Security News #0x69: Where in the world is Satoshi Nakamoto?
- If you want to learn more about the x32 recvmmsg() kernel vulnerability (CVE 2014-0038) that we mentioned a few weeks ago, head over to Include Security.
This is dedicated to those enterprising students on Team 1 and Team 3, who now have an interesting artifact on their Windows systems, courtesy of Red Team.
- The folks at SANS have a nice blog post on tools for analyzing static properties of suspicious files on Windows .
- Do you know the difference between
/dev/urandom? Here is a nice tutorial on the differences.
- Do you want to learn more about tcpdump? (Of course you do!) Check out the tutorial of Daniel Miessler .
- How hard is it to download software securely? And should it be this hard?
- Newsweek reports that they have identified Satoshi Nakamoto, the inventor of Bitcoin. However, someone thought to be Satoshi Nakamoto has posted saying that they are not the person identified by Newsweek. You may want to check out Ars Technica, which reported on the original story and has since followed up.
- Hot on the heels of the
goto fail;bug, now we have a vulnerability in GnuTLS that may be even worse than the problem with Apple. Take a look at the coverage over on Ars Technica to get caught up to speed. The folks at Threatpost compare the two bugs and their impact. Note that this is a bug in GnuTLS; it does not impact OpenSSL.
- Meetup was hit by a large DDoS attack last week.
- Team Cymru has identified some 300,000 hacked SOHO routers (.pdf), primarily in Vietnam. Ars Technica has a report.
- What is truly worrying about Brian Krebs’ report on breaches at Schmuker’s is that it appears as if the breach had been noticed by Brian some time before Schmuker’s did.