: Democratizing Cybersecurity

    Katherine Druckman and Doc Searls talk to Alex Gounares of Polyverse Linux about Cybersecurity for everyone.

  • Introducing the Librem Tunnel

    You probably know by now that the Librem Tunnel is part of Librem One, a suite of privacy-protecting, no-tracking apps and services created by our team at Purism, which also includes Librem Mail, Librem Chat and Librem Social.

    Librem Tunnel offers an encrypted, no-logging, virtual private network tunnel, making sure all your network traffic is secure and your privacy fully protected. This means you can safely and conveniently use any public hotspot and not have to worry about how private your connection really is, using standards-based OpenVPN with any compatible client. You are not the product in Librem Tunnel: you will not be tracked, we do not sell your data, and we don’t advertise.

  • Trump Explains Why He Banned Huawei, And It’s Not Convincing

    The world’s two biggest economies are indulged in a trade war and the toll is being paid by the Chinese company Huawei, which is being erased from existence in the US.

    The US government has already blacklisted Huawei, causing a big blow to its growing smartphone business across the globe. After the temporary license ends in August, it won’t be able to do any business with US-based companies unless the ban is lifted.

  • Snort Alerts

    It was previously explained on LinuxHint how to install Snort Intrusion Detection System and how to create Snort rules. Snort is an Intrusion Detection System designed to detect and alert on irregular activities within a network. Snort is integrated by sensors delivering information to the server according to rules instructions.
    In this tutorial Snort alert modes will be explained to instruct Snort to report over incidents in 5 different ways (ignoring the “no alert” mode), fast, full, console, cmg and unsock.

    If you didn’t read the articles mentioned above and you don’t have previous experience with snort please get started with the tutorial on Snort installation and usage and continue with the article on rules before continuing this lecture. This tutorial assumes you have Snort already running.

Security: Updates, ZombieLoad, FTP, Hack.lu, Hacking SETI, and Microsoft Chaos

Filed under
Security
  • Security updates for Thursday
  • ZombieLoad Mitigation Costs For Intel Haswell Xeon, Plus Overall Mitigation Impact

    With tests over the past week following the disclosure of the Microarchitectural Data Sampling (MDS) vulnerabilities also known as "Zombieload", we've looked at the MDS mitigation costs (and now the overall Spectre/Meltdown/L1TF/MDS impact) for desktop CPUs, servers, and some laptop hardware. I've also begun doing some tests on older hardware, such as some Phoronix readers curious how well aging Intel Haswell CPUs are affected.

  • How to enhance FTP server security [Ed: It just needs to be abandoned]
  • Hack.lu 2019 Call for Papers, Presentations and Workshops

    The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October (22-24.10.2019). The most significant new discoveries about computer network attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a three days series of informative tutorials. We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the hack.lu technical review committee. This year we will be doing workshops on the first day PM and talks of 1 hour or 30 minutes in the main track for the three days.

  • Hacking SETI
  • Legal Threats Make Powerful Phishing Lures

    On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word files that were sent along with some various of the following message: [...]

  • US officials say foreign election [cracking] is inevitable

    "Systems that are connected to the Internet, if they're targeted by a determined adversary with enough time and resources, they will be breached," Hickey said. "So, we need to be focusing on resilience."

  • Why a Windows flaw patched nine days ago is still spooking the Internet

    The vulnerability resides in Microsoft’s proprietary Remote Desktop Protocol, which provides a graphical interface for connecting to another computer over the Internet. Exploiting the vulnerability—which is present in older versions of Windows but not the much better secured Windows 8 and 10—requires only that an attacker send specific packets to a vulnerable RDP-enabled computer. In a testament to the severity, Microsoft took the highly unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and seven years, respectively.

  • Serial publisher of Windows 0-days drops exploits for 2 more unfixed flaws

    In Tuesday’s disclosure, SandboxEscaper wrote that the Task Scheduler vulnerability works by exploiting a flaw in the way the Task Scheduler processes changes to discretionary access control list permissions for an individual file. An advisory published Wednesday by US Cert confirmed that the exploit worked against both 32-bit and 64-bit versions of Windows 10.

Security: National Security Threat, Windows Back Doors and Huawei Technologies

Filed under
Security
  • Lack of Secure Coding Called a National Security Threat

    The "call to action" report, "Software Security Is National Security: Why the U.S. Must Replace Irresponsible Practices with a Culture of Institutionalized Security," discusses systemic issues with the software development landscape and what needs to be done to rectify the problem of negligent coding. But solving the problem won't be easy, given the problems of speed-to-market pressures and the sheer number of IoT devices being produced, the report notes.

  • [Attackers] have been holding the city of Baltimore’s computers hostage for 2 weeks [Ed: Windows]

    Here’s what’s happening: On May 7, [attackers] digitally seized about 10,000 Baltimore government computers and demanded around $100,000 worth in bitcoins to free them back up. It’s a so-called “ransomware” attack, where hackers deploy malicious software to block access to or take over a computer system until the owner of that system pays a ransom.

    Baltimore, like several other cities that have been hit by such attacks over the past two years, is refusing to pay up. As a result, for two weeks, city employees have been locked out of their email accounts and citizens have been unable to access essential services, including websites where they pay their water bills, property taxes, and parking tickets. This is Baltimore’s second ransomware attack in about 15 months: Last year, a separate attack shut down the city’s 911 system for about a day. Baltimore has come under scrutiny for its handling of both attacks.

  • [Windows] Ransomware Cyberattacks Knock Baltimore's City Services Offline

    With no key, Rubin said the city will have to rebuild its servers from the ground up. That will likely take months, he said, and will involve implementing new hardware and software and restoring any data the city may have backed up.

  • After 2 Years, WannaCry Remains a Threat

    And while the immediate dangers associated with WannaCry have faded, the ransomware still lurks, and many systems have not been patched to prevent exploits by EternalBlue and EternalRomance.

  • ARM latest firm to suspend business with Huawei; Intel mum

    Chip designer ARM says it has to suspend business with Chinese telecommunications equipment vendor Huawei Technologies, a report claims.

  • The case against Huawei, explained

    This morning, ARM announced that it was cutting ties with Huawei, in the interest of “complying with all of the latest regulations set forth by the U.S. government.” It’s a catastrophe for Huawei’s device business, halting its access to current and future chip designs and coming on the heels of similar breaks from Google and Microsoft. Huawei is in deep, deep trouble, and we still don’t have a clear picture of why.

    Security experts have been warning about Huawei for more than a year, but it’s only in the last week that those warnings have escalated into an all-out trade blockade on the company’s US partners. There’s never been a full accounting of why the US government believes Huawei is such a threat, in large part because of national security interests, which means much of the evidence remains secret. But it’s worth tracing out exactly where the concerns are coming from and where they could go from here.

Tails 3.14 Anonymous Linux OS Adds Mitigations for the Intel MDS Vulnerabilities

Filed under
Security

Tails 3.14 is here two months after the release of Tails 3.13 mainly to address the recently discovered MDS (Microarchitectural Data Sampling) security vulnerabilities in Intel microprocessors. To fully mitigate these flaws and protect you against Fallout, RIDL, and ZombieLoad attacks, the SMT function must be disabled.

Furthermore, Tails 3.14 ships with long-term supported Linux 4.19.37 kernel and the all the latest firmware packages to provide you with up-to-date hardware support and compatibility with newer graphics and Wi-Fi devices, as well as other components, and utilizes the recently released TOR Browser 8.5 anonymous web browser.

Read more

Ubuntu's MDS Mitigations Now Available for Intel Cherry Trail and Bay Trail CPUs

Filed under
Security
Ubuntu

On May 14th, 2019, Intel published details about four new security vulnerabilities discovered by various security researchers, which are affecting several of its Intel microprocessor families. Intel released updated microcode firmware to mitigate them, and they landed on the same day for all supported Ubuntu Linux operating system series.

Now, Canonical has released an updated intel-microcode firmware that addresses these new security vulnerabilities on systems running Intel Cherry Trail and Intel Bay Trail processors. The updated intel-microcode packages are now available in the official software repositories of Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM.

Read more

Security: Curl, OpenSUSE, Equifax and Kubernetes

Filed under
Security
  • Report from the curl bounty program

    We announced our glorious return to the “bug bounty club” (projects that run bug bounties) a month ago, and with the curl 7.65.0 release today on May 22nd of 2019 we also ship fixes to security vulnerabilities that were reported within this bug bounty program.

  • OpenSUSE Adds Option To Installer For Toggling Performance-Hitting CPU Mitigations

    With the newly released openSUSE Leap 15.1 they have added an option to their installer for toggling the CPU mitigations around Spectre / Meltdown / Foreshadow / Zombieload to make it very convenient should you choose to retain maximum performance while foregoing the security measures. But it also allows disabling SMT/HT from the installer should you prefer maximum security.

    When installing openSUSE Leap 15.1 today, I was a bit surprised to see a "CPU mitigations" option that allows toggling the value similar to the mitigations= kernel command line option.

  • Equifax just became the first company to have its outlook downgraded for a cyber attack
  • Equifax just became the first company to have its outlook downgraded for a cyber attack

    Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade.

    Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data.

    “We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”

    Equifax could not immediately be reached for comment.

  • Kubernetes security: 4 strategic tips

    As with all things security-related, “fingers crossed!” isn’t exactly a confident posture. Kubernetes offers a lot of powerful security-oriented features, and the community has shown a strong commitment toward the security of the project. But it’s always best to be proactive, especially if you or your teams are still relatively new to containers and orchestration.

    The fundamentals of security hygiene still largely apply, as we noted in our recent article, Kubernetes security: 5 mistakes to avoid. There’s also some new learning to be done to ensure you’re proactively managing the risks inherent in any new system, especially once it’s running in production.

Linux Foundation Statement on Huawei Entity List Ruling

Filed under
Linux
Security

Thank you for your inquiry regarding concerns with a member subject to an Entity List Ruling.[1] While statements in the Executive Order prompting the listing used language granting a broader scope of authority, the Huawei Entity List ruling was specifically scoped to activities and transactions subject to the Export Administration Regulation (EAR).
Open source encryption software source code was reclassified by the US Department of Commerce, Bureau of Industry and Security (BIS) effective September 20, 2016 as “publicly available” and no longer “subject to the EAR.”[2] Each open source project is still required to send a notice of the URL to BIS and NSA to satisfy the “publicly available” notice requirement in the EAR at 15 CFR § 742.15( b ).

Read more

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Illumos-Powered OmniOS Gets Updated Against MDS / ZombieLoad Vulnerabilities

    While it was just earlier this month that the OpenSolaris/Illumos-based OmniOS saw a big LTS release, it's already been succeeded by a new release given the recent Intel MDS / Zombieload CPU vulnerabilities coming to light.

    There are new spins of OmniOS for all supported releases. These new OmniOS Community Edition releases mitigate against the Multiarchitectural Data Sampling (MDS) vulnerabilities and also bundle in the updated Intel CPU microcode.

  • Hackers Hack A Forum For Hacked Accounts: Here’s How

    A group of hackers failed to deploy security mechanisms to secure the storage where they store hacked accounts and another hacker group hacked it.

    The story is indeed funny and real. Infamous forum named OGUSERS which is popular amongst hackers for obtaining “OG” Instagram, Twitter usernames, hacked accounts of Domino’s Pizza, Steam, PlayStation Network, and other online accounts was hacked by a hacker group and its data was published in another hacker forum.

  • Security Announcement: Disabling SMT by default on affected Intel processors

    This is an important announcement with an upcoming change in the next Core Update of IPFire.

    Because of the recent vulnerabilities in Intel processors, the IPFire team has decided, that - to keep systems as secure as possible - Simultaneous Multi-Processing (SMT) is automatically disabled if the processor is vulnerable to one of the attacks.

    SMT is also called Intel(R) Hyper-Threading Technology and simulates more virtual cores than the system has. This allows to perform faster processing when applications benefit from it. Unfortunately with networking, we benefit from that. Therefore the effect of disabling SMT will be a very signifiant performance impact of around 30% or more. Applications that will be affected in IPFire are the firewall throughput itself as well as other CPU and memory-bound tasks like the web proxy and the Intrusion Prevention System. On systems that are not vulnerable for this attack, SMT is being left enabled. If you still want to disable it, please do so in the BIOS of your firewall.

Bringing the Benefits of Linux Containers to Operational Technology

Filed under
Linux
Security

Linux container technology was introduced more than a decade ago and has recently jumped in adoption in IT environments. However, the OT (operational technology) environments, typically made up of heterogenous embedded systems, have lagged in the adoption of container technologies, due to both the unique technology requirements and the business models that relied on proprietary systems. In this article, I explore recent innovation in open-source offerings that are enabling the use of containers in OT use cases, such as industrial control systems, IoT gateways, medical devices, Radio Access Network (RAN) products and network appliances.

Enterprise IT leaders have adopted “cloud-native” computing architectures because of the innovation velocity and cost benefits derived by the approach. To leverage containers, developers segment applications into modular micro-services that enable flexible development and deployment models. These micro-services are then deployed as containers where the service itself is integrated with the required libraries and functions. On containerization, these application components have small footprints and fast speeds of deployment. The applications become highly portable across compute architectures due to the abstraction away from the hardware and the operating system.

Read more

New Release: Tor Browser 8.5

Filed under
Moz/FF
Security
Web

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Read more

Syndicate content

More in Tux Machines

today's howtos

Best Command-Line FTP Clients for Linux

File Transfer Protocol (FTP) is a network protocol used for transferring files between a client and a server on a computer network. The very first FTP applications were made for the command line before GUI Operating Systems even became a thing and while there are several GUI FTP clients, developers still make CLI-based FTP clients for users who prefer using the old method. Here’s a list of the best command-line based FTP clients for Linux. Read more

Why Windows Containers Are Less Attractive Than Linux Containers

The fact that you can run Docker containers on Windows as well as Linux is amazing. Yet, I sometimes struggle to see a clear use case for Windows containers. Compared to Linux containers, there are fewer obvious reasons to run containers on Windows. I know that’s a somewhat controversial statement, so let me walk through the various reasons why Windows containers are much less attractive than Linux containers. Read more Also: Streamlining Software Development and Distribution with Containers [Ed: Paid-for SPAM from EMC. “Buying the news”… the new “biz model”? Companies literally buying not only the narratives but also the space and the staff?]

Android and GNU/Linux Software on Chrome OS

  • Chrome OS 76 adds a flag to enable GPU support for Linux apps
    The new feature was first noticed by Keith I Myers. It is available in Chrome OS 76.0.3789.0, which is the first dev build of Chrome OS 76. It goes without saying that the feature is unstable right now. It is in the very early stages, so bugs and stability issues are to be expected. Also, keep in mind that GPU acceleration is only supported on a handful of Chromebooks...
  • Google working on new way to run Android apps in Chrome OS called ‘ARCVM’
    For the past few years, it’s been possible on many Chromebooks to install the Play Store and run Android apps. This opened the door for Chromebooks to become more than just glorified web browsers. Now, Google is looking to make some major under-the-hood changes to Chrome OS’s Android apps support, which may allow for a long-requested feature.