Last week I told you about bug fixes announced by Android as part of its May security bulletin. Well, over the weekend Samsung began releasing fixes for 27 vulnerabilities. Twenty-one of those are labeled as high severity. Handsets affected are the S9, Note 8 and S8 phones. Make sure you get them installed. Those of […]
If you can’t reach your favorite Linux developer by IM or e-mail today, it’s because they’re under a denial of service (DoS) attack.
The top programmers are all at the Linux Plumbers conference, which is being hammered by an Internet attacker.
Yes, even the best developers of the world can be put out of the commission when their internet is strangled.
According to James Bottomley, an IBM Research distinguished engineer and a member of the Linux Plumbers Conference committee, “Since yesterday we are being attacked from the outside. The attack follows us as we switch external IP and the team has identified at least one inside node which looks suspicious.”
The conference is not being attacked by some sophisticated Internet of Things distributed denial of service (DDoS) attack like the Dyn attack. No, it’s being mugged by one of the oldest attacks in the DoS book: a SYN flood.
In a SYN flood, the attacker breaks the normal TCP-startup three-way connection hand-shake. If you do this enough times, by “flooding” the router, the router runs out of memory and no one is able to make Internet connections.
The truly annoying thing about this type of attack –which has been around for more than 20 years — is that it’s easy to prevent. There are at least eight, count them eight, ways to mitigate SYN floods.
What’s far more troubling is that the Santa Fe ISP didn’t have any of the SYN flood defenses up. We know that massive Internet-killing DDoS attacks are on their way; and here we find a national ISP in a state capital can’t deal with an old-fashioned Internet assault.
I’ve predicted we’ll see serious Internet breakdown this year. Looking at this local Internet slowdown I’m surprised it hasn’t already. Yes, a lot of blame for Internet attacks goes to IoT manufacturers and insufficiently hardened web servers, but ISPs are guilty of poor security as well.
On most Linux machines, thwarting a SYN attack is really just few lines of the iptables firewall script added to the INPUT Chain
Here they are:
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP !!! stops NULL packet attacks
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP !!! && Stops syn-flood attacks
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP !!! Stops X-Mas packets
DDoS Defenses Emerging from Homeland Security
Government, academic, and private-sector officials are collaborating on new ways to prevent and mitigate distributed denial-of-service (DDoS) attacks, based on research years in the making but kicked into high gear by the massive takedown this month of domain name system provider Dyn.
The largest attacks in summer 2015 were about 400 gigabits per second, but September 2016 saw an attack on security blogger Brian Krebs of more than 600Gbps, while Dyn said its own attack may have exceeded 1.2 terabits per second. Government-led research is focusing on the 1-terabit range but with systems that can scale higher, which is already needed due to the proliferation of vulnerable Internet of Things devices too easily commandeered by malicious hackers.
Read more at Tech Republic
Linux, the operating system that powers most of the internet, has been carrying a bug for over nine years. Researchers have revealed the Linux Kernel has remained infected with a serious vulnerability codenamed Dirty COW. Attackers are exploiting this Linux security privilege escalation vulnerability in the wild, which is present in virtually every version of Linux.
“Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff,” Linux developer Phil Oester who discovered this vulnerability said. The bug exploits the way Linux memory handles a duplication called Copy on Write (hence, COW). Untrusted system users can exploit this bug to gain privileged write-access rights to memory that should be read-only.
Known as a privilege escalation bug, an attacker who has already gained some measure of control over the target system can leverage that to have complete control. This is not as serious as the remote code execution vulnerability. But, as Linux is an open source platform, this vulnerability in Kernel means almost every distribution of Linux in the last decade is carrying this exploit. After spotting active and malicious exploit of this bug, researchers have warned to install the patch to avoid any security troubles.
“It’s probably the most serious Linux local privilege escalation ever. The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time,” Dan Rosenberg said.
Patch for the Dirty Cow Linux security vulnerability is now available
Tracked as CVE-2016-5195, maintainers of the official Linux kernel patched the bug. Some of the major versions of Linux, including Ubuntu, Debian and Red Hat are up to date with the latest patch. However, millions of devices still are open to risk as downstream distributors, including Android, release updates to fix the Dirty Cow Linux security vulnerability.
The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8. As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.
Linux has been considered one of the most secure operating systems, thanks to an active and strong development community. As anyone can see and suggest edits to the core source code, it ensures that Linux security vulnerabilities are quickly spotted and patched. But, the fact that Dirty COW was sitting in the kernel for nearly a decade and went unnoticed confirms that attackers get to learn and exploit these bugs before developers.
After releasing the first Test build of the upcoming Parsix GNU/Linux 8.15 “Nev” operating system a couple of days ago, today, October 23, 2016, the Parsix GNU/Linux development team announced the availability of new security updates for all supported Parsix GNU/Linux releases.
Parsix GNU/Linux 8.10 “Erik” is the current stable release of the Debian-based operating system, and it relies on the Debian Stable (Debian GNU/Linux 8 “Jessie”) software repositories. On the other hand Parsix GNU/Linux 8.15 “Nev” is the next major version, which right now is in development, but receives the same updates as the former.
Therefore, we’d like to inform those of you who use the Parsix GNU/Linux operating system on their personal computers that new security updates are available, patching various issues with software projects like Icedove email and news client, Tor tool for enabling anonymous communication, as well as the libgd2 and kdepimlibs libraries.
Now powered by Linux kernel 4.4.27 LTS
Moreover, users will be able to install new versions of the Ghostscript interpreter for the PostScript language and PDF documents, the FreeImage library, and Quagga routing software suite. Additionally, both Parsix GNU/Linux 8.10 “Erik” and Parsix GNU/Linux 8.15 “Nev” are now powered by the long-term supported Linux 4.4.27 kernel.
We’d like to remind readers that Linux kernel 4.4.27 LTS is patched against the nasty “Dirty COW” bug that could allow a local attacker to gain administrative privileges on the affected system. Therefore, you are urged to update your Parsix GNU/Linux installation as soon as possible. More details can about the security issues released can be found at http://www.parsix.org/wiki/Security.