Sneaky New Linux Attack Discovered
Innovative back door looks like normal SSH traffic.
Security experts have announced the discovery of a Linux back door attack that they have pronounced "more sophisticated than we have seen in the past." This attack apparently breached a large hosting provider, providing access to usernames, passwords, email, financial records, and other personal information. Although some of this information was encrypted, investigators could not rule out the possible theft of encryption keys.
The attack was unique in its ability to conceal its own communication within SSH. According to the report, “… the back door did not open a network socket or attempt to connect to a command-and-control server. Rather, the back door code was injected into the SSH process to monitor network traffic and look for the following sequence: colon, exclamation mark, semi-colon, period (:!;.).”
The back door watches for this pattern and parses any traffic after the traffic is received. Hidden commands are encrypted using Blowfish and Base64 encoding.
According to the report, once the code is activated, the attacker can submit any command using the following syntax:
exec sh -c '[ATTACKER_COMMAND]'>/dev/null 2>/dev/null
The backdoor also supports several pre-configured commands and lets the attacker extract SSH connection data from the system.To detect the attack, search the traffic for presence of the initiation string (:!;.). The report at the Symantec site also describes a way to detect the attack through an SSHD process dump.
New release comes with better semantic search and improvements to Kontact.
Annual code quality report shows FOSS is more secure at all project size levels.
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.