Free Software Pioneer Richard Stallman calls Ubuntu ‘Spyware’

Richard Stallman, the pioneer of free software, has asked a South American free software association to not promote Ubuntu at any event, giving reasons that it “spies on its users” by collecting desktop search activity, and then handing it over to Amazon.

Canonical, developers of Ubuntu, a Linux-based operating system, released version 12.10 with the desktop search last October. Users can opt out of this, in which Canonical claims it retrieves anonymous user data, which is shared with third parties.

After calling Ubuntu spyware, it seems it might be a ridiculous banter by Stallman. It may not be spyware, but it’s no surprise any software collects data. Wouldn’t you be shocked if you found out software didn’t collect data?

A lot of heated criticism has been over this desktop search, however, Stallman’s request was declined. The FLISOL event organizer stated that users should have freedom of choice. As we know, limited freedom of choice is bad when it comes to software.

Whether Stallman wants Ubuntu promoted anymore is irrelevant to the fact that Ubuntu is one of the fastest growing distros of Linux.

Adobe Releases Emergency Patch for Adobe Reader

Adobe has released its emergency patch after a string of events in the past nearly ten days on dealing with a zero-day vulnerability. This was originally reported by FireEye in a blog post.

The FireEye blog stated the following:
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

After that was published, the FireEye researchers sent the bug report & sample to Adobe. Soon after, Adobe released a notification that there is a problem.

Eventually, Adobe detailed this past weekend that a patch would be available next week…well it’s here.

Adobe released its patch yesterday, in efforts to remediate the situation.

According to Adobe, the following versions are now available:

•  Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
•  For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
•  For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
•  Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
•  Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
•  Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
•  Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.

 

Security Concerns This Winter – Android Malware, Facebook Problems, Anonymous, among other things

We’ve discussed over the past couple of weeks some of the things that happened in 2012, and things we’re focused on coming into the new year. There is a surge in a lot of security concern over several different issues, including Android malware, Anonymous, cyberwar, among other things. Here is a comprised list of the top concerns this Winter that we’ll be investigating on a continual basis.

1. Identity Theft – this can be a problem for most people that get viruses and other malware on their computer. It can also be a problem on social networks. It is best to have a good antivirus and keep your social networking information safe. You don’t have to enter everything in your profile. Leave some fields blank so it is more trivial for the unsuspecting stalker. Sadly, you cannot know who’s viewed your profile, which makes it more difficult to discover stalkers. Hmm…hint Facebook.
2. Spear-Phishing – plain and clear, spear-phishing is similar to identity theft. This is done by email-spoofing, which the attacker is masking him-or-herself as a legitimate company with legitimate looking emails. However, these emails are only subject to make you click and to either steal your information, or distribute malware, or even both. Normally, this is a big problem over the holidays, but now it’s starting to become widespread no matter the time of year.
3. Human Error and the Failure to Update – Vulnerabilities – It is true that humans forget a lot of things. One of the biggest security risks we have always faced is that users fail to update their browser plugins and programs on their computer. However, through the use of this vulnerability, attackers exploit and send malware your way. Using a vulnerability scanner can help you keep managed of this atrocity.
4. Browser Hijackers and Junkware – we still continue to see the problem of browser hijackers and junkware being distributed in installers for legitimate programs. What’s sad is, the royalties are so high for software developers to add in the install code for junkware, that the developers don’t know how bad the issue is. From Babylon Toolbar to Claro Search…these toolbars and homepage hijackers are unnecessary and technically need to be done away with. Good thing our security community has the ability to remove this crap with our special tools.
5. Malware growth on Other Platforms – it’s no surprise that malware problems are lighting up on the iOS now, as well as Linux. It sure will start to become a problem this year. Even more on Windows 8 and Android than any other device.
6. Android Malware Growth – This has become one of the biggest problems right now in the computing world is the steady high growth of malware on the Android platform. It will continue to be a problem, sadly.
7. Anonymous Cyberattacks, and Government Cyberwar – we will still see cybercrime and cyberwar problems continue this year.

Stay in tune with this blog for further updates.

Google Releases Chrome 23.0.1271.97

Google released a new update for the stable version of Chrome, now at version 23.0.1271.97. All of the supported platforms have an update: Windows, Mac, Linux, and Chrome Frame.

One the issues fixes is involved with a website settings popup having texts trimmed under certain conditions. Another problem fixed involves a Linux bug and consists of <input> selection rendering white text on a white background making the string invisible. Also, repaired is the issue with plugins such as Google Voice and Unity Player that would stop working. This revision also includes the latest version of Adobe Flash.

Check for the latest Chrome download on www.google.com/chrome or in the Chrome browser, hit the settings button on the top right, select About Google Chrome. Usually, Google Chrome updates are automatically applied using Google Updater.

New iFrame Rootkit on Linux – Read the dirty details

Linux users and developers alike can expect some trouble with a new rootkit on the move. This time, it’s working as an iFrame attack on HTTP servers. The sample itself is pretty dynamic overall, and has the ability to infect Linux successfully AND hide its presence on the system.

The attack is characteristic of a drive-by download scenario, in which the rootkit attempts to attack an HTTP server through iFrame-related injections. Now for the dirty details…

• Attempts to ‘call’ modules in the file system by using set_http_injection_conf, start_get_command_web_injection_from_server_thread, cs:start_get_command_web_injection_from_server_value, hide_folder_and_files, hide_process_init, etc.
• It currently works on Debian Squeezy kernel version 2.6.32-5-amd64  (at least it matches).
• Unstripped coding size is 500K.
• Some functions are not fully working, so some have assumed it is in development stages or not fully complete.
• Adds startup entry to /etc/rc.local script: insmod /lib/modules/2.6.32-5-amd64/kernel/sound/module_init.ko
• Uses one of two methods to retrieve kernel symbols to /.kallsyms_tmp:
  /bin/bash -c cat /proc/kallsyms > /.kallsyms_tmp
/bin/bash -c cat /boot/System.map-`uname -r` > /.kallsyms_tmp
• Other than that, it does a good job trying to hide files/folders/processes/etc.
• The inject mechanism is neatly designed as a PHP script, which is pretty common for contemporary injections.
• Substitutes the TCP building functions by tcp_sendmsg to its own function.
• Once the C&C callback is done on the command server, the command server sends back malicious code specific for the situation.
• Probably being used in cybercrime operations rather than just targeted attacks.
• A Russia-based attacker is likely. Experts are not revealing any names, and seCURE Connexion has no information sadly.
• This was discovered on Seclists’s Full Disclosure Mailing List.

Adobe Issues Critical Security Updates for Flash and AIR

Election Day brings Adobe’s critical updates for Flash and AIR, so update today to fix seven (7) vulnerabilities.

Updates are currently available as follows:

FLASH

• Windows & Mac – 11.5.502.110
• Linux – 11.2.202.251
• Android 4.* – 11.1.115.27
• Android 3.* & 2.* – 11.1.111.24
• Google Chrome automatically updates the Flash version built in.

AIR

• Windows, Mac, SDK for iOS and Android – 3.5.0.600

 

Be sure to download the Flash updates for both Internet Explorer, and then for Firefox/Safari/Opera/Other browsers.

See advisory

 

Also, note Windows Update will help install the updates in Windows 8/IE 10, reference here

Critical fix issued for Shockwave Player – Oct. 23, 2012

Adobe has released a critical update for Shockwave Player after several serious vulnerabilities were found.

• Users of 11.6.7.637 and earlier versions should now update to version 11.6.8.638 – Update Now
• Updates are available for Windows and Mac systems.
• There is no active propagation of exploits.
• Check to see if you have Shockwave Player.
• Shockwave Player is not the same as Adobe Flash Player, which update October 8.
• Check release notes.
• Uncheck the Norton Security Scan, if it shows.

To protect against vulnerabilities, it is best to have a good internet security software, not FREE antivirus! Check here:

Steam Gamers Listen Up: Platform Vulnerable to Remote Exploits, 50M at risk

50 million users plus of the Steam gaming and distribution platform are at risk for remote exploits because of vulnerabilities in the platform’s URL protocol handler, researchers at ReVuln wrote in a paper released.

According to ThreatPost, Luigi Auriemma and Donato Ferrante discovered a number of memory corruption issues, including buffer and heap overflows that would allow an attacker to abuse the way the Steam client handles browser requests. Steam runs on Windows, Linux and Mac OSX.

The steam:// URL protocol is used to connect to game servers, load and uninstall games, backup files, run games and interact with news, profiles and download pages offered by Valve, the company that operates the platform. Attackers, Auriemma and Ferrante said, can abuse specific Steam commands via steam:// URLs to inject attacks and run other malicious code on victim machines.

Read more on the ThreatPost blog

Protect your gaming with BitDefender GameSafe

Adobe Releases Subsequent Updates for 6 Flaws

New releases of update from Adobe come a week after their recent release, which was critical. Having subsequent updates for critical flaws begs the question of whether or not Flash Player is safe. Looks as if AIR was affected, as well. This patching closes six vulnerabilities, helping to safeguard against hackers.

These platforms are affected, and now have a patch available for download:

• Windows (New update: 11.4.402.265)
• Mac (New update: 11.4.402.265)
• Linux (New Update)
• Android (New Update)

The customized Google Chrome version (Pepper) should be automatically update to version 11.3.31.230 for PC and 11.4.402.265 for Mac.

For Windows and Mac users, bear in mind the new Adobe AIR 3.4.0.2540, which you should include with your updates for Flash Player.

Last week’s update included a critical flaw (CVE-2012-1535) in Adobe Flash Player.

For this week’s update, it fixes the following, according to Adobe:

• These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
• These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
• These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168).

 

Report: Nvidia Fixes Unix Driver, Addresses Vulnerability

Graphics chip maker Nvidia released a new version of its Unix driver on Friday in order to address a high-risk vulnerability that can be exploited by local users to gain root privileges on Linux systems.

The privilege escalation vulnerability fixed in the new 304.32 version of the Nvidia Unix driver 304.32 was publicly disclosed last Wednesday by Dave Airlie, a principal engineer in the graphics team at Linux vendor Red Hat.

The public disclosure was done at the request of an anonymous researcher who originally discovered the flaw and after Nvidia failed to respond to a private report about the vulnerability, Airlie said in an email sent to the Full Disclosure mailing list.

Airlie’s message also included proof-of-concept exploit code created by the anonymous researcher to demonstrate the vulnerability.

Read More on Computer World

Related articles

• Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (techworld.com.au)
• Nvidia releases Unix driver to fix high-risk vulnerability (infoworld.com)
• NVIDIA closes hole in proprietary Unix driver (h-online.com)
• Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (pcadvisor.co.uk)
• NVIDIA Driver Bug Grants Arbitrary Root Access to Local Users (hotforsecurity.com)