"I am calling you from Windows"
: A tech support scammer dials Ars Technica [more inside]
The U.S. National Security Agency (NSA) has begun releasing Security-Enhanced Android
patches and tools, which port their Security-Enhanced Linux
tools to Android devices. SEAndroid and SELinux provide mandatory access control
designed to limit the amount of damage that rogue or exploited software can do. [more inside]
and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers
. [more inside]
On May 13, security advisories published by Debian
revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG
, which is used by key generation
functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
The Winux virus
is reported to affect both Windows and Linux boxes/applications. The article says it's "written in a primitive computer language called 'assembly language'." On a side note, who do they get to write these articles? Certainly they are uncomfortable with technology...
Up to 20% of the internet vulnerable
to a virus. There is a new Linux worm virus. Apparently, it steals passwords, installs and hides other hacking tools on infected systems, and then uses those systems to seek other servers to attack. Sys admins are advised to run a check on their servers and upgrade their BIND version.
Linux no longer foolproof?
And a smile descened upon Redmond...
Well, we talked about NORAD a few posts back, I guess now it's time for everyone's *other* favorite agency: the NSA has a logo
. That's funny. No, really, the topic of this posting is their release of Security-Enhanced Linux, including Mandatory Access Control and other cool B-1'ish stuff. Ted T'so has some interesting observations in this Slashdot thread
on the topic as well.
Apparently, the conventional wisdom
is not quite right. The SDMI's Executive Director says
they have "thousands of entries" in their contest to hack the various proposed digital music security schemes. As I pointed out recently in a similar context,
the "Linux community" and the population of computer literate, financially motived, non-OS-sectarian hackers are far from being one and the same...
RedHat Linux security problem uncovered.
Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge
news (and it turned out to be patently false), yet this has gotten almost no
press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...