NEWS

Hacks Abound

2018 is ending with some major hacks. Marriott International, one of the world's biggest hotel chains, announced that hackers compromised the reservation database of Starwood hotels. Hackers managed to steal personal details of about 500 million guests. According to The Hacker News, "The breach of Starwood properties has been happening since 2014 after an unauthorized party managed to gain unauthorized access to the Starwood's guest reservation database and had copied and encrypted the information" (https://thehackernews.com/2018/11/marriott-starwood-data-breach.html).

The second victim of another major hack is Quora, a user-driven question and answers site. According to reports, hackers gained access to sensitive information of over 100 million users (https://thehackernews.com/2018/12/quora-hack.html). The Hacker News wrote that the stolen data includes sensitive account information, such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter.

The third major hack was on Dell. The company said that it detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses, and hashed passwords. "Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure. These measures include the hashing of our customers' passwords and a mandatory Dell.com password reset. Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services," Dell said in a blog post (https://www.dell.com/learn/us/en/uscorp1/press-releases/2018-11-28-customer-update).

Even though Dell was not certain if any data was stolen, the company pushed password reset for all users as a precaution.

Kubernetes Vulnerability Found and Fixed

A critical vulnerability was discovered in the Kubernetes container orchestrator (https://github.com/kubernetes/kubernetes/issues/71411). The vulnerability (CVE-2018-1002105) allows non-privileged users to access Kubernetes clusters and associated data that they otherwise would not be able to access.

Bad actors can exploit the flaw in two ways – the first involves abusing pod exec privileges granted to a normal user, and the second involves attacking the API extensions feature, which provides the service catalog and access to additional features in Kubernetes 1.6 and later.

The flaw is already fixed and major Kubernetes vendors have already released patches. For instance, Red Hat has announced that OpenShift Container Platform 3.x and later are affected, as well as Red Hat OpenShift Online and Red Hat OpenShift Dedicated. The company suggests that users must immediately apply patches to their OpenShift deployments.

Microsoft Azure has announced that they have also fixed the vulnerability. The company said, "Azure Kubernetes Service has patched all affected clusters by overriding the default Kubernetes configuration to remove unauthenticated access to the entrypoints that exposed the vulnerability,"

The entrypoints are everything under https://myapiserver/apis/. If you were relying on this unauthenticated access to these endpoints from outside the cluster, you will need to switch to an authenticated path.

This is the first major vulnerability discovered in Kubernetes.

Dolphin Announces New Switch for Composable Architectures

Dolphin Interconnect Solutions has announced a new 24-port switch for I/O expansion and PCIe fabric. The MXS824 offers an innovative approach to composable architecture, a recent trend that combines the benefits of software-defined infrastructure with hardware-based device sharing and provisioning.

According to the announcement, "Dolphin's unique approach to building composable architectures is called device lending. Device lending allows access to devices installed in servers, as well as in expansion boxes or JBoFs. This creates a pool of transparent I/O resources that can then be shared among computers without any application-specific distribution mechanisms or requiring any modifications to drivers. Just as importantly, the resources can easily be reallocated whenever required, allowing for extremely flexible and ever-changing distributions of resources."

The MXS824 is designed to work with Dolphin's PCIe fabric to connect multiple servers with devices such as NVMe drives, GPUs, processors, and FPGAs in a way that allows on-the-fly software-defined configuration.

The 24-port Microsemi PFX-based 1U cluster switch delivers 32GT/s of non-blocking bandwidth per port at ultra-low latency. The switch supports various configurations, where up to four ports can be combined into a single x16 /128 GT/s port for higher bandwidth. Ports can be configured as 24x4 ports, 12x8 ports, 6x16 ports, and various configurations of each. Multiple switches can be connected to create larger port counts.

More Online

Linux Magazine

http://www.linux-magazine.com

Linux Administration Focus

http://www.linux-magazine.com/tags/view/administration

Git Started with Git * Roman JordanThe Git version control system is a powerful tool for managing large and small software development projects. We'll show you how to get started.

Remote Git Repositories * Roman Jordan

Software projects often comprise several code branches, some of which exist in parallel. Git supports community code development through remote repositories and code branching.

ADMIN HPC

http://www.admin-magazine.com/HPC/

Parallelizing Code – Loops * Jeff Layton

OpenACC is a great tool for parallelizing applications for a variety of processors. In this article, I look at one of the most powerful directives, loop.

ADMIN Online

http://www.admin-magazine.com/

Exploring SQL Server on LinuxDavid Barbarin

SQL Server runs on Linux now. We'll show you how Microsoft developers made their massive database system Linux ready, and we'll help you get started with setting up SQL Server on your own Linux system.

Sharing threat information with MISPMatthias Wübbeling

The Malware Information Sharing Platform lets you record and document security incidents – and share the information with users on other networks.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • News

    Dell kickstarts 2018 with a brand new Linux laptop, Linus Torvalds rips Intel for meltdown and Spectre flaws, LibreOffice-based CODE 3.0 released, Google announces Kubeflow to bring Kubernetes to machine learning, and a critical flaw in phpMyAdmin. 

  • News

    Fedora Project announces Fedora 30; the Apache Software Foundation completes migration to GitHub; Canonical combines its services in a single package; Black Hole Image has an open source connection; Ubuntu 19.04 released; Linux Mint founder calls for better developer support; and VMware patches critical vulnerabilities.

  • News

    In the news: Dell to Enable Privacy Controls for Linux Hardware; Linux Mint Unveils New Packages; Pop!_OS 20.10 Now Supports DEB822 Format; Ubuntu 20.10 with Raspberry Pi Support; SaltStack Acquisition Brings More Automation to VMware; and New Storage Model Could Replace POSIX.

  • Interview – {code} Project’s Josh Bernstein

    Dell’s expansive {code} project is a cornerstone of the company’s open source strategy. Dell Technologies VP Josh Bernstein talks about {code} and the value of open source.

  • News

    This month in the news: KubeCon concludes in Austin, Texas, Dell to disable Intel’s insecure IME, Linus Torvalds’ advice to security experts, GPLv3 comes to the rescue of GPL violators, and Linux Kernel 4.14 released. 

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News