Linux hits the world (cont #2)

Message boards : Politics : Linux hits the world (cont #2)
Message board moderation

To post messages, you must log in.

Previous · 1 . . . 16 · 17 · 18 · 19

AuthorMessage
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1742994 - Posted: 18 Nov 2015, 3:04:51 UTC

New encryption ransom-ware targets Linux systems.

http://arstechnica.com/security/2015/11/new-encryption-ransomware-targets-linux-systems/

Sean Gallagher @ ArsTechnica wrote:
The antivirus software company Doctor Web has issued an alert about a new form of crypto-ransomware that targets users of Linux-based operating systems. Designated as "Linux.Encoder.1" by the company, the malware largely targets Web servers, encrypting their contents and demanding a ransom of one Bitcoin (currently about $500).

Many of the systems that have been affected by the malware were infected when attackers exploited a vulnerability in the Magento CMS. A critical vulnerability patch for Magneto, which is used to power a number of e-commerce sites, was published on October 31. Doctor Web researchers currently place the number of victims in the "at least tens" range, but attacks on other vulnerable content management systems could increase the number of victims dramatically.

In order to run, the malware has to be executed with administrator-level privileges. Using 128-bit AES crypto, the malware encrypts the contents of all users' home directories and any files associated with websites running on the systems. It then goes through the whole directory structure of mounted volumes, encrypting a variety of file types. In each directory it encrypts, it drops a text file called README_FOR_DECRYPT.txt. This demands payment and provides a link to a Tor "hidden service" site via a Tor gateway.


(My emphasis on the number of reported victims)

The good news is that only 10 victims is far, far, far less than that of Windows systems, but the importance of this news is that this type of malware is coming to Linux as I previously stated. The same bad practices on Linux will leave you just as vulnerable than on Windows.
ID: 1742994 · Report as offensive
Profile Wiggo
Avatar

Send message
Joined: 24 Jan 00
Posts: 34744
Credit: 261,360,520
RAC: 489
Australia
Message 1743052 - Posted: 18 Nov 2015, 6:33:27 UTC

New encryption ransom-ware targets Linux systems.

http://arstechnica.com/security/2015/11/new-encryption-ransomware-targets-linux-systems/

Sean Gallagher @ ArsTechnica wrote:
The antivirus software company Doctor Web has issued an alert about a new form of crypto-ransomware that targets users of Linux-based operating systems. Designated as "Linux.Encoder.1" by the company, the malware largely targets Web servers, encrypting their contents and demanding a ransom of one Bitcoin (currently about $500).

Many of the systems that have been affected by the malware were infected when attackers exploited a vulnerability in the Magento CMS. A critical vulnerability patch for Magneto, which is used to power a number of e-commerce sites, was published on October 31. Doctor Web researchers currently place the number of victims in the "at least tens" range, but attacks on other vulnerable content management systems could increase the number of victims dramatically.

In order to run, the malware has to be executed with administrator-level privileges. Using 128-bit AES crypto, the malware encrypts the contents of all users' home directories and any files associated with websites running on the systems. It then goes through the whole directory structure of mounted volumes, encrypting a variety of file types. In each directory it encrypts, it drops a text file called README_FOR_DECRYPT.txt. This demands payment and provides a link to a Tor "hidden service" site via a Tor gateway.


(My emphasis on the number of reported victims)

The good news is that only 10 victims is far, far, far less than that of Windows systems, but the importance of this news is that this type of malware is coming to Linux as I previously stated. The same bad practices on Linux will leave you just as vulnerable than on Windows.

I can add 4 Chrome book users here to that list, but I'm sure that ML1 will come back with something to make it look like it's nothing to worry about (though most of us know that Linux based systems will be hit harder as time goes by). ;-)

Cheers.
ID: 1743052 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1743128 - Posted: 18 Nov 2015, 16:23:30 UTC - in response to Message 1743052.  

I can add 4 Chrome book users here to that list, but I'm sure that ML1 will come back with something to make it look like it's nothing to worry about (though most of us know that Linux based systems will be hit harder as time goes by). ;-)

Cheers.
^2
ID: 1743128 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1747966 - Posted: 9 Dec 2015, 19:11:36 UTC

http://arstechnica.com/security/2015/12/getting-a-linux-box-corralled-into-a-ddos-botnet-is-easier-than-many-think/

"Dan Goodin @ ArsTechnica" wrote:
...a critical vulnerability disclosed earlier this year in Elasticsearch, an open source server application for searching large amounts of data. In February, the company that maintains it warned it contained a vulnerability that allowed hackers to execute commands on the server running it. Within a month, a hacking forum catering to Chinese speakers provided all the source code and tutorials needed for people with only moderate technical skills to fully identify and exploit susceptible servers.

A post published Tuesday by security firm Recorded Future deconstructs that hacker forum from last March. It showed how to scan search services such as Shodan and ZoomEye to find vulnerable machines. It includes an attack script written in Python that was used to exploit one of them and a separate Perl script used to make the newly compromised machine part of a botnet of other zombie servers. It also included screenshots showing the script being used against the server. The tutorial underscores the growing ease of hacking production servers and the risk of being complacent about patching.
ID: 1747966 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1748755 - Posted: 12 Dec 2015, 20:44:28 UTC - in response to Message 1747966.  
Last modified: 12 Dec 2015, 20:49:03 UTC

So... Is Dan G still following a certain Campaign Against GNU/Linux...?

His reporting in a similar style for certain other OSes would make for a lot of reading... If he did any such writing that is... Except... Might he dare not bite the big dollars that feed him?... Or why else no comment from him on the much more widely prevalent ongoing security issues elsewhere?...


And so for his latest:

http://arstechnica.com/security/2015/12/getting-a-linux-box-corralled-into-a-ddos-botnet-is-easier-than-many-think/

"Dan Goodin @ ArsTechnica" wrote:
...a critical vulnerability disclosed earlier this year in Elasticsearch, ... In February, the company that maintains it warned it contained a vulnerability that allowed hackers to execute commands on the server running it. Within a month, a hacking forum ... provided all the source code and tutorials needed for people with only moderate technical skills to fully identify and exploit susceptible servers.

... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching.

(Bold my emphasis.)

So nothing new or surprising there and the same problem as for any internet facing system.


More of interest is this recent bit of sensationalism from Dan against anything Linux hosted applications:

Botnet preying on Linux computers delivers potent DDoS attacks

... uncovered a network of infected Linux computers that's flooding gaming and education sites...

... takes hold by cracking weak passwords... Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself...



And yet still for Linux systems, there is still not the disproportionate rampant malicious exploitation as evident on one particular other system...

No excuse to be lax but might it be that good design does help?...



Next?

IT is what we make it...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1748755 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1748775 - Posted: 12 Dec 2015, 21:53:27 UTC - in response to Message 1748755.  

... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching.

(Bold my emphasis.)

But isn't that the advice on Linux? Don't apply the service patches, wait for the next big stable release patch?!! Even if that means the zero day is one or two years old?!!!
IT is what we make it...

Wouldn't that make M$'s forced to patch the correct solution?
ID: 1748775 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1748811 - Posted: 13 Dec 2015, 0:23:48 UTC - in response to Message 1748755.  
Last modified: 13 Dec 2015, 0:25:30 UTC

So... Is Dan G still following a certain Campaign Against GNU/Linux...?


So this author is claiming bias on Ars' behalf, and for good measure he claims the Microsoft writer named Peter (formerly of Martin's favorite theregister.co.uk) is just as much of a shill... because he was hired to write articles highlighting Microsoft, just as there are others hired for science, Apple, legal matters... And we're supposed to take him at his word because he says so? Because Dan chooses to write about all security flaws, including those in GNU/Linux, but somehow that's interpreted as an "attack"? He even uses the word jihad. Come on, really!?

And then you're no better than him:

His reporting in a similar style for certain other OSes would make for a lot of reading... If he did any such writing that is... Except... Might he dare not bite the big dollars that feed him?... Or why else no comment from him on the much more widely prevalent ongoing security issues elsewhere?...


When you don't like what someone writes, you just attack them, right? Dan Goodin is engaged in a(n alleged) jihad against Linux, so let's just throw a bunch of mud all over him, claim his journalism is poor, and we may as well call him white trash and his momma a '**'. That's about the level you and the author of the article have stooped to.

Pathetic.
ID: 1748811 · Report as offensive
bobby
Avatar

Send message
Joined: 22 Mar 02
Posts: 2866
Credit: 17,789,109
RAC: 3
United States
Message 1748838 - Posted: 13 Dec 2015, 3:56:20 UTC - in response to Message 1748811.  

So... Is Dan G still following a certain Campaign Against GNU/Linux...?


So this author is claiming bias on Ars' behalf, and for good measure he claims the Microsoft writer named Peter (formerly of Martin's favorite theregister.co.uk) is just as much of a shill... because he was hired to write articles highlighting Microsoft, just as there are others hired for science, Apple, legal matters... And we're supposed to take him at his word because he says so? Because Dan chooses to write about all security flaws, including those in GNU/Linux, but somehow that's interpreted as an "attack"? He even uses the word jihad. Come on, really!?

And then you're no better than him:

His reporting in a similar style for certain other OSes would make for a lot of reading... If he did any such writing that is... Except... Might he dare not bite the big dollars that feed him?... Or why else no comment from him on the much more widely prevalent ongoing security issues elsewhere?...


When you don't like what someone writes, you just attack them, right? Dan Goodin is engaged in a(n alleged) jihad against Linux, so let's just throw a bunch of mud all over him, claim his journalism is poor, and we may as well call him white trash and his momma a '**'. That's about the level you and the author of the article have stooped to.

Pathetic.

Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context?
I think you'll find it's a bit more complicated than that ...

ID: 1748838 · Report as offensive
bobby
Avatar

Send message
Joined: 22 Mar 02
Posts: 2866
Credit: 17,789,109
RAC: 3
United States
Message 1748840 - Posted: 13 Dec 2015, 4:12:44 UTC - in response to Message 1748775.  
Last modified: 13 Dec 2015, 4:14:05 UTC

... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching.

(Bold my emphasis.)

But isn't that the advice on Linux? Don't apply the service patches, wait for the next big stable release patch?!! Even if that means the zero day is one or two years old?!!!

Are you joking? If not, where have you seen such advice?

IT is what we make it...

Wouldn't that make M$'s forced to patch the correct solution?

As I understand it, the reason M$ have taken this approach is that too many Windows "Home" edition systems never got patched. Forced patching is not implemented for Windows 10 Professional or Enterprise editions, because M$ believes that the owners of such systems have a better grasp of the benefits of patching (M$ probably has data to substantiate the belief), I'd say it's plausible that Linux system owners share this grasp (though I do not have any data to substantiate this).
I think you'll find it's a bit more complicated than that ...

ID: 1748840 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1748841 - Posted: 13 Dec 2015, 4:17:02 UTC - in response to Message 1748838.  
Last modified: 13 Dec 2015, 4:27:11 UTC

Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context?


According to the article, the way hackers are implementing the vulnerability is against a Linux host and being able to execute bash commands. The vulnerabilities are literally named Backdoor.Perl.RShell.c and Backdoor.Linux.Mayday.g. While it may be OS-agnostic, is there any evidence to suggest the same flaw is being used within Windows or other OSes?
ID: 1748841 · Report as offensive
bobby
Avatar

Send message
Joined: 22 Mar 02
Posts: 2866
Credit: 17,789,109
RAC: 3
United States
Message 1748912 - Posted: 13 Dec 2015, 14:39:01 UTC - in response to Message 1748841.  

Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context?


According to the article, the way hackers are implementing the vulnerability is against a Linux host and being able to execute bash commands. The vulnerabilities are literally named Backdoor.Perl.RShell.c and Backdoor.Linux.Mayday.g. While it may be OS-agnostic, is there any evidence to suggest the same flaw is being used within Windows or other OSes?

Absence of evidence is not evidence of absence. It may well be that Elasticsearch is predominantly deployed on Linux systems, so the initial attacks target these deployments. Is there any evidence that Windows systems with Elasticsearch are not at risk from exploits leveraging the same attack vector, and, either way, wouldn't it be reasonable (and responsible journalism) to note that detail in an article discussing the issue?
I think you'll find it's a bit more complicated than that ...

ID: 1748912 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1748930 - Posted: 13 Dec 2015, 16:42:55 UTC - in response to Message 1748912.  

Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context?


According to the article, the way hackers are implementing the vulnerability is against a Linux host and being able to execute bash commands. The vulnerabilities are literally named Backdoor.Perl.RShell.c and Backdoor.Linux.Mayday.g. While it may be OS-agnostic, is there any evidence to suggest the same flaw is being used within Windows or other OSes?

Absence of evidence is not evidence of absence. It may well be that Elasticsearch is predominantly deployed on Linux systems, so the initial attacks target these deployments. Is there any evidence that Windows systems with Elasticsearch are not at risk from exploits leveraging the same attack vector, and, either way, wouldn't it be reasonable (and responsible journalism) to note that detail in an article discussing the issue?


In reading the detailed findings by Kaspersky Labs, the attack vector found is strictly tailored to Linux systems and bash. It would make no sense to report anything beyond what was found. Had the researchers mentioned the flaw could be used in Windows systems, then yes, by all means, report on it.
ID: 1748930 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1748931 - Posted: 13 Dec 2015, 16:56:46 UTC - in response to Message 1748840.  

... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching.

(Bold my emphasis.)

But isn't that the advice on Linux? Don't apply the service patches, wait for the next big stable release patch?!! Even if that means the zero day is one or two years old?!!!

Are you joking? If not, where have you seen such advice?

On this board. Why it may have even been ML1 who was terrified that some patch or another might break a production environment because it wasn't thoroughly tested. In fact I kind of remember him using Linux stable releases to blast M$ and a patch with a bug ...

Forced patching is not implemented for Windows 10 Professional or Enterprise editions, because M$ believes that the owners of such systems have a better grasp of the benefits of patching (M$ probably has data to substantiate the belief),

No, the data they have is from the marketing department saying the owners of the systems who might be interested in those versions will not purchase an O/S that has forced updates.
ID: 1748931 · Report as offensive
bobby
Avatar

Send message
Joined: 22 Mar 02
Posts: 2866
Credit: 17,789,109
RAC: 3
United States
Message 1748947 - Posted: 13 Dec 2015, 18:18:42 UTC - in response to Message 1748931.  

... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching.

(Bold my emphasis.)

But isn't that the advice on Linux? Don't apply the service patches, wait for the next big stable release patch?!! Even if that means the zero day is one or two years old?!!!

Are you joking? If not, where have you seen such advice?

On this board. Why it may have even been ML1 who was terrified that some patch or another might break a production environment because it wasn't thoroughly tested. In fact I kind of remember him using Linux stable releases to blast M$ and a patch with a bug ...

Fair enough, I don't recall those details. To the best of my knoweldge, ML1 is not the maintainer of the Linux distro I use at work or the one I use at home. I'll take my patching advice from them.

Forced patching is not implemented for Windows 10 Professional or Enterprise editions, because M$ believes that the owners of such systems have a better grasp of the benefits of patching (M$ probably has data to substantiate the belief),

No, the data they have is from the marketing department saying the owners of the systems who might be interested in those versions will not purchase an O/S that has forced updates.

That too.
I think you'll find it's a bit more complicated than that ...

ID: 1748947 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1750487 - Posted: 20 Dec 2015, 1:36:02 UTC

Oh my, zero day for this Linux bug giving root access was 2009!
http://www.pcmag.com/article2/0,2817,2496870,00.asp
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times

They are just now getting around to an emergency patch.

Is there such a long lived zero day in M$? I thought all those millions of eyeballs was supposed to prevent this kind of thing. And 2009 to 2016 is how many years?!!

Root access might be a bit mild description too, perhaps supervisory mode access might be a better description. This because you could replace the O/S, boot loader, BIOS, etc!
ID: 1750487 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1767018 - Posted: 23 Feb 2016, 2:00:48 UTC

My oh my,
http://thenextweb.com/insider/2016/02/22/hackers-compromised-linux-mint-in-a-way-the-fbi-can-only-dream-of/
resulting in users downloading a build of the OS that had been modified to include a backdoor that would give attackers full access to a user’s system.

And I bet it was a linux webserver too!
ID: 1767018 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1767025 - Posted: 23 Feb 2016, 2:28:28 UTC - in response to Message 1767018.  

Bet it had amazing uptime!
ID: 1767025 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1767551 - Posted: 25 Feb 2016, 19:15:49 UTC

ID: 1767551 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1767597 - Posted: 25 Feb 2016, 22:49:07 UTC - in response to Message 1767551.  

http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687

Maybe this will come off as less biased since it isn't from ArsTechnica.

My, zero day was in 2008 and it is now 2016 and it is only now that the millions of eyeballs are beginning to notice there is a problem. How are they going to force an update onto the millions of routers out in the field? Who is going to flash all those ROM's?
ID: 1767597 · Report as offensive
Previous · 1 . . . 16 · 17 · 18 · 19

Message boards : Politics : Linux hits the world (cont #2)


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.