NEWS
Dangerous New Attack Could Compromise One Third of All HTTPS Servers
A team of security researchers has uncovered a high-severity new attack that could make up to one third of all HTTPS web traffic vulnerable to compromise. The so-called DROWN attack (CVE-2016-0800) is a cross-protocol attack that exploits flaws in the SSLv2 protocol.
The attacker must passively observe around 1,000 TLS handshakes and initiate roughly 40,000 probe connections, performing computations offline to complete the attack. Running the computations on Amazon EC2 costs around $440.
The report indicates that 25% of the top one million domains, and 33% of all HTTPS sites, are vulnerable to the DROWN attack. The attack is focused on server systems, which typically manage the HTTPS process. The researchers add, "There is nothing practical that browsers or end-users can do on their own to protect against this attack."
The team that discovered DROWN has gone to considerable trouble to make information available to users. A website that went live at the moment of public disclosure includes a testing tool to check whether your systems are vulnerable.
Users are encouraged to disable SSLv2 "… in all SSL/TLS servers if you haven't done so already." Disabling SSLv2 ciphers without disabling the protocol is not sufficient, unless you have updated your systems with the patches for an earlier SSL problem (CVE 2015-3197), because an attack could force SSLv2 if it is present on the system.
The team also cautions not to share private keys among servers. According to the DROWN website, "Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server."
See the technical paper for additional information on the DROWN attack.
More Online
Linux Magazine
Off the Beat * Bruce Byfield
Compensating with Neon
A basic tenet of organizational theory is that, whenever the formal structures are inadequate, other structures emerge to compensate. And that, in a sentence, may explain why KDE Neon has emerged.
Why I Chose a Creative Commons License
I recently published a book called Designing with LibreOffice. The experience can be surreal, and some other time, I'll blog about incidents like my photo shoot, which was continually interrupted by a two-by-two line of 10-year-olds coming and going, or trying to plan a book launch menu that included vegetarian options and satisfied two different sets of allergies.
David Graham Provides Glimpse into FOSS in Canada's Government
Ordinarily, free and open source software receives little attention in the government of Canada. A rare exception occurred on Thursday, March 10 when David Graham, the Liberal Member of Parliament for Laurentides--Labelle (Québec) began asking questions before the Standing Committee On Government Operations and Estimates (Shared Services).
Productivity Sauce * Dmitri Popov
Use Node-RED to Get Twitter Mention Alerts
I don't use Twitter a lot, which explains why I often miss mentions from other users. But checking for mentions manually is as practical as playing tennis with a broom stick. Node-RED to the rescue!
Quick-and-Dirty Geotagging with a Bash Script
When you need to quickly geotag a bunch of photos with an approximate location (e.g., city and country), a simple Bash shell script can help you to do it much faster than a heavy-weight application like digiKam.
Open Note Scanner: Instant Note Digitizing on Android
There is no lack of apps of varying degrees of sophistication and quality that can transform your Android device into a handy note digitizing tool. And, if you prefer to keep things simple and open source, Open Note Scanner is what you need.
ADMIN HPC
http://hpc.admin-magazine.com/
Finding and Recording Memory Errors * Jeff Layton
A recent article in IEEE Spectrum by Al Geist, titled "How To Kill A Supercomputer: Dirty Power, Cosmic Rays, and Bad Solder," reviewed some of the major ways a supercomputer can be killed. The first subject the author discussed was how cosmic rays can cause memory errors, both correctable and uncorrectable.
ADMIN Online
http://www.admin-magazine.com/
Linux Storage Stack Stacking Up * Werner Fischer and Georg Schönberger
Abstraction layers are the alpha and omega in the design of complex architectures. The Linux Storage Stack is an excellent example of well-coordinated layers. Access to storage media is abstracted through a unified interface, without sacrificing functionality.
Network virtualization with OpenDaylight * Sandro Lucifora
OpenDaylight provides a flexible solution for setting up a software-defined networking environment. We show you how to get started.
Monitoring Containers * Sebastian Meyer
A monitoring system helps avoid unpleasant surprises during operations, but admins need to modify existing solutions to fit a containerized world.
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.