Linux

New ‘Bash’ Software Bug May Pose Bigger Threat Than ‘Heartbleed’

by

New ‘Bash’ software bug may pose bigger threat than ‘Heartbleed’ (Reuters, Sep 24, 2014):

A newly discovered security bug in a widely used piece of Linux software, known as “Bash,” could pose a bigger threat to computer users than the “Heartbleed” bug that surfaced in April, cyber experts warned on Wednesday.

Bash is the software used to control the command prompt on many Unix computers. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said.

Read moreNew ‘Bash’ Software Bug May Pose Bigger Threat Than ‘Heartbleed’

Critical Crypto Bug Leaves Linux, Hundreds Of Apps Open To Eavesdropping

by

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping (Ars Technica, March 4, 2014):

This GnuTLS bug is worse than the big Apple “goto fail” bug patched last week.

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical “goto fail” flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

Read moreCritical Crypto Bug Leaves Linux, Hundreds Of Apps Open To Eavesdropping

Linux Powered Smart Rifles With Networked Tracking Scopes Have Arrived

by

Linux Powered Smart Rifles With Networked Tracking Scopes Have Arrived (Liberty Blitzkrieg, Jan 20, 2014):

Technological advancement is moving ahead so fast it is impossible to keep up. Pretty soon it doesn’t look like humans are going to be responsible for much of anything at all if we continue at this pace.

The latest military “advancement” is a Linux powered rifle that basically only requires the human soldier to mark a target and then a computer can “engage and assist.” Basically it sounds a lot like a drone rifle. Insane.

More from Geeky Gadgets:

Read moreLinux Powered Smart Rifles With Networked Tracking Scopes Have Arrived

U.S. Navy’s Newest Warship Is Powered By Linux

by

The Navy’s newest warship is powered by Linux (Ars Technica, Oct 18, 2013):

The USS Zumwalt will be a floating data center—armed with missiles and robot guns.

When the USS Zumwalt (DDG 1000) puts to sea later this year, it will be different from any other ship in the Navy’s fleet in many ways. The $3.5 billon ship is designed for stealth, survivability, and firepower, and it’s packed with advanced technology. And at the heart of its operations is a virtual data center powered by off-the-shelf server hardware, various flavors of Linux, and over 6 million lines of software code.

Read moreU.S. Navy’s Newest Warship Is Powered By Linux

Linux – Who Rooted Kernel.org Servers Two Years Ago, How Did It Happen, And Why?

by

See also:

Linus Torvalds Talks Linux Development at LinuxCon (eWeek, Sep 18, 2013):

NSA Backdoor

Torvalds was also asked if he had ever been approached by the U.S. government to insert a backdoor into Linux. Torvalds responded “no” while nodding his head “yes,” as the audience broke into spontaneous laughter.

Who rooted kernel.org servers two years ago, how did it happen, and why? (Ars Technica, Sep 24, 2013):

Maintainers of Linux still haven’t delivered promised autopsy of serious breach.

More than two years after unknown hackers gained unfettered access over multiple computers used to maintain and distribute the Linux operating system kernel, officials still haven’t released a promised autopsy about what happened.

The compromise, which began no later than August 12, 2011, wasn’t detected for at least 16 days, a public e-mail and interviews immediately following the intrusion revealed. During that time, attackers were able to monitor the activities of anyone using the kernel.org servers known as Hera and Odin1, as well as personal computers belonging to senior Linux developer H. Peter Anvin. The self-injecting rootkit known as Phalanx had access to a wealth of sensitive data, possibly including private keys used to sign and decrypt e-mails and remotely log in to servers. A follow-up advisory a few weeks later opened the possibility that still other developers may have fallen prey to the attackers.

Read moreLinux – Who Rooted Kernel.org Servers Two Years Ago, How Did It Happen, And Why?

Hedge Fund Manager: Goodbye and F—- You

by

From the Scorched Earth Files:

Andrew Lahde, manager of a small California hedge fund, Lahde Capital, burst into the spotlight last year after his one-year-old fund returned 866 percent betting against the subprime collapse.

Last month, he did the unthinkable — he shut things down, claiming dealing with his bank counterparties had become too risky. Today, Lahde passed along his “goodbye” letter, a rollicking missive on everything from greed to economic philosophy. Enjoy.

Today I write not to gloat. Given the pain that nearly everyone is experiencing, that would be entirely inappropriate. Nor am I writing to make further predictions, as most of my forecasts in previous letters have unfolded or are in the process of unfolding. Instead, I am writing to say goodbye.

Recently, on the front page of Section C of the Wall Street Journal, a hedge fund manager who was also closing up shop (a $300 million fund), was quoted as saying, “What I have learned about the hedge fund business is that I hate it.” I could not agree more with that statement. I was in this game for the money. The low hanging fruit, i.e. idiots whose parents paid for prep school, Yale, and then the Harvard MBA, was there for the taking. These people who were (often) truly not worthy of the education they received (or supposedly received) rose to the top of companies such as AIG, Bear Stearns and Lehman Brothers and all levels of our government. All of this behavior supporting the Aristocracy, only ended up making it easier for me to find people stupid enough to take the other side of my trades. God bless America.

There are far too many people for me to sincerely thank for my success. However, I do not want to sound like a Hollywood actor accepting an award. The money was reward enough. Furthermore, the endless list those deserving thanks know who they are.

Read moreHedge Fund Manager: Goodbye and F—- You