Language Selection

English French German Italian Portuguese Spanish

Security

Security: GNU/Linux Updates, Windows Back Doors and Building a Multi-Protocol Tunneling Tool in Java

Filed under
Security
  • Security updates for Wednesday
  • Debian has Released Security Updates for jackson-databind

    Debian has released security update for jackson-databind package.

    This release fixes around 11 vulnerabilities against jackson-databind package.

  • Red Hat has Released Critical Security Updates for Firefox
  • Red Hat Released Security Update And Bug Fix For libvirt
  • Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable [Ed: Get ready for some more Microsoft Windows back doors to be discovered and corporate media to cover up for Microsoft by blaming NSA (which cannot go out of business). #microsoft/NSA back doors are costing us all billions while Microsoft makes money from that collusion]

    The vulnerability, designated CVE-2019-0708 and dubbed BlueKeep, can be exploited by miscreants to execute malicious code and install malware on vulnerable machines without the need for any user authentication: a hacker simply has to be able to reach the box across the internet or network in order to commandeer it.

    It is said to be a "wormable" security hole because it is possible to write a worm that spreads automatically, infecting a machine and then attacking others. Two weeks ago, Microsoft released security patches for systems going back to Windows XP to kill off this bug, and everyone is urged to install them.

  • BlueKeep RDP Bug: 1 Million Windows Machines Exposed To Attacks [Ed: Enormous cost of Windows back doors when more people discover them. Snowden's leaks have shown that Microsoft now only participates in NSA agenda but plays a very leading role. This is how it secures contracts and favours. ]
  • Build a Multi-Protocol Tunneling Tool in Java

    For this project we aim to create a multi-protocol tunnelling tool which will allow us to easily run multiple tunnelling tools conveniently within a simple graphical user interface. While there are many tools available out there to tunnel different protocols they are all implemented in different ways which can require a lot of research on each tool and a lot of trial and error to get them operating

    In order to achieve our goal we intend to set up a server to act as a proxy for a client. This proxy will act as a middle man to receive requests from the client and send them on, on behalf of the client. These requests from the client will be packaged inside the slack space of other protocols such as DNS, ICMP or TCP.

Security: Updates, Kali Linux 2019.2, Ubuntu Security Podcast and What Red Hat Learns at Security Symposium Events

Filed under
Security
  • Security updates for Tuesday
  • Kali Linux 2019.2 overview | Penetration Testing Redefined

    In this video, I am going to show an overview of Kali Linux 2019.2 and some of the applications pre-installed.

  • Introducing the Ubuntu security podcast

    The Ubuntu Security Podcast is a weekly podcast covering all the latest news and developments from the Ubuntu Security team. Each week the team discuss the various security updates that have been published across the Ubuntu releases, describing the technical details of both the security vulnerabilities as well as the fixes involved. Due to the expansive nature of the software packages provided by Ubuntu, each episode usually covers a diverse range of security issues, from buffer overflows, use-after-free’s and cache side-channel attacks; to cross-site scripting and cross-site request forgery. Whilst describing the various vulnerabilities, their impact is also covered, ranging from the low (denial of service, information disclosure etc) to the higher end of the spectrum (remote code execution, privilege escalation etc). Detailed show notes are also published along with each episode, referencing the particular CVEs discussed as well as their details.

  • Kernel 5.2-rc2 Is Out, Ubuntu Security Team's New Podcast, the E Foundation's Refurbished Phones with /e/ OS Available Soon, Mozilla Announces Firefox 68 Beta 6 Test Day and PostgreSQL 12 Beta Released

    The Ubuntu Security Team announces its new Ubuntu Security Podcast. The weekly podcast will cover "the various security updates that have been published across the Ubuntu releases, describing the technical details of both the security vulnerabilities as well as the fixes involved". The podcast is available from iTunes, Spotify, Google Podcasts or RSS.

  • What Red Hat learns at our Security Symposium events: a product manager’s point of view

    Recently, I was asked to speak at one of Red Hat’s regional events, the Security Symposium series, which was an absolutely easy decision to make : Yes, I would much enjoy attending, speaking and, most importantly, listening at this event. Which brings me to why I wrote this post: What have I learned from participating in these events? What might you learn by attending?

Astra Linux OS gets highest security certificate in Russia

Filed under
GNU
Linux
Security

The Astra Linux Special Edition OS, designed by Russia's Astra Linux, has received the SZI certificate in Russia, reports Cnews.ru. The certificate will let the company use its operating system to work with sensitive documents, including state secrets at the highest security level.

Read more

Also: Winnti's Linux variant discovered bearing ties with Chinese hackers [Ed: This relies on servers that are already cracked. Has roots in Russia, too. It's a Windows 'thing'.]

Security: WalletGenerator, Ransom.GandCrab, Linux 5.1 Improvements, Windows Holes and Rootless Containers

Filed under
Security
  • Researcher Discovers Serious Vulnerability in Paper Crypto Wallet Site [Ed: This issue would not have been detected if it was proprietary software]

    A security researcher from MyCrypto.com, Harry Denley, has posted a detailed – and damning – analysis of paper wallet site WalletGenerator.net.

    The core of the analysis hinges on WalletGenerator’s original open-source code, available here. Until August 17, 2018 the online code matched the open-source code and the entire project generated wallets using a client-side technique that took in real random entropy and produced a unique wallet. But sometime after that date the two sets of code stopped matching.

  • Ransom.GandCrab

    Ransom.GandCrab is Malwarebytes’ detection name for a family of ransomware that encrypts important files and asks for a ransom to decrypt them. There are several versions of Ransom.GandCrab as the threat actors keep working on it. They all target Windows systems.

  • [Attackers] target MySQL databases to deliver the GandCrab ransomware [Ed: The headline says MySQL but actually it’s a Microsoft Windows issue (Windows has back doors, so nothing mission-critical should ever be put on it anyway)]

    Security experts at Sophos have detected a wave of attacks targeting Windows servers that are running MySQL databases with the intent of delivering the GandCrab ransomware

  • Kees Cook: security things in Linux v5.1

    Linux kernel v5.1 has been released! Here are some security-related things that stood out to me...

  • Headsup for those managing Windows 10 boxen: Microsoft has tweaked patching rules [Ed: Microsoft Windows/Vista 10 -- like all versions for 20 years now -- has got NSA back doors, so "patching" does not mean security]
  • The shortcomings of rootless containers

    In my previous articles on user namespace and rootless containers, I talked about how you can run and build containers using Podman and Buildah without becoming root.

    I showed how you could do some awesome stuff, including running containers with lots of different user IDs (UIDs), installing software, setting up networking, and running containers at Quay.io, Docker.io, or pretty much any other container registry.

    That said, rootless containers are not a panacea. There are a lot of shortcomings, and people need to understand what can go wrong.

Security: Penetration Testing, IPFire and Microsoft/NSA Back Doors in Baltimore

Filed under
Security
  • 9 List of Best Free Penetration Testing tools

    Things you need to know about Pentesting: Penetration Testing or often called PenTesting tools are basic utility applications for any Ethical Hacker job. To be clear we are not promoting any hacking crime or breaking digital security rules, this article is completely for educational purposes.

    In this article, we will be discussing Penetration Testing methods and about the needed useful utilities for that purpose.

  • Bug fest
  • IPFire 2.23 - Core Update 132 is available for testing

    Two new types of vulnerabilities have been found in Intel processors. They cannot be fixed unless the hardware is changed, but can be somewhat mitigated through some changes in the Linux kernel (4.14.120) and an update microcode (version 20190514). Both is shipped in this release.

    Additionally, to mitigate this bug which cannot be fixed at all, SMT is disabled by default on all affected processors which has significant performance impacts.

    Please note, that Intel unfortunately is not releasing microcode for all processors any more and so you might still be vulnerable.

  • [Attackers] reportedly used a tool developed by the NSA to attack Baltimore’s computer systems

    Baltimore’s [Windows] computers were hit with the [Windows] ransomware attack earlier this month, and city officials have said that they won’t pay (via The New York Times) the $76,000 ransom demand. The city has begun to implement some workarounds, manually processing real estate transactions and setting up a Gmail system for city workers, which Google initially shut down, but has since restored. In the meantime, The Baltimore Sun reports that the city’s IT department is working to restore access to the city’s systems while improving their security while they do so.

Security: GNU/Linux in Space (After Windows Viruses), Fingerprint Pseudo-Security, Mainframe Security and Slackware Updates

Filed under
Security
  • Space: New cybercrime battlefield? [Ed: Space has already dumped Microsoft Windows and moved to GNU/Linux (Debian) for security reasons. The famous incident has just been mentioned here.]

    In the same vein, is it believable for a virus to infect a space station orbiting at a distance of over 330 km above the earth? It shocked astronauts on board to find their Windows XP-based laptops on the International Space Station (ISS) infected with a virus called W32.Gammima in 2008. Gammima.AG worm is a malware that gathers and transmits sensitive gaming data to an attacker. Investigations later revealed that unsuspecting Russian cosmonauts had inadvertently carried infected USB storage devices aboard the station spreading computer viruses to the connected computers. The damage by the malware to the computer systems of the ISS is unknown to date.

  • OnePlus 7 Pro Fingerprint Scanner Hacked By Classic Hacking Technique

    OnePlus has recently launched its much-awaited OnePlus 7 Pro which is considered as one of the best smartphones of 2019 by many. Packing the latest Snapdragon processor, triple camera setup, UFS 3.0 and a 30W Warp Charging, the smartphone is a complete package but how safe is it?

    Speaking of safety, a YouTuber has managed to hack the in-display fingerprint scanner of OnePlus 7 Pro within a few minutes. Going by the name Max Tech, this YouTuber deployed the classic print molding hacking technique to get past the fingerprint reader. If you have bought the smartphone or you’re a potential buyer then I must tell you that OnePlus 7 Pro is not the first device to be hacked by this technique.

  • Just how secure are mainframes?

    The days of mainframe security by obscurity are long gone. Everyone – especially hackers – knows that there are lots of valuable data sitting on mainframes. So, how aware are mainframe-using organizations about what it takes to secure all the components of a mainframe environment? Key Resources Inc has announced the findings from a new study conducted by Forrester Consulting carried out in February 2019. The survey questioned 225 IT management and security decision makers in North America.

  • [Slackware] April ?19 release of OpenJDK 8

    Early May I was confined to my bed, immobilized on my side and under medication, after I had incurred a second back hernia in four months’ time. And so I missed the announcement on the OpenJDK mailing list about the new icedtea-3.12.0.
    Why again is that important? Well, the IcedTea framework is a software harness to compile OpenJDK with ease. Andrew Hughes (aka GNU/Andrew) who is the release manager still did not update his blog with this announcment, but nevertheless:  the new Java8 that we will get is OpenJDK 8u212_b04. This release syncs the OpenJDK support in IcedTea to the official April 2019 security fixes for Java.
    I built Slackware packages for Java 8 Update 212 so that you do not have to succumb to the official Oracle binaries which are compiled on God-knows what OS.

Security: FUD, Phishing, Defects in Chips and More

Filed under
Security
  • Inside the Government's Open Source Software Conundrum [Ed: The cited examples don't show problems with Free software but with sysadmins who neglect to patch it for months, despite knowing the clear risks of this negligence. Proprietary software has flaws and back doors. The latter cannot be patched (it's not supposed to). With FOSS you have only flaws and patches are available immediately (you can also pay someone to write them for you ASAP).]
  • Open-Source Software Is Everywhere. What's Your Maintenance Strategy?

    For years, open-source software has had a rep for being risky compared with managed alternatives. But perhaps the real problem is less about how it’s made and more about how it’s maintained.

  • Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT

    Cofense observed that the Babylon RAT samples distributed in this campaign were written in C# and came with an administration panel written in C++. This control feature allows the malware to manage multiple server configuration options around port numbers, network keys for authentication and IP versions. Together, these features enable digital attackers to customize the malware according to their needs.

  • After ZombieLoad, Intel is running out of friends. Can Project Athena save it?
  • Georgia Hosts Inaugural Cyber Dawg Summit at New Center

    Four workgroups used Georgia-based Security Onion, an open source intrusion detection, enterprise security monitoring and log management tool, along with trials of Windows in a closed-network, virtual environment. Sam Blaney, director of Cyber Security and Governance Risk and Compliance in the Office of Information Security, said open source tools provide the adaptability agencies need to respond to cyberthreats like ransomware.

  • Website for storing digital currencies hosted code with a sneaky backdoor

    WalletGenerator.net and the mystery of the backdoored random number generator.

    [...]

    Researchers from MyCrypto, which provides an open-source tool for cryptocurrency and blockchain users, compared the code hosted on Github and WalletGenerator.net and found some striking differences. Sometime between August 17 and August 25 of last year, the WalletGenerator.net code was changed to alter the way it produced the random numbers that are crucial for private keys to be secure.

Security Leftovers

Filed under
Security
  • Serious Security: Don't let your SQL server attack you with ransomware [Ed: Article focuses on things like Windows and RDP. SQL Server is proprietary software that runs on a platform with NSA back doors. So if you choose it, then you choose to have no security at all, only an illusion of it. Why does the article paint Windows issues as pertaining to MySQL?]

    Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we're still making old mistakes - here's what to do.

    [...]

    As regular readers will know, one of the popular vehicles for malware crooks at the moment is Windows RDP, short for Remote Desktop Protocol.

  • How Screwed is Intel without Hyper-Threading?

    As it stands Microsoft is pushing out OS-level updates to address the four MDS vulnerabilities and you’ll get those with this month's Windows 10 1903 update. However, this doesn’t mitigate the problem entirely, for that we need motherboard BIOS updates and reportedly Intel has released the new microcode to motherboard partners. However as of writing no new BIOS revisions have been released to the public. We believe we can test a worst case scenario by disabling Hyper-Threading and for older platforms that won’t get updated this might end up being the only solution.

  • SandboxEscape drops three more Windows 10 zero-day exploits

    SandboxEscaper also indicated that she was in the market to sell flaws to "people who hate the US", a move made in apparent response to FBI subpoenas against her Google account.

  • Huawei can’t officially use microSD cards in its phones going forward

    The SD Association is also by no means the first to cut ties: Google, ARM, Intel, Qualcomm, and Broadcom are also among the companies that have stopped working with Huawei due to the ban. The Wi-Fi Alliance (which sets Wi-Fi standards across the industry) has also “temporarily restricted” Huawei’s membership due to the US ban, and Huawei has also voluntarily left JEDEC (a semiconductor standards group best known for defining RAM specifications) over the issues with the US as well, according to a report from Nikkei Asian Review. All this could severely hamper Huawei’s ability to produce hardware at all, much less compete in the US technology market.

  • Huawei barred from SD Association: What’s that mean for its phones and microSD cards?

    As such, companies that aren’t on the SD Association’s list of members can’t officially produce and sell devices with SD card support that use the SD standards. According to SumahoInfo, the member page showed Huawei a few weeks ago, but no longer lists the firm this week.

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Episode 19: Democratizing Cybersecurity

    Katherine Druckman and Doc Searls talk to Alex Gounares of Polyverse Linux about Cybersecurity for everyone.

  • Introducing the Librem Tunnel

    You probably know by now that the Librem Tunnel is part of Librem One, a suite of privacy-protecting, no-tracking apps and services created by our team at Purism, which also includes Librem Mail, Librem Chat and Librem Social.

    Librem Tunnel offers an encrypted, no-logging, virtual private network tunnel, making sure all your network traffic is secure and your privacy fully protected. This means you can safely and conveniently use any public hotspot and not have to worry about how private your connection really is, using standards-based OpenVPN with any compatible client. You are not the product in Librem Tunnel: you will not be tracked, we do not sell your data, and we don’t advertise.

  • Trump Explains Why He Banned Huawei, And It’s Not Convincing

    The world’s two biggest economies are indulged in a trade war and the toll is being paid by the Chinese company Huawei, which is being erased from existence in the US.

    The US government has already blacklisted Huawei, causing a big blow to its growing smartphone business across the globe. After the temporary license ends in August, it won’t be able to do any business with US-based companies unless the ban is lifted.

  • Snort Alerts

    It was previously explained on LinuxHint how to install Snort Intrusion Detection System and how to create Snort rules. Snort is an Intrusion Detection System designed to detect and alert on irregular activities within a network. Snort is integrated by sensors delivering information to the server according to rules instructions.
    In this tutorial Snort alert modes will be explained to instruct Snort to report over incidents in 5 different ways (ignoring the “no alert” mode), fast, full, console, cmg and unsock.

    If you didn’t read the articles mentioned above and you don’t have previous experience with snort please get started with the tutorial on Snort installation and usage and continue with the article on rules before continuing this lecture. This tutorial assumes you have Snort already running.

Security: Updates, ZombieLoad, FTP, Hack.lu, Hacking SETI, and Microsoft Chaos

Filed under
Security
  • Security updates for Thursday
  • ZombieLoad Mitigation Costs For Intel Haswell Xeon, Plus Overall Mitigation Impact

    With tests over the past week following the disclosure of the Microarchitectural Data Sampling (MDS) vulnerabilities also known as "Zombieload", we've looked at the MDS mitigation costs (and now the overall Spectre/Meltdown/L1TF/MDS impact) for desktop CPUs, servers, and some laptop hardware. I've also begun doing some tests on older hardware, such as some Phoronix readers curious how well aging Intel Haswell CPUs are affected.

  • How to enhance FTP server security [Ed: It just needs to be abandoned]
  • Hack.lu 2019 Call for Papers, Presentations and Workshops

    The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October (22-24.10.2019). The most significant new discoveries about computer network attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a three days series of informative tutorials. We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the hack.lu technical review committee. This year we will be doing workshops on the first day PM and talks of 1 hour or 30 minutes in the main track for the three days.

  • Hacking SETI
  • Legal Threats Make Powerful Phishing Lures

    On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word files that were sent along with some various of the following message: [...]

  • US officials say foreign election [cracking] is inevitable

    "Systems that are connected to the Internet, if they're targeted by a determined adversary with enough time and resources, they will be breached," Hickey said. "So, we need to be focusing on resilience."

  • Why a Windows flaw patched nine days ago is still spooking the Internet

    The vulnerability resides in Microsoft’s proprietary Remote Desktop Protocol, which provides a graphical interface for connecting to another computer over the Internet. Exploiting the vulnerability—which is present in older versions of Windows but not the much better secured Windows 8 and 10—requires only that an attacker send specific packets to a vulnerable RDP-enabled computer. In a testament to the severity, Microsoft took the highly unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and seven years, respectively.

  • Serial publisher of Windows 0-days drops exploits for 2 more unfixed flaws

    In Tuesday’s disclosure, SandboxEscaper wrote that the Task Scheduler vulnerability works by exploiting a flaw in the way the Task Scheduler processes changes to discretionary access control list permissions for an individual file. An advisory published Wednesday by US Cert confirmed that the exploit worked against both 32-bit and 64-bit versions of Windows 10.

Syndicate content

More in Tux Machines

Software: NetworkManager, Browsers, Microsoft Powerpoint Alternatives and Guix Substitutes

  • NetworkManager Now Supports Making OVS DPDK Interfaces, Other Work For 1.20
    NetworkManager 1.19.4 is the newest snapshot of this widely used Linux networking library on its road to version 1.20. NetworkManager 1.19.4 was tagged last week as the latest stepping stone towards the NetworkManager 1.20 stable release. A new feature also making it into NM this past week was support for creating OVS DPDK interfaces -- that's the Open vSwitch Data Plane Development Kit. Open vSwitch's DPDK path allows for lower-latency and higher-performance connectivity between OpenStack compute node instances and now with NetworkManager 1.20 is this better OVS-DPDK integration.
  • 4 best browsers that don't save your history and personal data [Ed: Microsoft Windows advocacy sites cannot recommend Microsoft anything for privacy]
    Tor is another great browser heavily focused on user privacy and security. It’s available for Windows, MacOS, and GNU/Linux in 32-bit and 64-bit versions that are constantly updated. Its main focus is on anonymity. Based on a modified Firefox ESR, it contains things like NoScript and HTTPS-Everywhere. The browser works in a network that promises to protect a user‘s browsing history, location, messages, and any online personal data from people or bots that perform network traffic analysis. Tor network is a web of servers operated by volunteers. Their aim is to keep browsing data as secure as it can be. With Tor, you don’t have to worry about browsing history, saved passwords or auto-completion data. Also, it’s worth mentioning that Tor is the only browser that uses onion services. This means that users can publish websites and other services without revealing the location.
  • Microsoft Powerpoint Alternatives For Linux
    This post is for you if you are looking for the best alternative to Microsoft powerpoint alternatives for Linux operating systems. Microsoft’s office suite is one of the most popular software after Microsoft Windows and there won’t be any objection if we say that Windows is popular because of the MS office suite.
  • Substitutes are now available as lzip
    For a long time, our build farm at ci.guix.gnu.org has been delivering substitutes (pre-built binaries) compressed with gzip. Gzip was never the best choice in terms of compression ratio, but it was a reasonable and convenient choice: it’s rock-solid, and zlib made it easy for us to have Guile bindings to perform in-process compression in our multi-threaded guix publish server. With the exception of building software from source, downloads take the most time of Guix package upgrades. If users can download less, upgrades become faster, and happiness ensues. Time has come to improve on this, and starting from early June, Guix can publish and fetch lzip-compressed substitutes, in addition to gzip.

Red Hat's OpenShift and Fedora's Latest

  • Enhanced OpenShift Red Hat AMQ Broker container image for monitoring
    Previously, I blogged about how to enhance your JBoss AMQ 6 container image for production: I explained how to externalise configuration and add Prometheus monitoring. While I already covered the topic well, I had to deal with this topic for version 7.2 of Red Hat AMQ Broker recently, and as things have slightly changed for this new release, I think it deserves an updated blog post! This post is a walk-through on how to enhance the base Red Hat AMQ Broker container image to add monitoring. This time we’ll see how much easier it is to provide customizations, even without writing a new Dockerfile. We will even go a step further by providing a Grafana dashboard sample for visualising the broker metrics.
  • Event Report - Fedora Meetup 15th June 2019, Pune, India
    We started planning for this one month back. Since we are doing this meetup regularly now, most of the things were known, only execution was required.
  • Outreachy with Fedora Happiness Packets: Phase 1
    It’s been around 20 days that I have been working on an Outreachy internship project with The Fedora Project. I have been working on some of the pending issues, miscellaneous bugs and cleaning up code in Fedora Happiness Packets. This month has been quite fun, which includes great learning through the entire process

today's howtos

SUSE: SLE 12 Service Pack 5 Beta 1 and More

  • SUSE Linux Enterprise 12 Service Pack 5 Beta 1
  • A demo based introduction to SUSE Cloud Application Platform
    At the recent SUSECON conference in Nashville, Peter Andersson and Peter Lunderbye from SUSE demonstrated SUSE Cloud Application Platform, including pushing your first app, buildpacks: what are they and how they can be utilised, scaling and how easy the platform makes it, and how to improve resiliency and availability of your app. SUSE has posted all recorded talks from SUSECON on YouTube. Check them out if you want to learn more about what SUSE has to offer. We’re not just Linux anymore! I’ll be posting more SUSE Cloud Application Platform talks here over the coming days.
  • Enabling Discoveries with AI and HPC (and the Rise of Helium)
    This week I am attending the International Supercomputing conference in Frankfurt, and I am in awe of the scientists and researchers that are here and their ability to dig in and understand super complex problems in very specialized areas.  While I am humbled by the world-changing work represented at a conference like this, I am also honored to be playing a small part in their success.  With the next iteration of SUSE Linux Enterprise High Performance Computing 15 SP1, we’ve expanded and refreshed our bundle of popular HPC tools and libraries that we make available along with every subscription to our SLE HPC operating system.