11.5 C
London
Saturday, October 21, 2017
Home Tags Linux

Tag: linux

The new PirateBrowser is designed to circumvent the censorship imposed on Internet users by certain governments. But don't expect it to provide anonymity. August 13, 2013 8:07 AM PDT (Credit: The Pirate Bay) The Pirate Bay's new anticensor brows...
Open sourcers can be quite vocal about the general lack of malware for Linux based systems, but a new banking trojan has popped up, surprising the community. Most of the world still runs on Windows, so by comparison, Linux doesn't get much in the way of malware. However, RSA's Limor Kessem wrote in his blog about a new Linux banking trojan called "Hand of Thief" which suggests malicious code writers have worked out there's some value in open source malware after all. Security research Graham Cluley said that the "Hand of Thief" is a lot of work for Linux malware. It compromises form grabbers for HTTP and HTTPS sessions running on a variety of browsers, blocking infected computers' access to anti-virus websites and security patches, and virtual machine detection. All this makes it harder for anti-virus researchers to reverse engineer its code. In addition, "Hand of Thief" incorporates an admin panel, allowing a criminal to control the remote computers that have been successfully hijacked around the world. Kessem said that the trojan has been tested on 15 different flavours of Linux, including Ubuntu, Fedora, and Debian, and is being offered for sale with free updates in underground web forums for as much as $2,000. The writers expect to push the cost to $3,000, with a $550 fee for major version updates, as features are introduced in the near future. Cluley said that is quite a high cost for a piece of malware, but small compared to the potential money that could be made by successfully compromising and infecting unprotected Linux computers. 
Priced at $2,000, bank fraud malware has its own sales and support agents.    
TOR has warned its users to stay away from Windows after it was revealed that US spooks were spreading malware on the anonymising network using a Firefox zero-day vulnerability The zero-day vulnerability allowed the FBI and other spooks to to use JavaScript code to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network. According to a security advisory posted by the TOR Project, the work around is switching away from Windows. This is because the malicious Javascript that exploited the zero-day vulnerability was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customised to view websites using TOR. Those using Linux and OS X were unaffected. While there is nothing to stop the spooks writing a version of the code which targets Linux and OS X, it is less likely to happen. The fake Javascript was likely planted on websites where the attacker was interested to see who visited.

The script collected the hostname and MAC address of a person's computer and sent it to a remote computer. The exploit is targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host. The TOR Project also advised users to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. "Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect," TOR wrote. "A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings." Mozilla has patched the hole in later versions of Firefox, but some people may still be using the older versions of the TOR Browser Bundle. 
The Pwn Plug R2 is a miniature NSA, ready to exploit networks for their own good.    
When you use HTTPS or SSL, your web browsing traffic is encrypted. When you use a VPN, all of your traffic is encrypted (usually). Sometimes even with HTTPS and VPNs in play, DNS requests—or the way your computer translates "website.com" into numbers that your computer understands, like "199.27.72.192," are completely unencrypted, leaving you open to spoofing and man-in-the-middle attacks....
The Ubuntu Forum website has been taken down after attackers defaced the homepage and accessed the database containing details of around 1,820,000 users. “Unfortunately, the attackers have gotten every user's local username, password and email address from the Ubuntu Forums database,” reads a holding message on the downed site. The passwords were not stored in plain text, but stored as salted hashes, which will afford an additional level of protection, although this form of encryption is still vulnerable to cracking. There is also no sign that the compromised details have been published online. However, members have been advised to change their passwords as soon as possible, especially if they are using the same password for other sites or services. “We believe the issue is limited to the Ubuntu Forums and no other Ubuntu or Canonical site or service is affected,” read a blog post by Canonical, the company that markets Ubuntu, a computing platform based on the Linux operating system. Members have been advised to change their passwords as soon as possible, especially if they are using the same password for other sites or services The company said it is investigating how the attackers were able to gain access and are working with the software providers to address that issue. Canonical said it will provide as much detail as possible once the investigation has been concluded. The company said the Ubuntu Forum site will remain down until it is safe for it to be restored. Inadequate password protection The Ubuntu Forum passwords were cryptographically scrambled using the MD5 hashing algorithm, along with a per-user cryptographic salt, according to Ars Technica. Security experts consider MD5, with or without salt, to be an inadequate means of protecting stored passwords, the publication noted. While per-user salt slows down the time it takes to crack large numbers of passwords in unison, it does little to nothing to delay the cracking of small numbers of hashes. That means the scheme used by Canonical does not prevent the decoding of individual hashes that may be targeted. Security expert Paul Ducklin of security firm Sophos recommended that any organisation storing passwords in a database should use a strong salt-and-hash system such as bcrypt, scrypt or PBKDF2. These systems make it much harder and slower for attackers to go through their password dictionary, he wrote in a blog post. Email Alerts Register now to receive ComputerWeekly.com IT-related news, , delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
It's not difficult to jump to conclusions when you hear NSA, refining code, and Android in a single sentence, but that's exactly what a lot of people are doing. I'm referring to the "revelation" that Google has accepted code from the US National Security Agency (NSA), and included it in Android. Certainly, with PRISM hitting the headlines, it's a great time to get stuck into the NSA, but honestly, when that three-letter organisation starts meddling with something, it's not always for a bad reason. And it would be an especially dumb move for the nation's code breakers when it is pointed out that Android is an open-source project where anyone can review anyone else's code (at least, code that's contributed by developers like the NSA).

The NSA would be a laughing stock to place any back door in such plain sight. The NSA's own code falls under its contributions to the Security Enhancements for Android project, which it describes as one that helps to "identify and address critical gaps in the security of Android". If it at all sounds familiar, it's because the NSA has already done the same sort of thing with Linux in the form of Security-Enhanced Linux (SELinux). In fact, the NSA was one of the first developers for SELinux, and its changes have been already integrated into the Linux kernel for almost a decade. To those people who seem worried that NSA-written code might make its way into Android devices the world over: Don't worry, it's already been all over your Linux distributions for years. And speaking of years, let's go back farther. To 1975, in fact, to demonstrate that the spooks haven't always been trying to probe us. That was about the time that the Data Encryption Standard (DES), developed by IBM, was published.

The NSA's code-breaking sleuths had an interesting take on it once they got their hands on it.

They wanted to reduce the proposed key length from 64 bit to 48 bits — because, hey, why not if you're the biggest code-breaking organisation in the US? — but it also made some unexplainable-at-the-time changes to the substitution boxes.

These S-Boxes were just one part of the DES algorithm, and no one could immediately see why the NSA's changes would make much difference. Conspiracy theorists of course came forth with claims that perhaps the NSA was weakening the encryption standard. But after time, the opposite was found to be true when an IBM researcher revealed in 1994 that the NSA's changes had actually strengthened the algorithm against differential cryptanalysis — a technique of observing how subtle changes to an algorithm's input changes the output, and, from this, determining what the key material might be. And before it was eventually broken, as all encryption is once computers get fast enough, DES was like Linux and Android. It was everywhere.

As the go-to standard for encryption, it was used in military networks, government installations, and anything that fell in between the '80s to the early '90s that needed some form of protection. Evidence eventually pointed to the NSA doing the right thing, despite a decade of naysayers thinking the opposite. I wouldn't worry about the NSA getting all up in Android, especially when it's open source and there's the potential for severe embarrassment if it decides to pull a quick one. Go ahead and wonder whether it's intercepting our data ethically and legally, sure; but on these sort of projects, it's a good idea to have some code breakers on your side.
Security researchers have found a proof-of-concept attack that appears to be the first true viral malware approach for compromising OS X. The malware is called "Clampzok.A" and is a cross-platform malware package that alters the binary files on an affected system so when executed, the binary will infect neighboring binary files. The malware is written in assembly code, and was originally...