Zero Day Flaw

Millions of Linux servers and Android devices were hit with a zero-day flaw today.

What is zero-day flaw? From pctools.com:

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

From zdnet.com. The issue today was:

A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest “root” level is said to hit “tens of millions” of Linux PCs and servers. Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices. The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher. The vulnerability is in the keyring facility, baked into the core of the Linux software. If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.

Read the rest of the article from ZDNet.

Hardware Issues

My Linux desktop is sick. It’s having a hardware problem. It’s causing the kernel to panic. The mouse freezes and keyboard is flashing. At times, it causes the OS to shutdown. It doesn’t matter what distro I install. I tried the last 4 Ubuntu releases, Linux Mint 7, Linux Mint 8 and Fedora 12. I haven’t figured out yet if it’s a memory or a motherboard problem. I have eliminated just about everything else including power supply, CD, DVD, sound card and graphics card. It’s probably a memory issue. So now, I’m stuck on a Windows XP machine.

Interesting news today. The French and German government are sending out warnings to those who use IE as the fallout of the Google and China IE Zero Day security hack reverberates worldwide. Microsoft is directing users to use IE 8 instead. I say move to either Firefox, Safari or Chrome. I abandoned IE 5 years ago for the same reason. Some call for dumping IE now.

If you contemplating in interviewing with Google, better Google about what Google could possibly ask you during the interview, because Google, the company, tend to ask very tough interview questions. It’s interesting to hear about Google’s hiring policy, in that it focuses on super bright, intelligent people, which doesn’t seem to always translate to the best workers or workers with great interpersonal skills or better yet, workers with common sense.

Should Fedora release Fedora 13? For superstitious folks, thirteen is an unlucky number. Nevertheless, Fedora is forging ahead. Fedora 13 benchmarks are out, along with Ubuntu 10.04.

Windows 7 Zero Day Reported

Just when you thought it was safe to go back into Windows. Well, apparently there is a zero day vulnerability with Windows 7. Zero day attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available. At least at the moment there is no fix. ZDnet writes that, “the flaw in Windows 7 could allow an attack which would cause a critical system error, or “Blue Screen of Death”, according to researcher Laurent Gaffie. Gaffie added that the flaw lies in a Server Message Block 2 (SMB2) driver. Read the article.