This week has been “a week of millions” for the Linux Foundation, with our announcement that over 1 million people have taken our free Introduction to Linux course. As part of the research for our recently published 2020 Linux Kernel History Report, the Kernel Project itself determined that it had surpassed one million code commits. Here is how we established the identity of this lucky Kernel Project contributor.
A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring – and stealing data on over 200 million users – has been sent down for more than seven years.
Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William Alsup, was surprisingly kind about the 32-year-old Russian. I think you’re a brilliant guy. Very smart, Alsup told him. I urge you to apply that brilliance to a lawful profession and do something good with your life other than hacking into computers.
In the closing section of last night’s unhinged presidential debate, moderator and Fox News anchor Chris Wallace raised a discussion about election integrity. What are you prepared to do to reassure the American people that the next president will be the legitimate winner of this election? he asked. In keeping with his prior statements and tweets, Donald Trump made clear that he will offer no reassurance of any kind. Instead, he launched into an extended assault on mail voting filled with nearly a dozen false claims.
As he has repeatedly in recent months, Trump mischaracterized, exaggerated, and lied about the risks of fraud in mail voting. And he doubled down on the idea that any delayed results caused by the extra time it takes to count mail ballots will inevitably signal a “rigged” election—an assertion that election officials and researchers strongly dispute, given that it can take time to process and count mail ballots accurately and fairly. That Trump did so in so bright a spotlight has election-watchers especially concerned.
Social networking giant Twitter said today that it removed around 130 Iranian Twitter accounts for attempting to disrupt the public conversation during last night’s first Presidential Debate for the US 2020 Presidential Election.
Twitter said it learned of the accounts following a tip from the US Federal Bureau of Investigations.
We identified these accounts quickly, removed them from Twitter, and shared full details with our peers, as standard, the social network said today.
They [the accounts] had very low engagement and did not make an impact on the public conversation, it added.
A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.
The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.
UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).
We have found that you could be leaking your Internet traffic when running Linux under WSL2 (Windows Subsystem for Linux 2).
Our investigation has shown that these leaks also occur on other VPN software, and even though we do not have a solution to present for now, we feel the need to address the problem. As you read this we are working on a solution to this problem.
Recently, we got a report that said there were leaks from Linux under WSL2. Our investigations concluded that traffic from the Linux guest bypasses all normal layers of WFP (the firewall on the Windows host) and goes directly out onto the network. As such, all the blocking the app does in the firewall is ignored.
Network traffic from the Linux guest always goes out the default route of the host machine without being inspected by the normal layers of WFP. This means that if there is a VPN tunnel up and running, the Linux guest’s traffic will be sent via the VPN with no leaks! However, if there is no active VPN tunnel, as is the case when the app is disconnected, connecting, reconnecting, or blocking (after an error occurred) then the Linux guest’s traffic will leak out on the regular network, even if “Always require VPN” is enabled.
How it leaks
WSL2 uses Hyper-V virtual networking and therein lies the problem. The Hyper-V Virtual Ethernet Adapter passes traffic to and from guests without letting the host’s firewall inspect the packets in the same way normal packets are inspected. The forwarded (NATed) packets are seen in the lower layers of WFP (OSI layer 2) as Ethernet frames only. This type of leak can happen to any guest running under Windows Sandbox or Docker as well if they are configured to use Hyper-V for networking.
Other VPN software
We have tested a few other VPN clients from competitors and found that all of them leak in the same way. Therefore, this is not a problem with Mullvad VPN specifically, but rather an industry-wide issue that no-one, or very few, have addressed yet. The way Microsoft has implemented virtual networking for Linux guests makes it very difficult to properly secure them.
Pastebin, the most popular website where users can share small snippets of text, has added two new features today that cyber-security researchers believe are going to be widely and wildly abused by malware operators.
Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password.
None of the two features are original, as they have been present on many paste sites for years.
However, they are new to Pastebin, which is, by far, today’s most popular pastes portal, being ranked in the Alexa Top 2,000 most popular sites on the internet.
Twitter said today it’s been working over the past months to bolster its internal security by requiring staff to go through additional security training, engaging in penetration tests, and by deploying hardware security keys to all employees.
The measures announced today are part of Twitter efforts to prevent a repeat of the July 2020 hack during the US presidential election later this fall.
In July this year, hackers phished Twitter staffers, gained access to its internal platform, and then tweeted a cryptocurrency scam via high-profile and verified accounts. Some of the defaced accounts belonged to political figures, including presidential candidate Joe Biden.
Twitter learned a hard lesson in July, but in a blog post today authored by Parag Agrawal, Twitter Chief Technical Officer, and Damien Kieran, Twitter Data Protection Officer, the company said it learned its lesson and has taken corrective actions.
July 15 was, at first, just another day for Parag Agrawal, the chief technology officer of Twitter. Everything seemed normal on the service: T-Pain’s fans were defending him in a spat with Travis Scott; people were upset that the London Underground had removed artwork by Banksy. Agrawal set up in his home office in the Bay Area, in a room that he shares with his young son. He started to hammer away at his regular tasks—integrating deep learning into Twitter’s core algorithms, keeping everything running, and countering the constant streams of mis-, dis-, and malinformation on the platform.
But by mid-morning on the West Coast, distress signals were starting to filter through the organization. Someone was trying to phish employee credentials, and they were good at it. They were calling up consumer service and tech support personnel, instructing them to reset their passwords. Many employees passed the messages onto the security team and went back to business. But a few gullible ones—maybe four, maybe six, maybe eight—were more accommodating. They went to a dummy site controlled by the hackers and entered their credentials in a way that served up their usernames and passwords as well as multifactor authentication codes.
Shortly thereafter, several Twitter accounts with short handles—@drug, @xx, @vampire, and more—became compromised. So-called OG user names are valued among certain hacker communities the way that impressionist artwork is valued on the Upper East Side. Twitter knows this and views them internally as high priority. Still, the problem didn’t filter up to Agrawal just yet. Twitter has a dedicated Detection and Response Team that triages security incidents. DART had detected suspicious activity, but the needed response was limited. When you run a sprawling social network, with hundreds of millions of users, ranging from obscure bots to the leader of the free world, this kind of thing happens all the time. You don’t need to constantly harangue the CTO.
But then, at 3:13 pm ET, the cryptocurrency exchange Binance sent an unlikely tweet announcing that it was “giving back” around $52 million of bitcoin to the community with a link to a fraudulent website. Over the next hour, 11 cryptocurrency accounts followed suit. And then, at 4:17 pm ET, @elonmusk tweeted a classic bitcoin scam to his nearly 40 million followers. A few minutes later, @billgates did the same.
Aren’t SMSes dead? Aren’t they just plain old text anyway? Surely they’re of no interest to cybercriminals any more?
Well, SMSes aren’t dead at all – they’re still widely used because of their simplicity and convenience.
Indeed, as a general-purpose short message service – which is literally what the letters SMS stand for – it’s hard to beat, because any phone can receive text messages, from the fanciest smartphone to the cheapest pre-paid mobile.
If all you need to transmit is a 6-digit logon code or a “pizza driver now 2 minutes away” notification, SMSes still make excellent business sense.
Sadly, however, what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing – an attack that’s wryly known as smishing.