Security Alerts & News
by Tymoteusz A. Góral

History
#1707 Major Linux security hole gapes open
The security hole this time is with how Debian and Ubuntu, and almost certainly other Linux distributions, implement Linux Unified Key Setup-on-disk-format (LUKS). LUKS is the standard mechanism for implementing Linux hard disk encryption. LUKS is often put into action with Cryptsetup. It's in Cryptsetup default configuration file that the problem lies and it's a nasty one.

As described in the security report, CVE-2016-4484, the hole allows attackers "to obtain a root initramfs [initial RAM file system] shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify, or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protected (password in BIOS and GRUB) and we only have a keyboard or/and a mouse."
Read more
#1711 Chinese company installed secret backdoor on hundreds of thousands of phones
#1710 VMware patches VM escape vulnerability
#1709 Privacy experts fear Donald Trump running global surveillance network
#1708 Microsoft: Windows 7 is way more exposed to ransomware than Windows 10
#1707 Major Linux security hole gapes open
#1706 Kaspersky Lab Black Friday Threat Overview 2016
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12