Displaying items by tag: Linux

Linux, often thought of as a more secure alternative to Microsoft, has not had an easy year. We have seen vulnerabilities that affect the iSCSI subsystem, the Extended Berkeley Packet Filter, the Polkit pkexec component bug and now two Kernel bugs. The latest one, dubbed “dirty pipe” It is a method that could allow a “local” user to overwrite read-only files including SUID flies.

Linux has always had something of a mystique about it. Regardless of the distro (flavor) of Linux there simply certain misconception around Linux that are both entertaining and concerning. One of my all-time favorites was/is that it is a “hacker” OS. This fun little misunderstand was so bad at one point that it was part of a parent’s guide on how to tell if your child is a hacker. Nothing says out of touch like labelling an entire OS line as a “hacker” OS. The other side of the coin is the belief that it is secure out of the box. In simple terms, no OS is secure out of the box, all of them have vulnerabilities including serious ones that allow for complete compromise.

The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for the most part, it has left many open to exploit due to improper configurations and a lack of proper security tools to protect their environments.

A newly released CVE (common vulnerabilities and exposures) CVE-2021-4034 for Linux has identified a vulnerability in PolKit’s (formerly PolicyKit) pkexe that exists in very major release of Linux. The vulnerability known as PwnKit can be exploited to gain full root on a target system. The flaw, according to researchers has also been present for more than 12 years.

WikiLeaks is at it again with their "Vault 7" releases. This time part of the dump features a nice little took kit for continued exploitation of some Linux systems. The tool kit is called OutlawCountry and is, to be perfectly honest, not much more than a remote management, monitoring and exfiltration tool. It is intended to run in the background on a system after a vulnerability has been exploited to allow the payload to be pushed. It looks very similar to a tool that the NSA used for years and has now become the commercial product Kaseya.

The team behind the popular miniature platform Raspberry Pi boasted on its Website with a new product. It is a new version of the Raspberry Pi , which aims to make the whole system more transparent and easier, it is called the Raspberry Pi Compute Module. It is essentially a motherboard with a dimensions 67,6x30 millimeters at which they managed to compress the basic hardware to which users are accustomed with the old Raspberry, but without ports for peripherals.

When Microsoft announced Windows 8 there were many consumers and people in the industry that raise their eyebrows. Here was an OS designed to integrate with Microsoft cloud services and gaming products. It seemed like a bad move for Microsoft as it put them in competition with many companies that developed games and software for the PC. Still some held out that even though Windows 8 would be more integrated into the Microsoft Eco system than ever it would not mean they could not use whatever software or application they wanted. Microsoft even seemed to confirm this in a few of their building Windows 8 blog posts.

Plan of Canonical, which is behind the popular Linux distribution Ubuntu, to provide customers with multiplatform applications, based on the principle that they code it once, and the application can then smoothly run on the desktop and mobile devices has been temporarily postponed.

Microsoft's Marc Whitten is not worried by recent arrival of Steam Machines on the market, primarily because he believes that it is not a classic home console, which is why they will not pose a direct competition.

Calxeda, one of the first companies that introduced ARM chips for servers, is closing its doors and starts the sale of its intellectual property.