Notices by GeniusMusing (geniusmusing@nu.federati.net), page 31
-
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 17-Mar-2022 15:57:49 EDT 
GeniusMusing
Until you have a second jsmith47... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 15-Mar-2022 21:51:10 EDT
GeniusMusing
Interesting finding with my servers...
Debian Linux 10: Linux 4.19.0-19-amd64
Debian Linux 11: Linux 5.10.0-12-amd64
I guess I'm "safe". -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 15-Mar-2022 21:14:50 EDT
GeniusMusing
Nasty Linux Netfilter Firewall Security Hole Found Slashdot
https://linux.slashdot.org/story/22/03/15/221258/nasty-linux-netfilter-firewall-security-hole-found
>Sophos threat researcher Nick Gregory discovered a hole in Linux's netfilter firewall program that's "exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want." ZDNet reports:
>Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. [...] This problem exists because netfilter doesn't handle its hardware offload feature correctly. A local, unprivileged attacker can use this to cause a denial-of-service (DoS), execute arbitrary code, and cause general mayhem. Adding insult to injury, this works even if the hardware being attacked doesn't have offload functionality! That's because, as Gregory wrote to a security list, "Despite being in code dealing with hardware offload, this is reachable when targeting network devices that don't have offload functionality (e.g. lo) as the bug is triggered before the rule creation fails."
>
>This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It's listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie. How bad? In its advisory, Red Hat said, "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." So, yes, this is bad. Worse still, it affects recent major distribution releases such as Red Hat Enterprise Linux (RHEL) 8.x; Debian Bullseye; Ubuntu Linux, and SUSE Linux Enterprise 15.3. While the Linux kernel netfilter patch has been made, the patch isn't available yet in all distribution releases.
The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
Guess I'm one of the lucky ones, Tumbleweed is at 5.16.14.
My servers on the other hand... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 15-Mar-2022 18:58:14 EDT
GeniusMusing
@lnxw48a1
For some reason that actually sounds like "old" normal... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Saturday, 12-Mar-2022 20:29:49 EST
GeniusMusing
@lnxw48a1 @guizzy
Pretty sure any Yoko music on the battle field is not allowed per the Geneva Convention. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Saturday, 12-Mar-2022 18:44:03 EST
GeniusMusing
@lnxw48a1
It was not an "Oops", you are really from the future and just wrote the "Correct" date. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Saturday, 12-Mar-2022 12:14:16 EST
GeniusMusing
Seems like someone read at least one book...
1984, George Orwell
>“Always eyes watching you and the voice enveloping you. Asleep or awake, indoors or out of doors, in the bath or bed—no escape. Nothing was your own except the few cubic centimeters in your skull.”
>"Don’t you see that the whole aim of Newspeak is to narrow the range of thought? In the end we shall make thoughtcrime literally impossible, because there will be no words in which to express it.”
>“We know that no one ever seizes power with the intention of relinquishing it.” -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 11-Mar-2022 20:53:51 EST
GeniusMusing
>Good leaders need to have one or more people who will tell them they are wrong...
Seems we were missing that for the better part of 4 years here in the US... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 09-Mar-2022 17:07:18 EST
GeniusMusing
Stolen Nvidia Certificates Used To Hide Malware in Driver Downloads Slashdot
https://nu.federati.net/url/285263
>Last week Nvidia confirmed that it had been the victim of an internal hack, though it claimed no customer information was compromised. Now we're seeing one of the first effects of the hack on end-users: Nvidia GPU driver packages with malware hidden inside. PCWorld:
>While it was always possible for malefactors to host links pretending to be drivers in the hopes of installing viruses, trojans, and other nasty stuff on a user's PC, this situation is more concerning. The hackers appear to have leaked Nvidia's official code signing certificates, a means by which users (and Microsoft) can verify that a downloaded program comes from the publisher it says it's from. That's allowing files containing a host of popular malware suites to be posted and downloaded, bypassing Windows Defender's built-in executable verification and slipping past anti-virus software. BleepingComputer reports that two now-expired (but still usable) verification codes have been compromised and used to deliver remote access trojans. Another example, using the Nvidia verification to sign a fake Windows driver, was also spotted.
Stolen Nvidia certificates used to hide malware in driver downloads PCWorld
https://nu.federati.net/url/285264
Kind of glad I have AMD video now...
All Jonkman Microblog content and data are available under the