A major Xen flaw forces the “cloud” to reboot, we share the details. ComputerCop malware pitched as saving the children turns out to be major spyware.

Plus a big Adobe Linux support rant, the Mac botnet that reads reddit & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Rackspace Joined Amazon in Patching, Rebooting Cloud Servers

About a quarter of Rackspace’s 200,000-plus customers were impacted when the cloud provider had to patch a flaw in the Xen hypervisor.
Rackspace, like cloud competitor Amazon Web Services, was forced to reboot some of its servers after patching them to fix a security flaw in some versions of the XenServer hypervisor.

The cloud provider had to patch an untold number of servers in its global data centers over the weekend and then reboot them, which caused disruption to about a quarter of Rackspace’s more than 200,000 customers, according to President and CEO Taylor Rhodes. The issue was further complicated by a tight deadline—the vulnerability was first discovered early last week, and a patch wasn’t worked out with Xen engineers until late Sept. 26.

AWS started sending out letters to its customers Sept. 24 informing them that there was an issue, but assured them that the problem was not related to the Bash bug that arose last week as a threat to systems running Unix and Linux. Officials instead let them know that the problem was with the Xen hypervisor, and that a patch was being worked on.

• Security bug in Xen may have exposed Amazon, other cloud services [Updated] | Ars Technica

The bug, introduced in versions of Xen after version 4.1, is in HVM code that emulates Intel’s x2APIC interrupt controller. While the emulator restricts the ability of a virtual machine to write to memory reserved specifically for its own emulated controller, a program running within a virtual machine could use the x2APIC interface to read information stored outside of that space. If someone were to provision an inadvertently buggy or intentionally malicious virtual machine on a server using HVM, Beulich found that VM could use the interface to look at the physical memory on the physical machine hosting the VM reserved for other virtual machines or for the virtualization server software itself. In other words, an “evil” virtual machine could essentially read over the shoulder of other virtual machines running on the same server, bypassing security.

• XSA-108 – Xen Security Advisories

EFF: Security software distributed by cops is actually spyware in disguise

Various schools, libraries and ordinary American families might have been using a “security” software called ComputerCOP for years. After all, they probably got their copy from cops, attorney’s offices or other branches of law enforcement, which tout it as a way to protect children online.

One of the main feature of ComputerCop is a keylogger called KeyAlert. Keyloggers record all keystrokes made on a computer keyboard, including credit card information and username and password combinations. KeyAlert’s logs are stored unencrypted on Windows computers, and on Macs they can be decrypted with the software’s default password. The software can also be configured so that trigger words email an alert to the computer’s owner.

KeyAlert must be installed separately from the rest of the ComputerCop software, but not all versions of ComputerCop have been distributed with it. There’s no way to configure KeyAlert for a particular user, so it’s possible to use it against anybody using the computer — not just kids.

“When that happens, the software transmits the key logs, unencrypted, to a third-party server, which then sends the email,” the EFF report said.

According to the foundation, law enforcement agencies typically buy between 1,000 and 5,000 copies of ComputerCOP for a few dollars per piece — and yes, they use taxpayer dollars for the purchase. Within the past two years for instance, several Attorney’s Offices, including San Diego’s, bought 5,000 pieces for 25 grand.

• ComputerCOP: The Dubious ‘Internet Safety Software’ That Hundreds of Police Agencies Have Distributed to Families | Electronic Frontier Foundation

Adobe Pulls Linux PDF Reader Downloads From Website – OMG! Ubuntu!

As flagged by a Reddit user who visited the Adobe site to grab the app, Linux builds are no longer listed alongside other ‘supported’ operating systems.

Adobe is no stranger to giving penguins the brush off. The company stopped releasing official builds of Flash for Linux in 2012 (leaving it to Google to tend to), and excluded Tux-loving users from its cross-platform application runtime “Air” the year before.

All is not lost. While the links are no longer offered through the website the Debian installer remains accessible from the Adobe FTP server.

China pre-orders 2 million iPhone 6 handsets in just 6 hours

The iPhone 6 and 6 Plus were delayed in China as the result of trouble for Apple securing the necessary regulatory approvals from the country’s Ministry of Industry and Information Technology. In its absence, rival company Samsung rushed to release their new flagship handset in the country.

Despite China’s absence, however, Apple’s eagerly-anticpated handsets sold 10 million+ units in their opening weekend alone.

According to new reports coming out of China, both retailers and carriers have taken in a massive 2 million reservations just six hours after putting the iPhone 6 and 6 Plus on earlier-than-expected pre-order.

New Mac botnet malware uses Reddit to find out what servers to connect to

Mac users should beware of some new malware spreading, that tries to connect infected machines with a botnet for future exploitation. As detected by Dr Web, the malicious worm (dubbed Mac.BackDoor.iWorm) first checks whether any interfering applications are installed on the Mac.

If it is clear, it calls out to Reddit posts to find the IP addresses of possible servers to callback too. Although these posts have been deleted, it’s not hard for the people behind the exploit to repost them at a later time. Once connected to the botnet, the infected Mac can be literally instructed to perform almost any task the hackers want, such as redirect browsing traffic to potentially steal account credentials for instance.

Dr.Web estimates over 15,000 distinct IP addresses have been connected to the botnet already. Although 15,000 IPs does not directly translate into 15,000 separate infected users, it is indicative of a rather large base for a Mac worm.