Security Alerts & News
by Tymoteusz A. Góral

History
#1608 Linux kernel bugs: we add them in and then take years to get them out
Kees Cook is a Google techie and security researcher whose interests include the Linux Kernel Self Protection Project.

The idea of “self-protection” doesn’t mean giving up on trying to create secure code in the first place, of course.

It may sound like an irony, but I’m happy to accept that writing secure code requires that you simultaneously write code that is predicated on insecurity.
#1607 Oracle puts out 253 fixes and a request to please apply patches NOW!
Better go make a fresh pot of coffee and pull up a seat: Oracle’s put out a bonanza of a patch dump, offering 253 fixes for 76 products.

Of those, 15 are critical, with a Common Vulnerability Scoring System (CVSS) score of 9.0 or over. Some allow complete system compromise over HTTP.

In its short-form advisory, Oracle also passed on a “please will you fix these things immediately” message, saying that it’s seeing successful attacks on systems that customers didn’t get around to patching.
#1606 Your dynamic IP address is now protected personal data under EU law
Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites.

But the Court of Justice of the European Union (CJEU) also said in its judgment on Wednesday that one legitimate reason for a site operator to store them is "to protect itself against cyberattacks."

The case was referred to the CJEU by the German Federal Court of Justice, after an action brought by German Pirate Party politician Patrick Breyer. He asked the courts to grant an injunction to prevent websites that he consults, run by federal German bodies, from collecting and storing his dynamic IP addresses.
#1605 Russian hacker, wanted by FBI, is arrested in Prague, Czechs say
PRAGUE — A man identified as a Russian hacker suspected of pursuing targets in the United States has been arrested in the Czech Republic, the police announced Tuesday evening.

The suspect was captured in a raid at a hotel in central Prague on Oct. 5, about 12 hours after the authorities heard that he was in the country, where he drove around in a luxury car with his girlfriend, according to the police. The man did not resist arrest, but he had medical problems and was briefly hospitalized, the police said in a statement.

David Schön, a police spokesman, said on Wednesday that the arrest of the man, whose name has not been released, was not announced immediately “for tactical reasons.”
#1604 Flaw in Intel chips could make malware attacks more potent
Researchers have devised a technique that bypasses a key security protection built into just about every operating system. If left unfixed, this could make malware attacks much more potent.

ASLR, short for "address space layout randomization," is a defense against a class of widely used attacks that surreptitiously install malware by exploiting vulnerabilities in an operating system or application. By randomizing the locations in computer memory where software loads specific chunks of code, ASLR often limits the damage of such exploits to a simple computer crash, rather than a catastrophic system compromise. Now, academic researchers have identified a flaw in Intel chips that allows them to effectively bypass this protection. The result are exploits that are much more effective than they would otherwise be.
#1603 LinkedIn says hacking suspect is tied to breach that stole 117M passwords
An alleged Russian hacker arrested in the Czech Republic following an FBI-coordinated tip-off is suspected of taking part in a 2012 breach of LinkedIn that resulted in the theft of more than 117 million user passwords, representatives of the professional networking site said Wednesday.

"Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible," company officials said in a statement. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity."
#1602 Spreading the DDoS disease and selling the cure
Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.

The domain name where the Mirai source code was originally placed for download — santasbigcandycane[dot]cx — is registered at the same domain name registrar that was used to register the now-defunct DDoS-for-hire service vdos-s[dot]com.

Normally, this would not be remarkable, since most domain registrars have thousands or millions of domains in their stable. But in this case it is interesting mainly because the registrar used by both domains — a company called namecentral.com — has apparently been used to register just 38 domains since its inception by its current owner in 2012, according to a historic WHOIS records gathered by domaintools.com.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12