Language Selection

English French German Italian Portuguese Spanish

Security: Blaming Microsoft Back Doors/Bug Doors on Others, Ubuntu Security, and GNU/Linux Analysis

Filed under
Security
  • Microsoft Attack Blamed On China Morphs Into Global Crisis [iophk: Windows TCO]

    The attack, which Microsoft has said started with a Chinese government-backed [cracking] group, has so far claimed at least 60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation. Many of them appear to be small or medium-sized businesses caught in a wide net the attackers cast as Microsoft worked to shut down the [attack].

    The European Banking Authority became one of the latest victims as it said Sunday that access to personal data through emails held on the Microsoft server may have been compromised. Others identified so far include banks and electricity providers, as well as senior citizen homes and an ice cream company, according to Huntress, a Ellicott City, Maryland-based firm that monitors the security of customers, in a blog post Friday.

  • Windows ransomware gangs will hit all creatures big and small [iophk: Windows TCO]

    Ransomware operators are catholic in their approach to breaking into businesses, and the size of a business really appears to be of no import. A good example of this is the compromise last week of a small businessman from Ohio whose annual turnover is barely US$150,000 (A$194,687).

    The man, who requested anonymity, is a close friend of the writer, and the site which was compromised does not really need to be exposed to the Internet.There is no indication on the site as to the company's annual revenue, but it has a professional look as the man himself has been in the IT business for more than three decades and knows the value of a decent website.

    However, as he himself confessed on Monday morning, he had committed two cardinal sins: one, he had been running Windows on the site which ended up being breached, and two, he had neglected to lock down his Internet facing sites.

  • Ubuntu Blog: Security podcast: February

    Welcome to the first post of our series based on the Ubuntu Security Podcast! I’m Alex Murray, the Tech Lead for the Ubuntu Security team at Canonical. Each month, I will be covering the most interesting security fixes around Ubuntu, as well as an in-depth discussion of the different vulnerabilities that we’ve been addressing. I will also talk a bit more about some of the other services that are related to security with Ubuntu, like kernel live patching, extended security maintenance, and more.

    [...]

    This update concerns Apport, the Ubuntu crash handler. When an application crashes, Apport hooks into the kernel to find out what process stopped working properly. The kernel can then execute the crash handler to find out information regarding the faulty process and build up a crash report that can be sent to developers. Since Apport is run as root by the kernel, it needs to drop privileges so that it doesn’t overstep the bounds of the user whose application crashed and inadvertently collects more privileged information or enables a possible root privilege escalation attack. That’s what different vulnerabilities often try to exploit, and the one we fixed recently was in the same vein.

    As I said, when Apport runs, it tries to read information about the process and the various files in the proc file system. It figures out things like which user ID the process is running as, and then it drops privileges to run as that user before finding out other details about the process. Unfortunately, the attackers realized that if you could manipulate certain files there, even things like the process name, Apport would then get confused while trying to figure out what the details of the process were, and in the end, fail to properly drop privileges. As a result, an attacker could possibly then get code execution as root.

    We worked with the researchers who found this vulnerability after they reported these via Launchpad to us. In particular, Senior Engineer Marc Deslauriers on our team worked with them to mitigate these vulnerabilities in Apport.

  • How Secure Is Linux?

    The general consensus among experts is that Linux is a highly secure OS - arguably the most secure OS by design.

    [...]

    The security of the OS you deploy is a key determinant of your security online, but is by no means a sure safeguard against malware, rootkits and other attacks. Effective security is dependent upon defense in depth, and other factors including the implementation of security best practices and smart online behavior play a central role in your digital security posture. That being said, choosing a secure OS is of utmost importance, as the OS is the most critical piece of software running on your computer, and Linux is an excellent choice as it has the potential to be highly secure - arguably more so than its proprietary counterparts - due to its open-source code, strict user privilege model, diversity and relatively small user base.

    However, Linux is not a “silver bullet” when it comes to digital security - the OS must be properly and securely configured and sysadmins must practice secure, responsible administration in order to prevent attacks. Also, it is crucial to keep in mind that security is all about tradeoffs - both between security and usability and between security and user-friendliness. LinuxSecurity Founder Dave Wreski explains, “The most secure system is one that is turned off, covered in cement, and located at the bottom of the ocean - but this system is obviously not very usable. Admins should configure their systems to be as secure as is practical within their environment. In regards to convenience, Linux has a bit of a learning curve, but offers significant security advantages over Windows or MacOS. It’s a tradeoff that’s well worth it if you ask me.”

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.