Category Archives: Linux

Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware

(credit: Aurich Lawson)

A Web-hosting service recently agreed to pay a $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently.

The South Korean Web host, Nayana, said in a blog post published last week that initial ransom demands were for five billion won worth of Bitcoin, which is roughly $4.4 million. Company negotiators later managed to get the fee lowered to 1.8 billion won and ultimately landed a further reduction to 1.2 billion won, or just over $1 million. An update posted Saturday said Nayana engineers were in the process of recovering the data. The post cautioned that that the recovery was difficult and would take time.

“It is very frustrating and difficult, but I am really doing my best, and I will do my best to make sure all servers are normalized,” a representative wrote, according to a Google translation.

Read 2 remaining paragraphs | Comments

Serious privilege escalation bug in Unix OSes imperils servers everywhere

Enlarge (credit: Victorgrigas)

A raft of Unix-based operating systems—including Linux, OpenBSD, and FreeBSD—contain flaws that let attackers elevate low-level access on a vulnerable computer to unfettered root. Security experts are advising administrators to install patches or take other protective actions as soon as possible.

Stack Clash, as the vulnerability is being called, is most likely to be chained to other vulnerabilities to make them more effectively execute malicious code, researchers from Qualys, the security firm that discovered the bugs, said in a blog post published Monday. Such local privilege escalation vulnerabilities can also pose a serious threat to server host providers because one customer can exploit the flaw to gain control over other customer processes running on the same server. Qualys said it's also possible that Stack Clash could be exploited in a way that allows it to remotely execute code directly.

"This is a fairly straightforward way to get root after you've already gotten some sort of user-level access," Jimmy Graham, director of product management at Qualys, told Ars. The attack works by causing a region of computer memory known as the stack to collide into separate memory regions that store unrelated code or data. "The concept isn't new, but this specific exploit is definitely new."

Read 5 remaining paragraphs | Comments

How to install Linux on a Chromebook (and why you should)

Enlarge

Chromebooks are one of the most secure devices you can give a non-technical end user, and at a price point few can argue with, but that security comes with a privacy trade off: you have to trust Google, which is part of the NSA's Prism programme, with your data in the cloud.

Even those who put their faith in the company's rusty "don’t be evil" mantra may find Chromebook functionality limiting—if you want more than Google services, Netflix, some other Web apps, and maybe the Android app store, then you're out of luck.

Geeky users willing to engage in some entry-level hackery, however, can install Linux on their Chromebook and unleash the Power of Torvalds™.

Read 27 remaining paragraphs | Comments