3-2-1...
And fixed.
Sod Off HaxxOrs- because backups.
Linux sysadmins are being specifically targeted by hackers demanding one Bitcoin to gain access to their own data. Usually, it's Windows systems that get hit by ransomware, but a new strain targets Linux systems to extort cash. "Judging from the directories in which the Trojan encrypts files, one can draw a conclusion that …
> Usually, it's Windows systems that get hit by ransomware, but a new strain targets Linux systems to extort cash.
But of course, unlike home Windows users, all Linux sysadmins will keep regularly scheduled backups of their server's data and so won't be affected. Right? Right?? :)
DIY Magento tends to be unmaintained VPS with cargo cult configurations and unpatched Magento 1.3/1.4 codebase. About right.
Afterall, it's Linux, it's gotta be safe (true comment)
Virus on AWS? I can't believe it! Even with so much care and I'm attacked, I'm changing hosting (true comment)
via CMS Magento as per the article.
You can pay with monopoly money and red houses as the green ones suck ass or you could search the internet about bitcoin software then transfer the money to your bitcoin account then to the nefarious criminals.
However I would strongly recommending not becoming a mark and doing what we all do and that is to keep your systems up to date, be that apt/dpkg/pkg_add/zypper/yum/Windows 10 update.
<backqoute>be that apt/dpkg/pkg_add/zypper/yum/Windows 10 update</backqoute>
That sounds like an even larger headache/virus vector/ privacy invasion then its worth. But, thanks for offering to keep our options open. Such a shame that my computing "future" does NOT include any more MicroSoft products though. But, I'll be sure to tell my Nan about it though....
NOT!
That sounds like an even larger headache/virus vector/ privacy invasion then its worth. But, thanks for offering to keep our options open. Such a shame that my computing "future" does NOT include any more MicroSoft products though. But, I'll be sure to tell my Nan about it though....
sob...sob... Microsoft invading a Linux thread.... </sarcasm>
Magento shoplift bug (it's embarrassing) Patch was out in February, Magento finally got around to breathless wittering that a patch was available in May, unpatched sites have been having admin user accounts direct injected ever since.
Current barn door is Zend SOAP XML API hole fails under UTF-8 (it's embarrassing)
Bitcoins are the most fiendishly complex way of paying for anything the world has ever witnessed. You may as well have 8 Ningis to one Pu, where a Pu is a triangular rubber coin 6800 miles across.
I don't understand why this currency has any value whatsoever: it seems to be mainly used for scamming.
This post has been deleted by its author
No, nothing "much protection against an attacker with root access!". You can, of course, prevent that, allowing root access only locally. Have I bothered about that, no, have all Linux users done that, probably not, who knows. And damn it, if you get root locally, why not take the who damned machine, or at least the drives with you. Although I know Linux is more secure than some other solutions I am still pissed off with people who think it's all about the OS. Give me a bank, any bank, if I speak the "language", I would claim I would need less time fooling people than fucking around with bits and bytes regardless of the OS or any security ever invented. Should we not also discuss more about the "human factor" among all other security risks. Damn it, better stop here.
Give me a bank, any bank, if I speak the "language", I would claim I would need less time fooling people than fucking around with bits and bytes regardless of the OS or any security ever invented.
What's the easiest way to get someone's password? You ask them for it. There's a reason social engineering is considered the most effective form of attack.
> SELinux isn't much protection against an attacker with root access!
That's presuming SELinux was in use at all. 17 **YEARS** after it was first introduced, there are *STILL* major packages that require you to entirely disable SELinux for them to run. And a large number of them are made by the "geniuses" at IBM.
"SELinux isn't much protection against an attacker with root access!"
Incorrect - this is exactly what SELinux (mandatory access control) protects against. It describes which programs can access which files, even when they are running as root. It also tracks "how you you got here", so it can enforce things like "user logged on with physically attached keyboard and ran sudo bash to become root and so can disable SELinux".
It's just that FreeBSD Jails (while neat and well implemented) are just horrible, almost too Horrible, to use!
The FreeBSD developers never bothered much with providing tools for all the good stuff in FreeBSD, In My Opiniun. The learning curve for FreeBSD jails is more like a brick wall.
PS:
SELinux does protect against 'root' access. The 'root' account can't just go off and do anything at all like it can with 'normal' Linux.
PSPS:
It seems odd that malware will cripple itself by requiring 'root' access. There are *plenty* of Money-Making opportunities just running as a normal user account - which is hardly secured from itself and from flash/java.stupidity at all since this is inconvenient and (to the sysop) it's *just* a user account not the sacred 'root'.
I started to wonder if it was possible to add a payload to a bitcoin
You can stop wondering. It isn't. You might just as well try to add a payload to a dollar being transfered via wire transfer for all the good it'd do you.
That said, bitcoin is very traceable, far less anonymous than cash. The fact that people think it's anonymous is proof that people don't really understand how it works. There are ways to anonymize it, but realistically I wouldn't trust any of them.
far prefer listening to everyone's chat so they can blackmail various politicians into increasing their budget/workforce under the guise of saving us from peadoterrorists instead of doing the job they'd be better at such as hunting down these crooks and giving them a good kicking/locking them away.
Since the local plods are thoroughly outgunned when it comes to people that eat this technology literally with their morning pizza. There are quite a few talented ones capable of the work but being understaffed already... it just goes by the wayside. They're used elsewhere.
Now the intelligence agencies are deeply reliant on the same technologies as the "hackers, crackers, ..." crowd and have nice depth of talent. Still nowhere as good as some of the better enterprises but not do to lack of funds. Black budgets mean black contracts if you can't do it in-house. And we saw where that turned around and bit them in the balls with the consultancy that Mr. Snowden worked at. Heck, even before he left direct employment by the government (Air Force?), he was getting schooled on penetrations and other offensive operations.
Do remember, that "Black Ops" doesn't have to be entirely cyber. It can include bringing a gun to a byte fight, not a unwieldy club which is about where most people operate.+
Police aren't going to go after them once they figure out the scammers are outside of their jurisdiction and without the ability to subpoena an online store for their shipping records the task becomes more difficult. It's still doable, but law enforcement isn't going to do it for you. A lot of us here could probably do it, but it would have to be some damned valuable data for it to be worth hunting someone down and pulling off fingernails for a key.
As far as I understand it you wouldn't be able to attach anything to the bitcoin transfer. However, if you could figure out how the decryption keys were passed from infected machines to the C&C servers run by the scumbags, I'd guess it might be possible to pass a little surprise to them that way.
Am I right in thinking this is for PHP-FPM only?
http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
'I. VULNERABILITY
-------------------------
Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
Zend Framework <= 1.12.13
...
- PHP FPM
http://php.net/manual/en/install.fpm.php
"FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with
some additional features (mostly) useful for heavy-loaded sites."
Starting from release 5.3.3 in early 2010, PHP merged the php-fpm fastCGI
process manager into its codebase. However PHP-FPM was available earlier as a
separate project (http://php-fpm.org/).'
So does this mean that standard Apache/PHP installs are OK? And on Debian unless php5-fpm is installed we should be OK?