2019年1月30日 星期三

[USN-3871-1] Linux kernel vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: 2019年1月29日 週二 下午11:00

Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10876, CVE-2018-10879)

Wen Xu discovered that a buffer overflow existed in the ext4 filesystem
implementation in the Linux kernel. An attacker could use this to construct
a malicious ext4 image that, when mounted, could cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2018-10877)

Wen Xu discovered that an out-of-bounds write vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10878, CVE-2018-10882)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in inode
bodies. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10880)

Wen Xu discovered that the ext4 file system implementation in the Linux
kernel could possibly perform an out of bounds write when updating the
journal for an inline file. An attacker could use this to construct a
malicious ext4 image that, when mounted, could cause a denial of service
(system crash). (CVE-2018-10883)

It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)

Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)

Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)

Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)

Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)

It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations. An
attacker with access to debugfs could use this to cause a denial of service
or possibly gain additional privileges. (CVE-2018-9516)

References:
  https://usn.ubuntu.com/usn/usn-3871-1
  CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879,
  CVE-2018-10880, CVE-2018-10882, CVE-2018-10883, CVE-2018-14625,
  CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407,
  CVE-2018-9516

TrendLabs: ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai

Figure 1. Console display on a Yowai-infected device
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/thinkphp-vulnerability-abused-by-botnets-hakai-and-yowai/

2019年1月28日 星期一

LM: Canonical Announces Latest Ubuntu Core for IoT

Now offers 10 years of support.
Canonical has announced Ubuntu Core 18, their open source platform for IoT devices. Ubuntu Core 18 is based on Ubuntu 18.04 LTS code-base and will be supported for 10 years.
REF: http://www.linux-magazine.com/Online/News/Canonical-Announces-Latest-Ubuntu-Core-for-IoT

Trello: Plug, Play, Repeat: The Best Strategies For More Productive Focus Time

how to maximize productivity with less time
This post is part of a series on time strategy, from our friends at ProductPlan. Read Part 1 here about getting more done without working harder.
REF: https://blog.trello.com/strategies-for-more-productive-focus-time

2019年1月26日 星期六

[USN-3867-1] MySQL vulnerabilities

---------- Forwarded message ---------
From: Marc Deslauriers
Date: 2019年1月24日 週四 上午1:57

Several security issues were fixed in MySQL.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

References:
  https://usn.ubuntu.com/usn/usn-3867-1
  CVE-2019-2420, CVE-2019-2434, CVE-2019-2455, CVE-2019-2481,
  CVE-2019-2482, CVE-2019-2486, CVE-2019-2503, CVE-2019-2507,
  CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2531,
  CVE-2019-2532, CVE-2019-2534, CVE-2019-2537

2019年1月25日 星期五

Trello: How To Boost Your Creativity The Einstein Way—With Combinatory Play

Einstein-final
It’s been more than 2,200 years since Archimedes ran naked through the streets of Sicily shouting, “Eureka!” (“I’ve found it!”), but there’s still a lot we could learn from that moment.
REF: https://blog.trello.com/combinatory-play-boost-creativity

2019年1月24日 星期四

LM: Linus Torvalds Welcomes 2019 with Linux 5.x

Better support for GPUs and CPUs.
Linus Torvalds has announced the release of Linux 5.0-rc1. The kernel was supposed to be 4.21, but he decided to move to the 5.x series. Torvalds has made it clear that the numbering of the kernel doesn’t make much sense. So don’t get too excited about this release.
REF: http://www.linux-magazine.com/Online/News/Linus-Torvalds-Welcomes-2019-with-Linux-5.x

2019年1月23日 星期三

GCP: Rethinking commercial software delivery with Cloud Spanner and serverless

6.png
We will see software companies that understand this seismic shift in the industry drive down the cost of enterprise applications and grab market share away from traditional players.
REF: https://cloud.google.com/blog/topics/perspectives/rethinking-commercial-software-delivery-with-cloud-spanner-and-serverless

[USN-3863-1] APT vulnerability

---------- Forwarded message ---------
From: Marc Deslauriers
Date: 2019年1月22日 週二 下午9:13

Details:

Max Justicz discovered that APT incorrectly handled certain parameters
during redirects. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to install
altered packages.

References:
  https://usn.ubuntu.com/usn/usn-3863-1
  CVE-2019-3462

2019年1月21日 星期一

Trello: The 'Coffee Shop Effect': Why Changing Your Location Boosts Your Productivity

Coffee shop boosts work productivity
By now, I’m embarrassingly familiar with the post-lunch slump that strikes at least once during my workweek.
REF: https://blog.trello.com/coffee-shop-effect-boosts-productivity

LJ: Two Portable DIY Retro Gaming Consoles

""
Figure 1. PiGRRL 2
REF: https://www.linuxjournal.com/content/two-portable-diy-retro-gaming-consoles

2019年1月19日 星期六

TrendLabs: Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics

Table 1.
Table 1.Victim distribution for all BatterySaveMobi samples
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/

2019年1月18日 星期五

ADMIN: Installing and operating the Graylog SIEM solution

Figure 1: Graylog comprises a web interface, a server, MongoDB, and Elasticsearch.
REF: http://www.admin-magazine.com/Articles/Installing-and-operating-the-Graylog-SIEM-solution

Trello: What's Microproductivity? The Small Habit That Will Lead You To Big Wins

the benefits of microproductivity
Take baby steps. You can’t move a mountain. When eating an elephant, take one bite at a time.
REF: https://blog.trello.com/microproductivity-break-tasks-into-smaller-steps

TrendLabs: New Magecart Attack Delivered Through Compromised Advertising Supply Chain


Figure 1: Attack chain of the online skimming attack
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/

Trello: Want To Be Happier This Year? Follow This 2019 Productive Habits Calendar

Small-changes-final
New Year’s resolutions get a bad rap. And to be fair, they don’t exactly have the most promising success rate: a whopping 80% of resolutions fail by the first week of February.
REF: https://blog.trello.com/small-changes-big-impact-on-productivity-happiness

ADMIN: D-Wave's Murray Thom discusses the present and future of quantum computing.

Not just a theory anymore: D-Wave builds real-world quantum computers.
REF: http://www.admin-magazine.com/Articles/D-Wave-s-Murray-Thom-discusses-the-present-and-future-of-quantum-computing

TrendLabs: January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities

n the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were activelybeing exploited. Thankfully, 2019 started off relatively smoothlywith 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/january-patch-tuesday-first-bulletin-of-2019-has-fixes-for-dhcp-and-microsoft-exchange-vulnerabilities/

2019年1月12日 星期六

Trello: How To Create More Time: A Strategy For Finally Getting Ahead Of Your To-Do List

time management strategies
Do you ever feel like you’re constantly behind? As though no matter how productive you are, you’ll never manage to “get ahead?” Do you find yourself wishing there were more hours in the day? Can you relate a little too much to this hamster?
REF: https://blog.trello.com/how-to-create-more-time-to-do-list-strategy

2019年1月11日 星期五

open source software development for the RISC-V

RISC-V, for those of you who do not know about it, is a relatively new architecture that originated at the University of California, Berkeley (the same people who developed the Berkeley Software Distribution, also known as BSD).

Having years of history and experience behind computer science, these architects "started from scratch" and were able to develop a relatively clean architecture that could support multiple address space sizes, as well as multiple usage cases (servers, portable devices, embedded systems, Internet of Things, etc.). This design allows trade-offs in the chips for speed and power without moving away from the basic architecture.

REF: http://www.linux-magazine.com/Issues/2019/219/Doghouse-The-long-road-to-RISC-V

TrendLabs: Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users


FIGURE 1-A
FIGURE 1-B
Figure 1. A screen capture of some of the adware-laden fake apps on Google Play
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/

[Check_mk Announce] New Check_MK stable release 1.5.0p10

---------- Forwarded message ---------
From: Check_mk Announcements
Date: Tue, Jan 8, 2019 at 5:09 PM
To:

This maintenance release ships with 41 changes affecing all editions of Check_MK,
5 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.
...
You can download Check_MK from our download page:
 * http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring, 

2019年1月8日 星期二

Live.graphics.email.Image.jpg

NewTek’s NDI® KVM is one of the exciting applications included with Premium Access subscription-based software.
REF: https://www.newtek.com/npa/

Linux Magazine: Simplifying SSH

Most Windows users are familiar with the PuTTY open source terminal emulator as an interface for SSH, whereas Linux users usually interface with SSH on the command line. Although PuTTY is also available for Linux, SecPanel [1], which has been under development for many years, has gained better acceptance in the Linux world.

REF: http://www.linux-magazine.com/Issues/2019/219/EasySSH

2019年1月6日 星期日

Libre Lounge

REF: https://librelounge.org/

2019年1月5日 星期六

Charly's Column – moreutils

..combine is really practical for comparing stuff. You need to pass in the names of two text files and a logical operator: and, not, or, or xor (exclusive or).

As an example, I created two text files with IP addresses and networks. Some of the addresses and networks are included in both files, while others are not. Now I let combine compare the files, first with the and operator:

# combine iplist-a.text and iplist-b.text

REF: http://www.linux-magazine.com/Issues/2019/219/Hot-Stuff

2019年1月4日 星期五

TrendLabs: Spyware Disguises as Android Applications on Google Play

Figure 1
Figure 1. Flappy Birr Dog download page
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/spyware-disguises-as-android-applications-on-google-play/

2019年1月3日 星期四

MPEG-G: the ugly

Source: https://globaldossier.uspto.gov/#/result/publication/WO/2018071080/1

The patents all relate to how the sequence is encoded in the MPEG-G draft specification.   Many of these patents have similar problems with prior art, with some claims being sufficiently woolly that CRAM, among others, would infringe on them if granted.  Some are simply huge - over 100 pages of impenetrable lawyer speak and 80+ claims.  Fighting this has become an enormous and unwelcome time sink.
REF: https://datageekdom.blogspot.com/2018/09/

On Ghost Users and Messaging Backdoors

Identity
Encrypted calling with an “identity system” looking up keys. The Apple represents Apple’s back-end servers.
REF: https://blog.cryptographyengineering.com/2018/12/17/on-ghost-users-and-messaging-backdoors/

2019年1月1日 星期二

Support the Free Software Foundation

A banner image with four photos: a family, a 3d printer, the audience at LibrePlanet 2015, and a small, stuffed gnu.
The Free Software Foundation (FSF) is a 501(c)(3) nonprofit organization based in Boston, MA, USA
REF: https://www.fsf.org/blogs/community/a-message-from-richard-m-stallman

Government Collaboration Groups and Efforts of Information Security

Federal CIO Council
The Federal CIO Council is the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, sharing, and performance of Federal information resources. Learn more about the CIO Council.
Government Forum of Incident Response and Security Teams (GFIRST)
A community of more than 100 incident response teams from various federal agencies working together to secure the Federal Government. Learn more about the GFIRST conference.
National Council of Information Sharing Analysis Centers (ISAC Council)
The ISAC Council advances the physical and cybersecurity of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government. Learn more about the National Council of ISACs.
Software Assurance Community Resources and Information Clearinghouse
REF: https://www.us-cert.gov/Government-Collaboration-Groups-and-Efforts