USN-7015-4: Python vulnerability

Read Time:1 Minute, 3 Second

USN-7015-1 fixed several vulnerabilities in Python. This update provides the
corresponding update for CVE-2023-27043 for python2.7 and python3.5 in
Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)

It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)

It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)

It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)

Read More

Perfectl Malware

Read Time:2 Minute, 17 Second

Perfectl in an impressive piece of malware:

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools. A signature characteristic of Perfctl is its use of process and file names that are identical or similar to those commonly found in Linux environments. The naming convention is one of the many ways the malware attempts to escape notice of infected users.

Perfctl further cloaks itself using a host of other tricks. One is that it installs many of its components as rootkits, a special class of malware that hides its presence from the operating system and administrative tools. Other stealth mechanisms include:

Stopping activities that are easy to detect when a new user logs in
Using a Unix socket over TOR for external communications
Deleting its installation binary after execution and running as a background service thereafter
Manipulating the Linux process pcap_loop through a technique known as hooking to prevent admin tools from recording the malicious traffic
Suppressing mesg errors to avoid any visible warnings during execution.

The malware is designed to ensure persistence, meaning the ability to remain on the infected machine after reboots or attempts to delete core components. Two such techniques are (1) modifying the ~/.profile script, which sets up the environment during user login so the malware loads ahead of legitimate workloads expected to run on the server and (2) copying itself from memory to multiple disk locations. The hooking of pcap_loop can also provide persistence by allowing malicious activities to continue even after primary payloads are detected and removed.

Besides using the machine resources to mine cryptocurrency, Perfctl also turns the machine into a profit-making proxy that paying customers use to relay their Internet traffic. Aqua Security researchers have also observed the malware serving as a backdoor to install other families of malware.

Something this complex and impressive implies that a government is behind this. North Korea is the government we know that hacks cryptocurrency in order to fund its operations. But this feels too complex for that. I have no idea how to attribute this.

Read More

Snapping Safely: The Fun and Risks of Snapchat for Teens

Read Time:5 Minute, 2 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

No, I am not taking a photo of my nose hair! I am Snapping and sharing for my Snapgroup to keep my Snapstreak active while I see where they are on my Snapmap.

If by now, you have not figured I am talking about Snapchat, you are probably not a tween/teen or a parent of a tween/teen. Which means, either you are super excited by snapchat, or super confused!! There are good reasons for both! My parents hate it-so I love it. I guess it could be as simple as that. 

First things first-its not Facebook, its not owned by Facebook, and likely if you use Facebook, you will not use Snapchat. You have to be 13 to sign up, but no one is checking and more importantly, its probably more age appropriate closer to 16-I started using it around 15. The app does collect data-both by itself and allows third party access.

It’s a photo-messaging app-hence the name ‘snap’. The photo-messages also disappear-hence the logo looks like a ‘ghost’. You start with a few bits of basic information and add a few friends by taking a picture of their Snapcode (qrcode) and start sending Snapping with them. After 24 hours the messages automatically delete. No words, just snaps. Well, a snap edited with fancy, funny, silly photo filters, lenses and effects that are mainly lighthearted. There are other non-photo stuff like games, entertainment, quizzes and videos, but lets face it-its the silly goofy photos that will soon be deleted that are the attraction. It’s the surety that anything you do on snap will not come back and haunt you…like a ghost.

See what I did there.

The pressure of keeping in touch with your friends consistently day after day to maintain your “streak”, making “stories” from your chats, or endlessly “discovering” new sources of information in Snap are all huge investments of time and energy that may well be spent in other areas of your life. But these pale in comparison to some more serious concerns.

Yes, snap photos don’t get saved on your phone and do get deleted after being seen and in 24 hours. If the user “screenshots” them, you are notified. But that is all the protection you are getting-which is about the same as an umbrella in the deep end of a swimming pool. Your data is used by snap and others to collect information about you and send you targeted messages that, in some cases are malware, spam, and viruses disguised as friend requests or Snapawards. Users that you may think you know and accept as friends may send you inappropriate messages or request inappropriate information leading to identity theft, or worse. Snapmap, which allows you to see where your friends are in real time is great, especially when you feel ‘alone’. But, this also puts a fairly easy digital target on your back in case someone in your user group has had their account hacked or taken over. 

Even amongst friends that you know and trust, your photos can be screenshot and saved. Yes, you will receive a notification, but beyond that, not much else can be done. There are software out there that can take photos without triggering Snap’s notifications. What’s the big deal, you may ask? Assuming that your friend remains, a friend and don’t use your photos negatively against you ever (like you never heard that before!), these photos are now living in their phones and can then be uploaded/forwarded/shared without your knowledge or permission-you now have no knowledge, access, or control.  

 All of this may be just fine for the photo of rainbows coming out of your eyes expressing your happiness on seeing your friend on the first day of school,  but screenshot and used under a caption of “I shed fake tears”, sends a very different message, with potentially serious unintended consequences, especially for someone who may not have your best interest at heart or who may not know you at all and is a “fake user” in the true sense of the word.

I keep coming back to this idea of fake user account again and again because creating a Snap account, especially a fake one, is fairly easy.  There are some valid and real concerns to using Snap and other similar messaging services that imply anonymity, privacy and security to enable you to be free and open. Privacy and safety, especially on an app like Snap that seems so innocuous on the surface, can hide a sinister underbelly. Social media companies take a lot of effort to keep their own names out of bad publicity (the irony of privacy), yet very little to protect their users-this article which talks about one such sad story, does not even mention the social media site for anyone to be aware of! The implication here is that somehow the 17yr who is named is expected to have more responsibility than an unnamed corporation.

 To get the best experience from the app, do these few simple things-

Don’t lie about your age-it helps stop ads and messages that are not appropriate for your maturity and understanding. It also stops Snap and third parties from legally collecting data from you.

Don’t randomly accept friends or follow people-you don’t do that in real life, do you?

Set the settings-I hate to say this, but for once, involve your parents. Sit down and adjust the settings like location, and who can view our story and most importantly understand that once you hit “send” you cant “undo”. But if they start asking you to explain how Shazam works, you have my permission to do the “eye roll” and walk away!!

Stay safe!

I’m outta here!

Read More

Snapping Safely: The Fun and Risks of Snapchat for Teens

Read Time:5 Minute, 2 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

No, I am not taking a photo of my nose hair! I am Snapping and sharing for my Snapgroup to keep my Snapstreak active while I see where they are on my Snapmap.

If by now, you have not figured I am talking about Snapchat, you are probably not a tween/teen or a parent of a tween/teen. Which means, either you are super excited by snapchat, or super confused!! There are good reasons for both! My parents hate it-so I love it. I guess it could be as simple as that. 

First things first-its not Facebook, its not owned by Facebook, and likely if you use Facebook, you will not use Snapchat. You have to be 13 to sign up, but no one is checking and more importantly, its probably more age appropriate closer to 16-I started using it around 15. The app does collect data-both by itself and allows third party access.

It’s a photo-messaging app-hence the name ‘snap’. The photo-messages also disappear-hence the logo looks like a ‘ghost’. You start with a few bits of basic information and add a few friends by taking a picture of their Snapcode (qrcode) and start sending Snapping with them. After 24 hours the messages automatically delete. No words, just snaps. Well, a snap edited with fancy, funny, silly photo filters, lenses and effects that are mainly lighthearted. There are other non-photo stuff like games, entertainment, quizzes and videos, but lets face it-its the silly goofy photos that will soon be deleted that are the attraction. It’s the surety that anything you do on snap will not come back and haunt you…like a ghost.

See what I did there.

The pressure of keeping in touch with your friends consistently day after day to maintain your “streak”, making “stories” from your chats, or endlessly “discovering” new sources of information in Snap are all huge investments of time and energy that may well be spent in other areas of your life. But these pale in comparison to some more serious concerns.

Yes, snap photos don’t get saved on your phone and do get deleted after being seen and in 24 hours. If the user “screenshots” them, you are notified. But that is all the protection you are getting-which is about the same as an umbrella in the deep end of a swimming pool. Your data is used by snap and others to collect information about you and send you targeted messages that, in some cases are malware, spam, and viruses disguised as friend requests or Snapawards. Users that you may think you know and accept as friends may send you inappropriate messages or request inappropriate information leading to identity theft, or worse. Snapmap, which allows you to see where your friends are in real time is great, especially when you feel ‘alone’. But, this also puts a fairly easy digital target on your back in case someone in your user group has had their account hacked or taken over. 

Even amongst friends that you know and trust, your photos can be screenshot and saved. Yes, you will receive a notification, but beyond that, not much else can be done. There are software out there that can take photos without triggering Snap’s notifications. What’s the big deal, you may ask? Assuming that your friend remains, a friend and don’t use your photos negatively against you ever (like you never heard that before!), these photos are now living in their phones and can then be uploaded/forwarded/shared without your knowledge or permission-you now have no knowledge, access, or control.  

 All of this may be just fine for the photo of rainbows coming out of your eyes expressing your happiness on seeing your friend on the first day of school,  but screenshot and used under a caption of “I shed fake tears”, sends a very different message, with potentially serious unintended consequences, especially for someone who may not have your best interest at heart or who may not know you at all and is a “fake user” in the true sense of the word.

I keep coming back to this idea of fake user account again and again because creating a Snap account, especially a fake one, is fairly easy.  There are some valid and real concerns to using Snap and other similar messaging services that imply anonymity, privacy and security to enable you to be free and open. Privacy and safety, especially on an app like Snap that seems so innocuous on the surface, can hide a sinister underbelly. Social media companies take a lot of effort to keep their own names out of bad publicity (the irony of privacy), yet very little to protect their users-this article which talks about one such sad story, does not even mention the social media site for anyone to be aware of! The implication here is that somehow the 17yr who is named is expected to have more responsibility than an unnamed corporation.

 To get the best experience from the app, do these few simple things-

Don’t lie about your age-it helps stop ads and messages that are not appropriate for your maturity and understanding. It also stops Snap and third parties from legally collecting data from you.

Don’t randomly accept friends or follow people-you don’t do that in real life, do you?

Set the settings-I hate to say this, but for once, involve your parents. Sit down and adjust the settings like location, and who can view our story and most importantly understand that once you hit “send” you cant “undo”. But if they start asking you to explain how Shazam works, you have my permission to do the “eye roll” and walk away!!

Stay safe!

I’m outta here!

Read More