Show Notes: linuxactionnews.com/247

The post Linux Action News 247 first appeared on Jupiter Broadcasting.

A major Xen flaw forces the “cloud” to reboot, we share the details. ComputerCop malware pitched as saving the children turns out to be major spyware.

Plus a big Adobe Linux support rant, the Mac botnet that reads reddit & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Rackspace Joined Amazon in Patching, Rebooting Cloud Servers

About a quarter of Rackspace’s 200,000-plus customers were impacted when the cloud provider had to patch a flaw in the Xen hypervisor.
Rackspace, like cloud competitor Amazon Web Services, was forced to reboot some of its servers after patching them to fix a security flaw in some versions of the XenServer hypervisor.

The cloud provider had to patch an untold number of servers in its global data centers over the weekend and then reboot them, which caused disruption to about a quarter of Rackspace’s more than 200,000 customers, according to President and CEO Taylor Rhodes. The issue was further complicated by a tight deadline—the vulnerability was first discovered early last week, and a patch wasn’t worked out with Xen engineers until late Sept. 26.

AWS started sending out letters to its customers Sept. 24 informing them that there was an issue, but assured them that the problem was not related to the Bash bug that arose last week as a threat to systems running Unix and Linux. Officials instead let them know that the problem was with the Xen hypervisor, and that a patch was being worked on.

• Security bug in Xen may have exposed Amazon, other cloud services [Updated] | Ars Technica

The bug, introduced in versions of Xen after version 4.1, is in HVM code that emulates Intel’s x2APIC interrupt controller. While the emulator restricts the ability of a virtual machine to write to memory reserved specifically for its own emulated controller, a program running within a virtual machine could use the x2APIC interface to read information stored outside of that space. If someone were to provision an inadvertently buggy or intentionally malicious virtual machine on a server using HVM, Beulich found that VM could use the interface to look at the physical memory on the physical machine hosting the VM reserved for other virtual machines or for the virtualization server software itself. In other words, an “evil” virtual machine could essentially read over the shoulder of other virtual machines running on the same server, bypassing security.

• XSA-108 – Xen Security Advisories

EFF: Security software distributed by cops is actually spyware in disguise

Various schools, libraries and ordinary American families might have been using a “security” software called ComputerCOP for years. After all, they probably got their copy from cops, attorney’s offices or other branches of law enforcement, which tout it as a way to protect children online.

One of the main feature of ComputerCop is a keylogger called KeyAlert. Keyloggers record all keystrokes made on a computer keyboard, including credit card information and username and password combinations. KeyAlert’s logs are stored unencrypted on Windows computers, and on Macs they can be decrypted with the software’s default password. The software can also be configured so that trigger words email an alert to the computer’s owner.

KeyAlert must be installed separately from the rest of the ComputerCop software, but not all versions of ComputerCop have been distributed with it. There’s no way to configure KeyAlert for a particular user, so it’s possible to use it against anybody using the computer — not just kids.

“When that happens, the software transmits the key logs, unencrypted, to a third-party server, which then sends the email,” the EFF report said.

According to the foundation, law enforcement agencies typically buy between 1,000 and 5,000 copies of ComputerCOP for a few dollars per piece — and yes, they use taxpayer dollars for the purchase. Within the past two years for instance, several Attorney’s Offices, including San Diego’s, bought 5,000 pieces for 25 grand.

• ComputerCOP: The Dubious ‘Internet Safety Software’ That Hundreds of Police Agencies Have Distributed to Families | Electronic Frontier Foundation

Adobe Pulls Linux PDF Reader Downloads From Website – OMG! Ubuntu!

As flagged by a Reddit user who visited the Adobe site to grab the app, Linux builds are no longer listed alongside other ‘supported’ operating systems.

Adobe is no stranger to giving penguins the brush off. The company stopped releasing official builds of Flash for Linux in 2012 (leaving it to Google to tend to), and excluded Tux-loving users from its cross-platform application runtime “Air” the year before.

All is not lost. While the links are no longer offered through the website the Debian installer remains accessible from the Adobe FTP server.

China pre-orders 2 million iPhone 6 handsets in just 6 hours

The iPhone 6 and 6 Plus were delayed in China as the result of trouble for Apple securing the necessary regulatory approvals from the country’s Ministry of Industry and Information Technology. In its absence, rival company Samsung rushed to release their new flagship handset in the country.

Despite China’s absence, however, Apple’s eagerly-anticpated handsets sold 10 million+ units in their opening weekend alone.

According to new reports coming out of China, both retailers and carriers have taken in a massive 2 million reservations just six hours after putting the iPhone 6 and 6 Plus on earlier-than-expected pre-order.

New Mac botnet malware uses Reddit to find out what servers to connect to

Mac users should beware of some new malware spreading, that tries to connect infected machines with a botnet for future exploitation. As detected by Dr Web, the malicious worm (dubbed Mac.BackDoor.iWorm) first checks whether any interfering applications are installed on the Mac.

If it is clear, it calls out to Reddit posts to find the IP addresses of possible servers to callback too. Although these posts have been deleted, it’s not hard for the people behind the exploit to repost them at a later time. Once connected to the botnet, the infected Mac can be literally instructed to perform almost any task the hackers want, such as redirect browsing traffic to potentially steal account credentials for instance.

Dr.Web estimates over 15,000 distinct IP addresses have been connected to the botnet already. Although 15,000 IPs does not directly translate into 15,000 separate infected users, it is indicative of a rather large base for a Mac worm.

The post ComputerCop Malware | Tech Talk Today 69 first appeared on Jupiter Broadcasting.

We double down on your follow up. Working remotely, scratching your itch while at your current job, why we missed Heartbleed & the video that will make you never again complain about how hard something is.

Plus why you should write code every day, the hard numbers about mobile games & more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

— Show Notes: —

Follow up / Feedback

• Database Versioning
• Career Course Correction
• Remote work
• About Working Remotely
• Reading the OpenSSL Code base
• In House Github
• Tips for hiring?
• PHP to PDF Options (Question from Episode 98)

Dev Hoopla

• Weaving software into core memory by hand – YouTube
• Episode 100 plans

The post Is That a Weave? | CR 99 first appeared on Jupiter Broadcasting.

Adobe blows it. A treasure trove of customer information and source code has been found, we’ll share the details.

The DNS hijacking hijinks continue, after several big sites are brought offline. Then its a huge batch of your questions, our answers, and much much more!

Thanks to:

Adobe hacked, 3 million customer records leaked

• Adobe’s servers was compromised sometime between July 31 and Aug. 15, but the attack was not discovered until Sept. 17
• The source code for “numerous” products was stolen, including Adobe Acrobat, Publisher, ColdFusion, and ColdFusion Builder
• The source code leak could allow the attackers to much more easily generate a slew of 0-day attacks against Adobe products, resulting in exploits against which there is no defense
• Sensitive information on people with Adobe accounts was also taken, including names, encrypted credit numbers, expiration dates, order history and more
• “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems” said Adobe chief security officer Brad Arkin
• “Krebs also saw a list of 1.2 million potential .org domains running ColdFusion that the attackers could use as targets stored among the stolen data”
• “Holden and Krebs discovered a 40 GB file of stolen data, Krebs reported yesterday, on the same server hosting data stolen from brokers LexisNexis, Dun & Bradstreet and Kroll.”
• Additional companies were also compromised
• Additional Coverage – Threatpost
• Additional Coverage – ZDNet
• Adobe Blog – Illegal Access to Adobe Source Code
• Adobe – Important Customer Security Announcement
• Adobe – Customer Security Alert

WhatsApp, AVG, Avira, Alexa websites hacked in apparent DNS hijack

• Network Solutions is investigating an attack by a pro-Palestinian hacking group that redirected websites belonging to several companies.
• A group calling itself the KDMS Team claimed responsibility on Twitter.
• KDMS posted several screenshots on Twitter, including one that affected WhatsApp\’s domain. + The message asserted that the region known as Palestine has been stolen, and that prisoners should be released from Israeli jails.
• The websites affected included those of the security companies AVG and Avira; the messaging platform WhatsApp; a pornography site, RedTube; and Web metrics company Alexa.
• Stated on the company’s blog:
  > \”It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honored by the provider.\”
  > \”Using the new credentials, the cybercriminals have been able to change the entries to point to their DNS servers.\”
• Additional Coverage:
  • WhatsApp Web site hijacked, shows pro-Palestinian message
  • DNS-Based Attack Brings Down New Victim: WhatsApp

Feedback:

vBSDCon Oct 25-27

• freenas – to upgrade or not? and another question

• Is RAID dead?

• Too many computers not enough….

• Next steps in edu

• Faster VPN

• How fast are your Pipes (tubes)

• Allan, Zero Day was an excellent book pick

[asa]0399160450[/asa]

• Threat Vector Audiobook | Tom Clancy, Mark Greaney | Audible.com

Round Up:

• NSA tracks Google ads to find Tor users
• Patch Tuesday two-for-one sale. Microsoft fixes 2nd unannounced 0-day exploit in IE being exploited in the wild
• Malware authors scramble to become the next exploit kit after Blackhole author arrested
• Reclaim disk space, Microsoft finally releases a tool to remove unneeded windows update backup files
• Why attacks on the internet need to be public
• Google adds rewards for improving security in critical infrastructure open source projects including OpenSSH, Bind and ISC DHCP
• What pentesters can learn from spammers
• Most popular BSDCan talk ever – 2010 Everything you need to know about cryptography in 1 hour
• Police demand ability to arbitrarily take down and redirect domain names
• Great lightning talk from DestroyAllSoftware, “WAT”
• Gameover trojan using SSL to encrypt command and control functions
• Bulletproof hoster Santrex shutdown

The post Adobe's Leaky Source | TechSNAP 131 first appeared on Jupiter Broadcasting.