Richard Stallman, the pioneer of free software, has asked a South American free software association to not promote Ubuntu at any event, giving reasons that it “spies on its users” by collecting desktop search activity, and then handing it over to Amazon.
Canonical, developers of Ubuntu, a Linux-based operating system, released version 12.10 with the desktop search last October. Users can opt out of this, in which Canonical claims it retrieves anonymous user data, which is shared with third parties.
After calling Ubuntu spyware, it seems it might be a ridiculous banter by Stallman. It may not be spyware, but it’s no surprise any software collects data. Wouldn’t you be shocked if you found out software didn’t collect data?
A lot of heated criticism has been over this desktop search, however, Stallman’s request was declined. The FLISOL event organizer stated that users should have freedom of choice. As we know, limited freedom of choice is bad when it comes to software.
Whether Stallman wants Ubuntu promoted anymore is irrelevant to the fact that Ubuntu is one of the fastest growing distros of Linux.
Adobe has released its emergency patch after a string of events in the past nearly ten days on dealing with a zero-day vulnerability. This was originally reported by FireEye in a blog post.
The FireEye blog stated the following:
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
After that was published, the FireEye researchers sent the bug report & sample to Adobe. Soon after, Adobe released a notification that there is a problem.
Eventually, Adobe detailed this past weekend that a patch would be available next week…well it’s here.
Adobe released its patch yesterday, in efforts to remediate the situation.
According to Adobe, the following versions are now available:
- Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
- For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
- For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
- Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
- Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
- Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
- Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.
Google released a new update for the stable version of Chrome, now at version 23.0.1271.97. All of the supported platforms have an update: Windows, Mac, Linux, and Chrome Frame.
One the issues fixes is involved with a website settings popup having texts trimmed under certain conditions. Another problem fixed involves a Linux bug and consists of <input> selection rendering white text on a white background making the string invisible. Also, repaired is the issue with plugins such as Google Voice and Unity Player that would stop working. This revision also includes the latest version of Adobe Flash.
Check for the latest Chrome download on www.google.com/chrome or in the Chrome browser, hit the settings button on the top right, select About Google Chrome. Usually, Google Chrome updates are automatically applied using Google Updater.
Linux users and developers alike can expect some trouble with a new rootkit on the move. This time, it’s working as an iFrame attack on HTTP servers. The sample itself is pretty dynamic overall, and has the ability to infect Linux successfully AND hide its presence on the system.
The attack is characteristic of a drive-by download scenario, in which the rootkit attempts to attack an HTTP server through iFrame-related injections. Now for the dirty details…
- Attempts to ‘call’ modules in the file system by using set_http_injection_conf, start_get_command_web_injection_from_server_thread, cs:start_get_command_web_injection_from_server_value, hide_folder_and_files, hide_process_init, etc.
- It currently works on Debian Squeezy kernel version 2.6.32-5-amd64 (at least it matches).
- Unstripped coding size is 500K.
- Some functions are not fully working, so some have assumed it is in development stages or not fully complete.
- Adds startup entry to /etc/rc.local script:
- Uses one of two methods to retrieve kernel symbols to /.kallsyms_tmp:
/bin/bash -c cat /proc/kallsyms > /.kallsyms_tmp
/bin/bash -c cat /boot/System.map-`uname -r` > /.kallsyms_tmp
- Other than that, it does a good job trying to hide files/folders/processes/etc.
- The inject mechanism is neatly designed as a PHP script, which is pretty common for contemporary injections.
- Substitutes the TCP building functions by tcp_sendmsg to its own function.
- Once the C&C callback is done on the command server, the command server sends back malicious code specific for the situation.
- Probably being used in cybercrime operations rather than just targeted attacks.
- A Russia-based attacker is likely. Experts are not revealing any names, and seCURE Connexion has no information sadly.
- This was discovered on Seclists’s Full Disclosure Mailing List.
Election Day brings Adobe’s critical updates for Flash and AIR, so update today to fix seven (7) vulnerabilities.
Updates are currently available as follows:
- Windows & Mac – 11.5.502.110
- Linux – 188.8.131.52
- Android 4.* – 184.108.40.206
- Android 3.* & 2.* – 220.127.116.11
- Google Chrome automatically updates the Flash version built in.
- Windows, Mac, SDK for iOS and Android – 18.104.22.1680
Be sure to download the Flash updates for both Internet Explorer, and then for Firefox/Safari/Opera/Other browsers.
Also, note Windows Update will help install the updates in Windows 8/IE 10, reference here
Adobe has released a critical update for Shockwave Player after several serious vulnerabilities were found.
- Users of 22.214.171.1247 and earlier versions should now update to version 126.96.36.1998 – Update Now
- Updates are available for Windows and Mac systems.
- There is no active propagation of exploits.
- Check to see if you have Shockwave Player.
- Shockwave Player is not the same as Adobe Flash Player, which update October 8.
- Check release notes.
- Uncheck the Norton Security Scan, if it shows.
To protect against vulnerabilities, it is best to have a good internet security software, not FREE antivirus! Check here:
50 million users plus of the Steam gaming and distribution platform are at risk for remote exploits because of vulnerabilities in the platform’s URL protocol handler, researchers at ReVuln wrote in a paper released.
According to ThreatPost, Luigi Auriemma and Donato Ferrante discovered a number of memory corruption issues, including buffer and heap overflows that would allow an attacker to abuse the way the Steam client handles browser requests. Steam runs on Windows, Linux and Mac OSX.
The steam:// URL protocol is used to connect to game servers, load and uninstall games, backup files, run games and interact with news, profiles and download pages offered by Valve, the company that operates the platform. Attackers, Auriemma and Ferrante said, can abuse specific Steam commands via steam:// URLs to inject attacks and run other malicious code on victim machines.
Protect your gaming with BitDefender GameSafe
New releases of update from Adobe come a week after their recent release, which was critical. Having subsequent updates for critical flaws begs the question of whether or not Flash Player is safe. Looks as if AIR was affected, as well. This patching closes six vulnerabilities, helping to safeguard against hackers.
These platforms are affected, and now have a patch available for download:
- Windows (New update: 11.4.402.265)
- Mac (New update: 11.4.402.265)
- Linux (New Update)
- Android (New Update)
The customized Google Chrome version (Pepper) should be automatically update to version 188.8.131.52 for PC and 11.4.402.265 for Mac.
For Windows and Mac users, bear in mind the new Adobe AIR 184.108.40.2060, which you should include with your updates for Flash Player.
For this week’s update, it fixes the following, according to Adobe:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
- These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
- These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168).
Graphics chip maker Nvidia released a new version of its Unix driver on Friday in order to address a high-risk vulnerability that can be exploited by local users to gain root privileges on Linux systems.
The privilege escalation vulnerability fixed in the new 304.32 version of the Nvidia Unix driver 304.32 was publicly disclosed last Wednesday by Dave Airlie, a principal engineer in the graphics team at Linux vendor Red Hat.
The public disclosure was done at the request of an anonymous researcher who originally discovered the flaw and after Nvidia failed to respond to a private report about the vulnerability, Airlie said in an email sent to the Full Disclosure mailing list.
Airlie’s message also included proof-of-concept exploit code created by the anonymous researcher to demonstrate the vulnerability.
- Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (techworld.com.au)
- Nvidia releases Unix driver to fix high-risk vulnerability (infoworld.com)
- NVIDIA closes hole in proprietary Unix driver (h-online.com)
- Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (pcadvisor.co.uk)
- NVIDIA Driver Bug Grants Arbitrary Root Access to Local Users (hotforsecurity.com)