Surprise! Microsoft announces SQL Server on Linux

Microsoft has surprised the industry by announcing plans to bring SQL Server to Linux, a move that would accelerate the overall adoption of SQL Server.

“We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017,” wrote Scott Guthrie, Executive Vice President, Cloud and Enterprise Group, Microsoft, in a blog.

Guthrie notes that SQL Server on Linux will provide customers with even more flexibility in their data solution.

“This is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customers,” said Al Gillen, group vice president, enterprise infrastructure, at IDC. “By taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

“We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux,” said Paul Cormier, President, Products and Technologies, Red Hat.  “As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.”

“We are delighted to be working with Microsoft as it brings SQL Server to Linux,” said Mark Shuttleworth, founder of Canonical. “Customers are already taking advantage of Azure Data Lake services on Ubuntu, and now developers will be able to build modern applications that utilize SQL Server’s enterprise capabilities.”

The private preview of SQL Server on Linux is available already.

SQL Server 2016
Meanwhile, CEO Satya Nadella and other senior Microsoft leaders recently showcased Microsoft SQL Server 2016, the next release of the company’s flagship business analytics and data management platform, which will be generally available later this year.

Microsoft says SQL Server 2016 supports hybrid transactional/analytical processing, advanced analytics and machine learning, mobile BI, data integration, always encrypted query processing capabilities and in-memory transactions with persistence.

The new release’s security encryption capabilities enable data to always be encrypted at rest, in motion and in-memory to deliver maximum security protection.  In-memory database support for every workload with performance increases up to 30-100x.

SQL Server 2016 also offers business intelligence for every employee on every device – including new mobile BI support for iOS, Android and Windows Phone devices.

Advanced analytics using Microsoft’s new R support enables customers to do real-time predictive analytics on both operational and analytic data.

Microsoft also says that the SQL Server 2016 is available on Linux in private preview, making SQL Server 2016 more accessible to a broader set of users

Easy Migration
Microsoft also announced a new program to help more businesses move to SQL Server 2016. Businesses currently running applications or workloads on non-Microsoft paid commercial RDBMS platforms will be able to offset the costs of licensing, migration planning and training when moving to SQL Server 2016.  They will also be able to migrate their applications to SQL Server without having to purchase SQL Server licenses.

Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!
Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.

Here's why:
Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016.

Who are affected?
As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition.

The situation happened last night, so the issue only impacts people who downloaded the above-mentioned version of Linux Mint on February 20th.

However, if you have downloaded the Cinnamon edition or release before Saturday 20th, February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

What had Happened?
Hackers believed to have accessed the underlying server via the team's WordPress blog and then got shell access to www-data.

From there, the hackers manipulated the Linux Mint download page and pointed it to a malicious FTP (File Transfer Protocol) server hosted in Bulgaria (IP: 5.104.175.212), the investigative team discovered.

The infected Linux ISO images installed the complete OS with the Internet Relay Chat (IRC) backdoor Tsunami, giving the attackers access to the system via IRC servers.
Tsunami is a well-known Linux ELF trojan that is a simple IRC bot used for launching Distributed
Denial of Service (DDoS) attacks.

Hackers vs. Linux Mint SysAdmins
However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.

Knowing that it has failed to eliminate the exact point of entry of hackers, the Linux Mint team took the entire linuxmint.com domain offline to prevent the ISO images from spreading to its users.

The Linux Mint official website is currently offline until the team investigates the issue entirely.
However, the hackers' motive behind the hack is not clear yet.

"What we don't know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," Lefebvre added.

Hackers Selling Linux Mint Website's Database
The hackers are selling the Linux Mint full website's database for a just $85, which shows a sign of their lack of knowledge.

The hack seems to be a work of some script kiddies or an inexperienced group as they opted to infect a top-shelf Linux distro with a silly IRC bot that is considered to be outdated in early 2010. Instead, they would have used more dangerous malware like Banking Trojans.
Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers' lack of experience.

Here's How to Protect your Linux Machine
Users with the ISO image can check its signature in an effort to make sure it is valid.
To check for an infected download, you can compare the MD5 signature with the official versions, included in Lefebvre's blog post.

If found infected, users are advised to follow these steps:

• Take the computer offline.
• Backup all your personal data.
• Reinstall the operating system (with a clean ISO) or format the partition.
• Change passwords for sensitive websites and emails.

You can read full detail about the hack here. The official website is not accessible at the time of writing. We’ll update the story when we hear more.

Node.js discloses two critical security vulnerabilities

Node.js is facing two security vulnerabilities, including a potentially major denial-of-service issue, with patches for the problems not available for a week. Releases of Node.js ranging from 0.12 to version 5 are vulnerable to one or both issues.

A bulletin issued today by the Node.js Foundation, which has jurisdiction over the popular server-side JavaScript platform, covers "a high-impact denial-of-service vulnerability" and a "low-impact V8 out-of-bounds access vulnerability." V8 is the Google-developed JavaScript engine leveraged by Node.js. Officially, the DoS issue is labeled as CVE (Common Vulnerabilities and Exposures) 2015-8027, while the access problem is identified as CVE-2015-6764.

 "We have two previously undisclosed vulnerabilities. One's not that a big deal [the out-of-bound access issue], one's a slightly bigger deal," said Mikeal Rogers, community manager for the foundation. "Both will be fixed on Wednesday (December 2)" via patches that will be available at Nodejs.org. Rogers said these vulnerabilities had not been exploited.

The bulletin describes the DoS vulnerability as widespread among Node versions. "A bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service. The severity of this issue is high, and users of the affected versions should plan to upgrade when a fix is made available."

The out-of-bounds vulnerability description is less dire. "An additional bug exists in Node.js, all versions of v4.x and v5.x, whereby an attacker may be able to trigger an out-of-bounds access and/or denial of service if user-supplied JavaScript can be executed by an application. The severity of this issue is considered medium for Node.js users, but only under circumstances where an attacker may cause user-supplied JavaScript to be executed within a Node.js application. Fixes will be shipped for the v4.x and v5.x release lines along with fixes for CVE-2015-8027." The 0.10x and 0.12x lines are not affected.

Despite the seriousness of the security issues, Node representatives stressed that users shouldn't be worried. The threat to the community is "minimal," Rogers said. "In fact, we already have fixes for both. It is a routine part of our security policy, which we take seriously, to inform our community of vulnerabilities, and then give them time to plan for an upgrade."

Rogers said Node.js security is under more scrutiny since the formation of the foundation, which is affiliated with the Linux Foundation. "We have much more formal and proper security policy now."

The longest continuous attack recorded by Kaspersky Lab lasted almost two weeks

The longest continuous attack recorded by Kaspersky Lab in the third quarter of 2015 lasted for 320 hours, or almost two weeks. This is one of the findings of the new quarterly DDoS report, based on constant monitoring of botnets and observing new techniques utilised by cybercriminals.

The Q3 report shows that DDoS attacks remain highly localised. 91.6% of victims’ resources are located in only 10 countries around the world, although we have recorded DDoS attacks targeting servers in 79 countries total. What is even more significant is that DDoS attacks are most likely to originate from the same countries.The longest continuous attack recorded by Kaspersky Lab in the third quarter of 2015 lasted for 320 hours, or almost two weeks. This is one of the findings of the new quarterly DDoS report, based on constant monitoring of botnets and observing new techniques utilised by cybercriminals.

The Q3 report shows that DDoS attacks remain highly localised. 91.6% of victims’ resources are located in only 10 countries around the world, although we have recorded DDoS attacks targeting servers in 79 countries total. What is even more significant is that DDoS attacks are most likely to originate from the same countries.

China, the United States of America and South Korea occupied top positions in both ratings of the most frequent attack sources and targets. Although other cybercrime syndicates, focusing on things like credit card theft, may operate far from their country of residence, this is not the case for DDoS.

More than 90% of attacks lasted less than 24 hours but the number of attacks lasting over 150 hours grows significantly. The highest number of attacks on the same victim was 22, on a server located in The Netherlands.

The report also showed that Linux-based botnets are significant, accounting for up to 45.6% of all attacks recorded by Kaspersky Lab. Main reasons include poor protection and higher bandwidth capacity.

“Based on our observations and direct measurements, we cannot pinpoint one exact direction in which the underground business of DDoS attacks is moving," commented Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

"Instead, the threat appears to be growing everywhere. We have recorded highly complex attacks on banks, demanding a ransom, but have also observed new, low-cost methods designed to put a company’s operations down for a significant amount of time. Attacks are growing in volume with most of them aiming to attack, disrupt and disappear, but the number of lengthy attacks, capable of bankrupting a large, unprotected business is also on the rise. These significant developments make it imperative for companies to take measures to prevent the very real threat and increased risk posed by DDoS attacks.”

The study also found that cybercriminals go on vacation too, just like regular people, with August the quietest month of the quarter for attacks. Meanwhile, banks are frequent targets of complex attacks and ransom demands.

China, the United States of America and South Korea occupied top positions in both ratings of the most frequent attack sources and targets. Although other cybercrime syndicates, focusing on things like credit card theft, may operate far from their country of residence, this is not the case for DDoS.

More than 90% of attacks lasted less than 24 hours but the number of attacks lasting over 150 hours grows significantly. The highest number of attacks on the same victim was 22, on a server located in The Netherlands.

The report also showed that Linux-based botnets are significant, accounting for up to 45.6% of all attacks recorded by Kaspersky Lab. Main reasons include poor protection and higher bandwidth capacity.

“Based on our observations and direct measurements, we cannot pinpoint one exact direction in which the underground business of DDoS attacks is moving," commented Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

"Instead, the threat appears to be growing everywhere. We have recorded highly complex attacks on banks, demanding a ransom, but have also observed new, low-cost methods designed to put a company’s operations down for a significant amount of time. Attacks are growing in volume with most of them aiming to attack, disrupt and disappear, but the number of lengthy attacks, capable of bankrupting a large, unprotected business is also on the rise. These significant developments make it imperative for companies to take measures to prevent the very real threat and increased risk posed by DDoS attacks.”

The study also found that cybercriminals go on vacation too, just like regular people, with August the quietest month of the quarter for attacks. Meanwhile, banks are frequent targets of complex attacks and ransom demands.

Highly critical “Ghost” allowing code execution affects most Linux systems

An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed "Ghost" by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What's more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.

The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.

“A lot of collateral damage on the Internet”

The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals.

Besides Exim, other Linux components or apps that are potentially vulnerable to Ghost include MySQL servers, Secure Shell servers, form submission apps, and other types of mail servers.

It was reported that Qualys researchers enumerated apps they believed were not vulnerable. The list included Apache, Cups, Dovecot, GnuPG, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, and xinetd.

"If [researchers] were able to remotely exploit a pretty modern version of Exim with full exploit mitigations, that's pretty severe," said Jon Oberheide, a Linux security expert and the CTO of two-factor authentication service Duo Security. "There could be a lot of collateral damage on the Internet if this exploit gets published publicly, which it looks like they plan to do, and if other people start to write exploits for other targets."

The bug affects virtually all Linux-based software that performs domain name resolution. As result, it most likely can be exploited not only against servers but also client applications. Word of the vulnerability appears to have caught developers of the Ubuntu, Debian, and Red Hat distributions of Linux off guard. At the time this post was being prepared they appeared to be aware of the bug but had not yet distributed a ready-made fix. People who administer Linux systems should closely monitor official channels for information about how specific distributions are affected and whether a patch is available. Admins should also prepare for the inevitable reboots that will be required after installing the patch.

Update: Red Hat Enterprise Linux 5, has an update here, and readers are reporting a fix is also available for Ubuntu 12.04.

In the meantime, readers can find more technical details about Ghost in the previously mentioned Qualys blog post, as well as here and here.

.

Hackers target third new zero-day for Adobe Flash

Security researchers have advised users of Adobe's Flash Player to disable the software temporarily, as yet another remotely exploitable vulnerability is being actively attacked by would-be hackers.

The bug has the potential to allow attackers to take full control of users' computers without their interaction.

Recently-released Flash Player versions 16.0.0.296 for Microsoft Windows and Apple OS X are vulnerable to the CVE-2015-0313 vulnerability, which Adobe rates as critical. Versions 13.0.0.264 and earlier are also vulnerable, along with Flash Player 11.2.202.440 and earlier for Linux.

Security vendor Trend Micro is credited with discovering the new zero-day vulnerability alongside two Microsoft researchers.

The company said CVE-2015-0313 is being actively exploited in drive-by attacks delivered via malicious advertisements, believed to have been executed through the Angler Exploit Kit.

"Malvertisements" on popular websites redirect visitors to a series of other sites, finally landing at a Russian-registered domain that attempts to deliver the payload that executes the exploit.

Trend Micro said it has already counted over 3000 hits related to CVE-2015-0313, suggesting the vulnerability is being widely used by attackers.

Neither the security vendor nor Adobe have yet published a full analysis of the new zero-day, which is the third to strike the popular Flash Player software in a month.

HOWTO Brute Force Android Encryption on Santoku Linux

This HOWTO will guide you through the process of cracking the pin used to encrypt an Android device (Ice Cream Sandwich and Jelly Bean) using brute force on Santoku Linux Community edition.

Linux source code repository compromised

The Kernel.org website - home to the Linux project and the primary repository for the Linux kernel source code - sports a warning notifying its users of a security breach that resulted in the compromise of several servers in its infrastructure.

The discovery was made on August 28th, but according to the current results of the investigation mounted by the site's team, the break-in seems to date back to August 12 or even earlier.

The attackers are thought to have gained root access on a server via a compromised user credential, and to have escalated their privileges from there. How did they managed to do that, it is still unknown.

After having done that, they proceeded to modify files belonging to ssh (openssh, openssh-server and openssh-clients) and add a Trojan to the system start up scripts so that it would run every time the machine was rebooted.

Luckily for everyone, the Linux kernel source code is unlikely to have been tampered with.

"That's because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds," it is explained. "For each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed."

"Those files and the corresponding hashes exist not just on the kernel.org machine and its mirrors, but on the hard drives of each several thousand kernel developers, distribution maintainers, and other users of kernel.org. Any tampering with any file in the kernel.org repository would immediately be noticed by each developer as they updated their personal repository, which most do daily."

The 448 users of the site have been notified of the breach and have been advised to change their login credentials and SSH keys.

According to the notice, US and Europe authorities have been notified about the breach and asked to help with the investigation. The administrators have, in the meantime, proceeded to take the servers offline and reinstall them, and to make a thorough analysis of the code within Git (the distributed revision control system) in order to make absolutely sure that nothing was modified.

USB autorun attacks against Linux

Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS - including the addition of features that can allow Autorun attacks.

This Shmoocon presentation by Jon Larimer from IBM X-Force starts off with a definition of autorun vulnerabilities and some examples from Windows, then jumps straight into the Linux side of things.

Larimer explains how attackers can abuse these features to gain access to a live system by using a USB flash drive. He also shows how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not.

The talk concludes with steps that Linux vendors and end-users can take to protect systems from this threat to head off a wave of Linux Autorun malware.

Researchers Uncover Holes In WebOS Smartphones

Linux-based platform prone to Web-injection vulnerabilities and targeted attacks for stealing data.

A pair of researchers has discovered multiple flaws in the WebOS smartphone platform, including one that could let an attacker build a mobile botnet or execute other remote attacks.

Orlando Barrera and Daniel Herrera of SecTheory plan to demonstrate their findings tomorrow at the Austin Hackers Association meeting in Texas. The most dangerous of the vulnerabilities is an injection flaw they found on the WebOS version 1.4.X that allows remote command and control, including access to a phone's files or injecting a remote JavaScript backdoor into the phone's Contacts Application to build a botnet.

Read more here.

Android Falls Short In Security Analysis

We've seen enough news about how Apple's iOS is vulnerable to attack. I think it's only fair that we talk about the shortcomings in its biggest competition, Android. According to a report by Coverity, the popular mobile operating system is home to hundreds of bugs in its kernel with a quarter of those bugs listed as 'high risk' that can be used to exploit user privacy.

Coverity Inc. is in the business of scanning software for potential security vulnerabilities. They recently scanned the open-source Android operating system and discovered 359 bugs. 88 of these are listed as high-risk which according to the report, "include four categories that we have found, through experience and consultation with our customers, to be ones that can cause the most damage and are most likely to be fixed first by developers. These include memory corruptions, illegal memory accesses (e.g., reading beyond the bounds of a memory buffer), resource leaks, and uninitialized variables. "

Let's look at how those bugs compare in the open source world. Coverity claims that the industry average 'defect density' is one defect per every 1,000 lines of code. Android has only half that number, which is impressive until you look at the areas those bugs were found. Most of the code in the operating system is a Linux kernel with custom additions added in, and in the Android specific code, the defect density is twice as high.

Fragmentation of accountability is listed as one of the main conclusions of the report. Coverity basically says that, just like the rest of open source software, with so many people contributing so many different elements to the project, it is almost impossible to keep track of who is in charge of fixing what. This is definitely a problem as open source becomes more and more popular.

The Coverity report can be found here.

Ubuntu 10.10 desktop, netbook and server editions released

Ubuntu 10.10, codenamed "Maverick Meerkat", is now available for download.

Ubuntu 10.10 introduces an array of online and offline applications to Ubuntu Desktop Edition with a particular focus on the personal cloud. Ubuntu Netbook Edition users will experience an all-new desktop interface called ‘Unity’ - specifically tuned for smaller screens and computing on the move.

Ubuntu One, the personal cloud service for Ubuntu users, includes new services and expanded features, significant performance enhancements and interoperability with other operating systems including Google’s Android, Apple’s iPhone and Microsoft Windows.

Already one of the most popular operating systems on Amazon EC2, Ubuntu 10.10 Server Edition gets kernel upgrades, more configuration options at boot time, and the ability to run the AMI (Amazon Machine Image) off-line on a KVM-virtualised machine. The latter feature means users can test and develop on local servers before pushing to the public cloud - true hybrid cloud computing.


Ubuntu 10.10 extends ‘CloudInit’, a configuration tool that allows users of Ubuntu on the cloud to set a default locale, set the hostname, generate and set up SSH private keys, and set up mount points. Users can also run custom commands and scripts on initial startup or on each reboot. The technology was recently adopted by Amazon itself.

Additionally in Ubuntu 10.10, Ubuntu Enterprise Cloud adds virtio support, a new interface for administrators, eased deployment for developers and the ability to run UEC from a USB stick. Eucalyptus 2.0, the latest version of the core cloud technology in UEC, has been included.

GlusterFS and Ceph have been integrated into the core product and the groundwork has been laid for many cloud-focused enterprise-scale applications to be introduced over the life cycle of Ubuntu 10.10 and the current LTS version (10.04) of Ubuntu Server

Remote Linux desktop for your iPad

Great news for Apple iPad users who want to administrate Linux machines remotely.

iLIVEx is a fast, secure and fault-tolerant X11 client that turns the Apple iPad into an X terminal for Linux and Unix. It allows iPad users to connect to Unix and Linux desktops and applications hosted on remote Unix and Linux servers.

iLIVEx features an ultra-thin data transfer protocol allowing for LAN-like performance, even over 3G connections. Its connections also run over securely encrypted SSH tunnels. Built-in session persistency allows users to reconnect to their remote desktops should the iPad get disconnected, turned off or the user temporarily switches to another iPad app.

iLIVEx is also designed to provide non-Linux users the ability to run a remote desktop. With their purchase of iLIVEx, StarNet provides a free Linux desktop account on a StarNet-hosted Linux server. On their remote desktop users gain a number of capabilities not currently available on iPads. These include:

Viewing Flash – By way of Firefox on their remote Linux desktop, iLIVEx enables iPad users to work with flash-based web sites and applications.

True multi-tasking – iLIVEx users can work on multiple office applications (wordprocessor, email, spreadsheet, etc.) simultaneously, even copy and paste data between them.

Persistency – Users can reconnect to their remote Linux/Unix desktop at any time, even after the iPad has disconnected from the network. No work is lost due to a disconnect.

Desktop switching – Users can seamlessly switch their remote desktops between iPads, Windows, Linux and Macintosh PCs.

Collection of security checks for Linux

Linux seems to be catching up with what seems to be a Microsoft's MBSA** equivalent tool.

Buck Security is a collection of security checks for Linux. It was designed for Debian and Ubuntu servers, but can be useful for any Linux system.

The aim of Buck Security is, to allow you to get a quick overview of the security status of your system. As a Linux system administrator - but also as a normal Linux user - you often wonder if your system is secure. In this situation it is useful to get an overview of the security status of the system immediately. Buck Security was designed exactly for this. It runs important tests and returns the results to you after a couple of minutes.

By now the following tests are implemented:

• Searching for worldwriteable files
• Searching for worldwriteable directories
• Searching for programs where the setuid is set
• Searching for programs where the setgid is set
• Checking your umask
• Checking if the sticky-bit is set for /tmp
• Searching for superusers
• Searching for installed attack tools packages.

Download a copy here and try it out.

===============================================================

** Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

If you're a MS Windows user, you can download a free copy of this tool and run a check your system.

New Attack Sneaks Rootkits Into Linux Kernel

Kernel rootkits are tough enough to detect, but now a researcher has demonstrated an even sneakier method of hacking Linux.

The attack attacks exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.

"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says.

Linux system administrators typically aren't aware of the potential dangers of leaving /dev/mem exposed. Lineberry says his goal is to educate them on this potential security hole.

And there's now a way to defend against such an attack, too: the Linux development community recently issued a patch to locks down /dev/mem, limiting read and write access from the outside, he says.

Read more.

AVG Rescue CD: Free toolset for repair of infected machines

The AVG Rescue CD is essentially a portable version of AVG Anti-Virus supplied through Linux distribution. It can be used in the form of a bootable CD or bootable USB flash drive to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection.

In short, the AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again.

Apart from the usual AVG functions (malware detection and removal, updates from internet or external device, etc.), the AVG Rescue CD also contains the following set of administration tools:

• Midnight Commander - a two-panel file manager
• Windows Registry Editor– simple registry editor for more experienced users
• TestDisk - powerful hard drive recovery tool
• Ping - to test the availability of network resources (servers, domains, IP addresses)
• Common Linux programs and services– vi text editor, OpenSSH daemon, ntfsprogs etc.

The AVG Rescue CD is a free-to-use product that anyone can download. This also covers any new program versions and virus database updates. If you have any other paid AVG license, you are also entitled to receive our full technical support.

Linux Rescue CD

The System Rescue CD site provides an extensive set of tools to aid Linux users or corporate Linux administrators in recovery efforts if the O/S environment becomes damaged. It includes an excellent set of documentation and user forums to submit questions.

Linux Rescue CD
http://www.sysresccd.org/Main_Page

QUOTE: SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It comes with a lot of linux software such as system tools (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It requires no installation since you just have to boot on the CD-ROM.

EXTENSIVE DOCUMENTATION
http://www.sysresccd.org/Online-Manual-EN

USER SUPPORT FORUMS
http://www.sysresccd.org/forums/

F-Secure Linux Rescue CD - New Version 3.11

The utilities on this CD might be useful in troubleshooting issues:

F-Secure Linux Rescue CD - New Version 3.11
http://www.f-secure.com/linux-weblog/2009/09/22/rescue-cd-311/
http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-3.11.23804-release-notes.txt

QUOTE: The new utilities on the CD are:

* PhotoRec is a tool that can be used to recover data that has been accidentally deleted or lost due to a corrupted file system on a disk.

* TestDisk is another data recovery tool that can be used to recover a lost partition, for example.

* Smartmontools contain utilities that can be used to inspect S.M.A.R.T. values of hard disks. By analyzing these numbers you may get a hint if your hard disk is starting to show signs of breaking down.