Loathing Lupper in Linux
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Story of an Embedded Linux Botnet
A Moose Once Bit My Honeypot A Story of an Embedded Linux Botnet by Olivier Bilodeau (@obilodeau) $ apropos Embedded Linux Malware Moose DNA (description) Moose Herding (the Operation) What’s New? Take Aways $ whoami Malware Researcher at ESET Infosec lecturer at ETS University in Montreal Previously infosec developer, network admin, linux system admin Co-founder Montrehack (hands-on security workshops) Founder NorthSec Hacker Jeopardy Embedded Linux Malware What marketing likes to call "Internet of Things Malware" Malware Running On An Embedded Linux System Like consumer routers DVR Smart TVs IP Camera monitoring systems … Caracteristics of Embedded Linux Systems Small amount of memory Small amount of flash Non x86 architectures: ARM, MIPS Wide-variety of libc implementations / versions Same ABI-compatible Linux kernel (2.4 < x < 4.3) Support ELF binaries Rarely an integrated UI Networked Why Threats On These Systems Matters? Hard to detect Hard to remediate Hard to fix Low hanging fruit for bad guys It’s Real Several cases disclosed in the last two years A lot of same-old background noise (DDoSer) Things are only getting worse Wait, is IoT malware really about things? NNoo.. NNoott yyeett.. So what kind of malware can we find on such insecure devices? Linux/Aidra Linux/Bassobo ChinaZ family (XOR.DDoS, …) Linux/Dofloo Linux/DNSAmp (Mr Black, BillGates) Linux/Gafgyt (LizardStresser) Linux/Hydra Linux/Tsunami … LLeessssoonn LLeeaarrnneedd ##00 Statically-linked stripped binaries Static/stripped ELF primer No imports (library calls) present -
Survivor: a Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems Ronny Chevalier David Plaquin HP Labs HP Labs CentraleSupélec, Inria, CNRS, IRISA [email protected] [email protected] Chris Dalton Guillaume Hiet HP Labs CentraleSupélec, Inria, CNRS, IRISA [email protected] [email protected] ABSTRACT 1 INTRODUCTION Despite the deployment of preventive security mechanisms to pro- Despite progress in preventive security mechanisms such as cryp- tect the assets and computing platforms of users, intrusions even- tography, secure coding practices, or network security, given time, tually occur. We propose a novel intrusion survivability approach an intrusion will eventually occur. Such a case may happen due to to withstand ongoing intrusions. Our approach relies on an orches- technical reasons (e.g., a misconfiguration, a system not updated, tration of fine-grained recovery and per-service responses (e.g., or an unknown vulnerability) and economic reasons [39] (e.g., do privileges removal). Such an approach may put the system into a the benefits of an intrusion for criminals outweigh their costs?). degraded mode. This degraded mode prevents attackers to reinfect To limit the damage done by security incidents, intrusion re- the system or to achieve their goals if they managed to reinfect covery systems help administrators restore a compromised system it. It maintains the availability of core functions while waiting for into a sane state. Common limitations are that they do not preserve patches to be deployed. We devised a cost-sensitive response se- availability [23, 27, 34] (e.g., they force a system shutdown) or that lection process to ensure that while the service is in a degraded they neither stop intrusions from reoccurring nor withstand re- mode, its core functions are still operating. -
Sureview® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification
SureView® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification Promoting trustworthy and repeatable analysis of volatile system state Benefits Increased Usage of Linux in Forensics Field Guide for Linux Global Enterprises Systems2,” the apparent goal n Enables visibility into the state n Scans thousands of The use of Linux is everywhere of these attackers is to steal all systems with hundreds of of systems software while in the world. Linux is used in types of information. Perhaps of gigabytes of memory executing in memory our stock exchange transactions, greatest concern are the synchro- on Linux systems n Provides a configurable social media, network storage nized, targeted attacks against n Delivers malware detection using scanning engine for automated devices, smartphones, DVR’s, Linux systems. For several years, scans of remote systems an integrity verification approach online purchasing web sites, organized groups of attackers to verify that all systems software throughout an enterprise running is known and unmodified and in the majority of global (a.k.a. threat actors) have been n Incorporates an easy-to- Internet traffic. The Linux infiltrating Linux systems and to quickly identify threats use GUI to quickly assess Foundation’s 2013 Enterprise have been communicating with n Allows the integration and interpret results End User Report indicates that command and control (C2) of memory forensics into n Delivers output in a structured 80% of respondents planned servers and exfiltrating data enterprise security information data format (JSON) to to increase their numbers of from compromised Linux sys- and event management facilitate analytics systems (SIEMS) supporting Linux servers over the next five tems. -
Debian: 19 Years of Free Software, “Do-Ocracy,” and Democracy
Debian: 19 years of Free Software, “do-ocracy,” and democracy Stefano Zacchiroli Debian Project Leader 6 October 2012 ACM Reflections | Projections 2012 University of Illinois at Urbana-Champaign Stefano Zacchiroli (Debian) 19 years of Debian reflections | projections 1 / 32 Free Software & your [ digital ] life Lester picked up a screwdriver. “You see this? It’s a tool. You can pick it up and you can unscrew stuff or screw stuff in. You can use the handle for a hammer. You can use the blade to open paint cans. You can throw it away, loan it out, or paint it purple and frame it.” He thumped the printer. “This [ Disney in a Box ] thing is a tool, too, but it’s not your tool. It belongs to someone else — Disney. It isn’t interested in listening to you or obeying you. It doesn’t want to give you more control over your life.” [. ] “If you don’t control your life, you’re miserable. Think of the people who don’t get to run their own lives: prisoners, reform-school kids, mental patients. There’s something inherently awful about living like that. Autonomy makes us happy.” — Cory Doctorow, Makers http://craphound.com/makers/ Stefano Zacchiroli (Debian) 19 years of Debian reflections | projections 2 / 32 Free Software, raw foo is cool, let’s install it! 1 download foo-1.0.tar.gz ñ checksum mismatch, missing public key, etc. 2 ./configure ñ error: missing bar, baz, . 3 foreach (bar, baz, . ) go to 1 until (recursive) success 4 make ñ error: symbol not found 5 make install ñ error: cp: cannot create regular file /some/weird/path now try scale that up to -
Malware Trends
NCCIC National Cybersecurity and Communications Integration Center Malware Trends Industrial Control Systems Emergency Response Team (ICS-CERT) Advanced Analytical Laboratory (AAL) October 2016 This product is provided subject only to the Notification Section as indicated here:http://www.us-cert.gov/privacy/ SUMMARY This white paper will explore the changes in malware throughout the past several years, with a focus on what the security industry is most likely to see today, how asset owners can harden existing networks against these attacks, and the expected direction of developments and targets in the com- ing years. ii CONTENTS SUMMARY .................................................................................................................................................ii ACRONYMS .............................................................................................................................................. iv 1.INTRODUCTION .................................................................................................................................... 1 1.1 State of the Battlefield ..................................................................................................................... 1 2.ATTACKER TACTIC CHANGES ........................................................................................................... 2 2.1 Malware as a Service ...................................................................................................................... 2 2.2 Destructive Malware ...................................................................................................................... -
Russian GRU 85Th Gtsss Deploys Previously Undisclosed Drovorub Malware
National Security Agency Federal Bureau of Investigation Cybersecurity Advisory Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware August 2020 Rev 1.0 U/OO/160679-20 PP-20-0714 Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware Notices and history Disclaimer of Warranties and Endorsement The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. This guidance shall not be used for advertising or product endorsement purposes. Sources and Methods NSA and FBI use a variety of sources, methods, and partnerships to acquire information about foreign cyber threats. This advisory contains the information NSA and FBI have concluded can be publicly released, consistent with the protection of sources and methods and the public interest. Publication Information Purpose This advisory was developed as a joint effort between NSA and FBI in support of each agency’s respective missions. The release of this advisory furthers NSA’s cybersecurity missions, including its responsibilities to identify and disseminate threats to National Security Systems, Department of Defense information systems, and the Defense Industrial Base, and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders. Contact Information Client Requirements / General Cybersecurity Inquiries: Cybersecurity Requirements Center, 410-854-4200, [email protected] Media Inquiries / Press Desk: Media Relations, 443-634-0721, [email protected] Trademark Recognition Linux® is a registered trademark of Linus Torvalds. -
The Future of Airline Distribution, 2016 - 2021
The Future of Airline Distribution, 2016 - 2021 By Henry H. Harteveldt, Atmosphere Research Group CONTENTS 3 INTRODUCTION 5 RESEARCH METHODOLOGY 7 EXECUTIVE SUMMARY 9 HOW SHOULD AIRLINES PREPARE TO SERVE THE AIRLINE TRAVELER OF 2021? 26 TECHNOLOGY INNOVATION AND THE EVOLVING TECHNOLOGY LANDSCAPE 29 AIRLINE DISTRIBUTION IN 2021 70 CONCLUSION 72 ENDNOTES © 2016 International Air Transport Association. All rights reserved. 2 INTRODUCTION Introduction from Atmosphere Research Atmosphere Research Group is honored to have Airlines that want to become true retailers are once again been selected by IATA to prepare this well-positioned to do so. Carriers have an abun- report on the future of airline distribution. We dance of technologies, including cloud comput- believe that the five-year timeframe this report ing, artificial intelligence, and mobility, that they covers – 2016 to 2021 – will see the successful can use to help them bring their products to mar- introduction of true retailing among the world’s ket in more meaningful ways. IATA’s NDC, One airlines and their distribution partners. Order, and NGISS initiatives are being brought to market to help airlines be more successful busi- This report reflects Atmosphere Research’s in- nesses. As each airline independently contem- dependent and objective analysis based on our plates its distribution strategies and tactics, we extensive industry and consumer research (for hope this report will serve as a helpful resource. more information about how the research was conducted, please refer to the “Research Method- ology” section). © 2016 International Air Transport Association. All rights reserved. 3 Future of Distribution Report 2016-2021 Introduction from IATA In 2012 IATA commissioned Atmosphere Research Game changes are prompted by consumer needs, to conduct a survey on the Future of Airline Dis- or by the ability to offer new solutions. -
Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix
Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian -
Separating Protection and Management in Cloud Infrastructures
SEPARATING PROTECTION AND MANAGEMENT IN CLOUD INFRASTRUCTURES A Dissertation Presented to the Faculty of the Graduate School of Cornell University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy by Zhiming Shen December 2017 c 2017 Zhiming Shen ALL RIGHTS RESERVED SEPARATING PROTECTION AND MANAGEMENT IN CLOUD INFRASTRUCTURES Zhiming Shen, Ph.D. Cornell University 2017 Cloud computing infrastructures serving mutually untrusted users provide se- curity isolation to protect user computation and resources. Additionally, clouds should also support flexibility and efficiency, so that users can customize re- source management policies and optimize performance and resource utiliza- tion. However, flexibility and efficiency are typically limited due to security requirements. This dissertation investigates the question of how to offer flexi- bility and efficiency as well as strong security in cloud infrastructures. Specifically, this dissertation addresses two important platforms in cloud in- frastructures: the containers and the Infrastructure as a Service (IaaS) platforms. The containers platform supports efficient container provisioning and execut- ing, but does not provide sufficient security and flexibility. Different containers share an operating system kernel which has a large attack surface, and kernel customization is generally not allowed. The IaaS platform supports secure shar- ing of cloud resources among mutually untrusted users, but does not provide sufficient flexibility and efficiency. Many powerful management primitives en- abled by the underlying virtualization platform are hidden from users, such as live virtual machine migration and consolidation. The main contribution of this dissertation is the proposal of an approach in- spired by the exokernel architecture that can be generalized to any multi-tenant system to improve security, flexibility, and efficiency. -
Universidad Politécnica De Madrid Automated
UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS DE TELECOMUNICACION´ AUTOMATED WORDLENGTH OPTIMIZATION FRAMEWORK FOR MULTI-SOURCE STATISTICAL INTERVAL-BASED ANALYSIS OF NONLINEAR SYSTEMS WITH CONTROL-FLOW STRUCTURES Ph.D. THESIS Enrique Sedano Algarabel Ingeniero en Inform´atica M´asteren Investigaci´onen Inform´atica 2016 DEPARTAMENTO DE INGENIER´IA ELECTRONICA´ ESCUELA TECNICA´ SUPERIOR DE INGENIEROS DE TELECOMUNICACION´ UNIVERSIDAD POLITECNICA´ DE MADRID AUTOMATED WORDLENGTH OPTIMIZATION FRAMEWORK FOR MULTI-SOURCE STATISTICAL INTERVAL-BASED ANALYSIS OF NONLINEAR SYSTEMS WITH CONTROL-FLOW STRUCTURES Ph.D. THESIS Author: Enrique Sedano Algarabel Ingeniero en Inform´atica M´asteren Investigaci´onen Inform´atica Advisors: Juan Antonio L´opez Mart´ın Profesor Contratado Doctor del Dpto. de Ingenier´ıaElectr´onica Universidad Polit´ecnicade Madrid Carlos Carreras Vaquer Profesor Titular del Dpto. de Ingenier´ıaElectr´onica Universidad Polit´ecnicade Madrid 2016 PH.D. THESIS: Automated word-length optimization framework for multi-source statistical interval-based analysis of non-linear systems with control-flow structures AUTHOR: Enrique Sedano Algarabel ADVISORS: Juan Antonio L´opez Mart´ın Carlos Carreras Vaquer El tribunal nombrado para juzgar la Tesis arriba indicada, compuesto por los siguien- tes doctores: PRESIDENTE: VOCALES: SECRETARIO: acuerdan otorgarle la calificaci´onde: Madrid, a 7 de marzo de 2016 El Secretario del Tribunal To my family and friends, especially to my three girls. They were magi because they had a tremendous knowledge, so much indeed that quantity had finally been transmuted into quality, and they had come into a different relationship with the world than ordinary people. They worked in an Institute that was dedicated above all to the problems of human happiness and the meaning of human life, and even among them, not one knew exactly what was happiness and what precisely was the meaning of life. -
Uptimes Mitgliederzeitschrift Der German Unix User Group
Uptimes Mitgliederzeitschrift der German Unix User Group Ghostscript-Kung-Foo mit inkcov RFC 2822: Spaß mit E-Mail-Adressen Bilder-Ernte vom GUUG-Empfang 2013-2 UPTIMES SOMMER 2013 INHALTSVERZEICHNIS Inhaltsverzeichnis Liebe Mitglieder, liebe Leser! von Wolfgang Stief, Vorsitzender des Vorstands 3 Vereinsleben von Anika Kehrer 5 In Gedenken an Ulrich Gräf von Volker A. Brandt 7 PDF-Kung-Foo mit Ghostscript von Kurt Pfeifle 10 Wenn der Mini-GAU kommt von Stefan Schumacher 17 Shellskripte mit Aha-Effekt von Jürgen Plate 22 Geschichtsstunde III von Jürgen Plate 24 #ffg2013 von Corina Pahrmann 31 Bildernachlese GUUG-Empfang 2013 von Anika Kehrer 34 Himmel hilf! eine Schmähschrift von Snoopy 38 Hilfreiches für alle Beteiligten 43 Über die GUUG 45 Impressum 46 GUUG-Mitgliedsantrag 47 UPTIMES –MITGLIEDERZEITSCHRIFT DER GERMAN UNIX USER GROUP E.V. Seite 2 UPTIMES SOMMER 2013 LIEBE MITGLIEDER, LIEBE LESER! Liebe Mitglieder, liebe Leser! Hi. Grußwort vom Vorstand Wo? Nach dem FFG ist eine Verschnaufpause und ein Ein lustiger Mensch. zufriedener Rückblick erlaubt. Als Lektüre für die Sommerferien viel Spaß mit der neuen redaktionellen Uptimes! von Wolfgang Stief, Vorsitzender des Vorstands Diese Uptimes ist nicht die erste in diesem Jahr: davon auch nichts weiter zu berichten gibt. Ein Die erste Ausgabe 2013-1 blieb den Proceedings paar Details findet Ihr in dem Artikel „Aus MV zum Frühjahrsfachgespräch (FFG) in Frankfurt und Vorstand“ trotzdem in dieser Ausgabe. vorbehalten, die schon geraume Zeit unter [1] zum Was wir uns nicht haben nehmen lassen: den Download bereit steht. Weil die Proceedings – traditionellen GUUG-Empfang anlässlich des Li- noch – etwas anders produziert werden als die an- nuxTags in der Alten Pumpe. -
Linux Security Review 2015
Linux Security Review 2015 www.av-comparatives.org AV-Comparatives Linux Security Review Language: English May 2015 Last revision: 26 th May 2015 www.av-comparatives.org -1- Linux Security Review 2015 www.av-comparatives.org Contents Introduction ....................................................................................................................... 3 Reviewed products ............................................................................................................... 4 Malware for Linux systems ..................................................................................................... 5 Linux security advice ............................................................................................................ 6 Items covered in the review .................................................................................................. 7 Avast File Server Security ...................................................................................................... 8 AVG Free Edition for Linux.................................................................................................... 11 Bitdefender Antivirus Scanner for Unices ................................................................................ 13 Clam Antivirus for Linux ....................................................................................................... 17 Comodo Antivirus for Linux .................................................................................................. 20 Dr.Web Anti-virus for