Miscellaneous Tech News
-
@EddieJennings said in Miscellaneous Tech News:
Saw this on Reddit
https://nakedsecurity.sophos.com/2019/02/12/russian-isps-plan-internet-disconnection-test-for-entire-country/BBC had that a few days ago.
-
-
@black3dynamite said in Miscellaneous Tech News:
@dafyre said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@DustinB3403 said in Miscellaneous Tech News:
Speaking of LE why doesn't ML use LE for their CA?
Using CloudFlare's cert.
How is traffic encrypted between CloudFlare and ML? Self-Signed (or LE) Cert on ML?
In CloudFlare, you can actually create a free tls certificate for your server.
Thanks for the heads up @black3dynamite, and for the extra details @JaredBusch
-
@black3dynamite said in Miscellaneous Tech News:
What if the container bursts open?
Unfortunately, a serious security flaw dubbed CVE-2019-5736 was found in runc.
This bug means that a program run with root privileges inside a guest container can make changes with root privilege outside that container.
Loosely put, a rogue guest could get sysadmin-level control on the host.
This control could allow the rogue to interfere with other guests, steal data from the host, modify the host, start new guests at will, map out the nearby network, scramble files, unscramble files…
…you name it, a crook could do it.
Precise details of the bug are being witheld for a further six days to give everyone time to patch, but the problem seems to stem from the fact that Linux presents the memory space of the current process as if it were a file called /proc/self/exe.
Thanks to CVE-2019-5736, accessing the memory image of the runc program that’s in charge of your guest app seems to give you a way to mess with running code in the host system itself.
In other words, by modifying your own process in some way, you can cause side-effects outside your container.
And if you can make those unauthorised changes as root, you’ve effectively just made yourself into a sysadmin with a root-level login on the host sever.
For what it’s worth, the runc patch that’s available includes the following new program code, intended to stop containers from messing indirectly with the host system’s running copy of runc, something like this...
-
Hackers keep trying to get malicious Windows file onto MacOS
Clever trick may be ham-fisted attempt bypass Gatekeeper protections built into macOS.
Malware pushers are experimenting with a novel way to infect Mac users that runs executable files that normally execute only on Windows computers.
Researchers from antivirus provider Trend Micro made that discovery after analyzing an app available on a Torrent site that promised to install Little Snitch, a firewall application for macOS. Stashed inside the DMG file was an EXE file that delivered a hidden payload. The researchers suspect the routine is designed to bypass Gatekeeper, a security feature built into macOS that requires apps to be code-signed before they can be installed. EXE files don’t undergo this verification, because Gatekeeper only inspects native macOS files.
“We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design,” Trend Micro researchers Don Ladores and Luis Magisa wrote. “We think that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cybercriminals can use this information and routine.”
-
Pantheon DE that Elementary OS uses will be available has a new spin when Fedora 30 is released.
https://fedoraproject.org/wiki/Changes/PantheonDesktop -
Microsoft patches 0-day vulnerabilities in IE and Exchange
IE info bug was under active exploit; exploit code for Exchange flaw was circulating.
Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.
The IE vulnerability, Microsoft said, allows attackers to test whether one or more files are stored on disks of vulnerable PCs. Attackers first must lure targets to a malicious site. Microsoft, without elaborating, said it has detected active exploits against the vulnerability, which is indexed as CVE-2019-0676 and affects IE version 10 or 11 running on all supported versions of Windows. The flaw was discovered by members of Google’s Project Zero vulnerability research team.
Microsoft also patched Exchange against a vulnerability that allowed remote attackers with little more than an unprivileged mailbox account to gain administrative control over the server. Dubbed PrivExchange, CVE-2019-0686 was publicly disclosed last month, along with proof-of-concept code that exploited it. In Tuesday’s advisory, Microsoft officials said they haven’t seen active exploits yet but that they were “likely.”
-
@black3dynamite said in Miscellaneous Tech News:
Pantheon DE that Elementary OS uses will be available has a new spin when Fedora 30 is released.
https://fedoraproject.org/wiki/Changes/PantheonDesktopThat's awesome. Glad to see that DE moving into the mainstream!
-
@scottalanmiller said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
Pantheon DE that Elementary OS uses will be available has a new spin when Fedora 30 is released.
https://fedoraproject.org/wiki/Changes/PantheonDesktopThat's awesome. Glad to see that DE moving into the mainstream!
Me too. My kid really likes that desktop environment a lot.
-
GLPI ITSM 9.4.0
https://glpi-project.org/glpi-9-4-0/ -
@black3dynamite said in Miscellaneous Tech News:
GLPI ITSM 9.4.0
https://glpi-project.org/glpi-9-4-0/I used GLPI before switching to Spiceworks at my last job. From what I remember, it wasn't terrible... I'll have to give this one another go.
-
@dafyre said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
GLPI ITSM 9.4.0
https://glpi-project.org/glpi-9-4-0/I used GLPI before switching to Spiceworks at my last job. From what I remember, it wasn't terrible... I'll have to give this one another go.
I've also used it before switching to Snipe-IT mainly because of the check-in/check-out feature.
-
@black3dynamite said in Miscellaneous Tech News:
@dafyre said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
GLPI ITSM 9.4.0
https://glpi-project.org/glpi-9-4-0/I used GLPI before switching to Spiceworks at my last job. From what I remember, it wasn't terrible... I'll have to give this one another go.
I've also used it before switching to Snipe-IT mainly because of the check-in/check-out feature.
Currently using snipe-it. It is great. The one thing spiceworks has is the automated scanning. This mostly works, but also can cause network issues and is kind of clunky. I actually use both, but only use sw to fill in certain gaps.
-
@wrx7m said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
@dafyre said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
GLPI ITSM 9.4.0
https://glpi-project.org/glpi-9-4-0/I used GLPI before switching to Spiceworks at my last job. From what I remember, it wasn't terrible... I'll have to give this one another go.
I've also used it before switching to Snipe-IT mainly because of the check-in/check-out feature.
Currently using snipe-it. It is great. The one thing spiceworks has is the automated scanning. This mostly works, but also can cause network issues and is kind of clunky. I actually use both, but only use sw to fill in certain gaps.
I haven't used them for a long time now but, Fusion Inventory or OCS can also automatically scan to and then add the info to GLPI. If I remember correctly they require installing an agent to the computers for them to work.
-
@black3dynamite said in Miscellaneous Tech News:
GLPI
I don't mind having an agent. SW uses agents for remote systems. PDQ Inventory does too, or will. I am using PDQ deploy and would like to have the integration that comes with the inventory aspect.
-
@wrx7m said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
GLPI
I don't mind having an agent. SW uses agents for remote systems. PDQ Inventory does too, or will. I am using PDQ deploy and would like to have the integration that comes with the inventory aspect.
I prefer agents. Slightly more work overall, but consistent results and no weird troubleshooting.
-
Even when I used SW, I used it with all agents.
-
@scottalanmiller said in Miscellaneous Tech News:
Even when I used SW, I used it with all agents.
I find that for inventory and stuff like that, Agents are usually more accurate and less resource intensive than reaching out to scan from the server.
-
-
@dafyre said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Even when I used SW, I used it with all agents.
I find that for inventory and stuff like that, Agents are usually more accurate and less resource intensive than reaching out to scan from the server.
For the server but for the computer it is more intensive... however I do like when something scans the network for me instead of an agent. There were certain devices added that sometimes do not get agents and so I like that part when there is a networks scan.