Monday, 23 February 2015

After Open Source Software it's time for Open Source Hardware


These day we are seeing tremendous increase in revealing of several malware attacks are embedded in our hardware by different secret services, I think its time for a new revolution as per today's need and its the Open source Hardware.
In 1994 Richard Stallman and Linus Torvalds started a revolution by giving this world Open Source and soon the most secure, trust able, customisable operating system Linux was introduced. It was important because market was dominated by Microsoft for our need of operating system people had no option rather than to use windows.
 Well this is the time where we need another revolution by the name of open hardware because now we can not trust our regular manufacturers of IT equipments because they get involve in dirty work of violating people life's privacy by creating and embedding security holes in the firmware of there hardware products.
This needs to be stopped

wikipedia definition of open source hardware
Open-source hardware (OSH) consists of physical artifacts of technology designed and offered by the open designmovement. Both free and open-source software (FOSS) as well as open-source hardware is created by this open-source culture movement and applies a like concept to a variety of components. It is sometimes, thus, referred to as FOSH (free and open source hardware).

why?

what reason can be given after this year since the 2013 Snowden leaks, Russian security firm Kaspersky has presented a report that the National Security Agency (NSA), the snooping agency for the United States has been involved in a globally-organised hacking campaign aimed at the firmware of hard drives.

Kaspersky report says that NSA implemented a backdoor in the firmware of hard drives, this backdoor is a complex algorithm that can give direct access to all data stored in drive to any remote user, not only this this algorithm can even produce a small malware from itself that system thread level that can do lot more then just access file it can send them and more.Hard drives manufactured by as many as 12 major HD manufacturers are currently infected. The operation has been dubbed as “Equation Group” by researchers of Kaspersky Lab and took help of hackers to secretly intercept a package in transit, booby-trapped its contents, and sent it to its intended destination. Kaspersky had dubbed the group as Equation Group because it is apparent use of heavy encryption tools and algorithm's, obfuscation methods and advanced delivery mechanism of the communication.

Kaspersky report notes that somewhere in mid 2002 or 2003, Equation Group members used the Oracle database installation CD to infect multiple targets with malware from the group’s extensive library.

As per Kaspersky the number of victims of this cyber snooping operating can range in ‘tens of thousands of victims’ in over 42 countries spread around the world.  NSA apparently used this method to infect PCs primarily in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali at the top of the list.

The NSA victims centred in critical fields including aerospace, nuclear research, government, telecommunications, Islamic activists, energy, and industries, financial concerns, encryption technologies and infrastructure supply chains. Kaspersky researchers say it is difficult to arrive at a absolute number of infections done by the Equation Group because of a self-destruct mechanism built into the malware. so if anyone tries to fetch it out of drives for reverse engineering or other purpose it destroyes itself completely.

After all these events open hardware will help people to trust there system and be tension free that no one has private access to our data 

there many more such hardware backhood implanted by NSA if you want a list visit this wiki page

So who is manufacoring opensource hardware well here is a small list but this not all this industry needs a initiative in open hardware along with innovations to boost up the current senarios of sales and prooducts.

Computer open source hardware list

If this violation of users privacy continues then may be people will loose faith in all the USA based hardware manufacturer so they better audit there products before that happen.

ITS TIME FOR ANOTHER REVOLUTION "THE OPEN SOURCE HARDWARE" TO PROTECT OUT RIGHT OF INTELLECTUAL PRIVACY AND SECURITY
i think its time when Richard Stallman might need to change his phrase's about open source its not just about software anymore

As the advocates of open source draw new users into our community, we free software activists must shoulder the task of bringing the issue of freedom to their attention. We have to say, “It's free software and it gives you freedom!”—more and louder than ever. Every time you say “free software” rather than “open source,” you help our cause.

LOVE PEACE OPENSOURCE 

Friday, 6 February 2015

Check and Patch GHOST Vulnerability CVE-2015-0235 in Linux

Ghost vulnerability is haunting out secure linux system these days. we linux user speaks with huge proud that linux never get infected with viruses and worms but instead we have some vulnerabilities in our system that can be exploited to cause some serious damage if not stopped earlier.

All the system no matter if its a Desktop or Server are at risk due to this new vulnerability.

A buffer overflow vulnerability has been discovered that can allow an attacker to remotely execute code on a Linux computer. It was found in the GNU C Library (glibc)__nss_hostname_digits_dots() function, which is accessible from gethostbyname*() functions. The function can overflow sizeof(*char) bytes 4 or 8 for 32-bit or 64-bit architectures, respectively. -cyberoam.com

 A list of affected Linux distros:-


  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP1 LTSS/ SP2 LTSS/SP3/SP3 for VMware
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1  
Well this vulnerability is caused by a simple buffer overflow in glib library of linux system





You can test or reproduce the bug using the following C code:
/* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
  char buffer[1024];
  char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };

int main(void) {
  struct hostent resbuf;
  struct hostent *result;
  int herrno;
  int retval;

  /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
  size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
  char name[sizeof(temp.buffer)];
  memset(name, '0', len);
  name[len] = '\0';

  retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);

  if (strcmp(temp.canary, CANARY) != 0) {
    puts("vulnerable");
    exit(EXIT_SUCCESS);
  }
  if (retval == ERANGE) {
    puts("not vulnerable");
    exit(EXIT_SUCCESS);
  }
  puts("should not happen");
  exit(EXIT_FAILURE);
}

Proper way to install nvidia 390 fix error

Proper way to install nvidia 390 if you see any error in the process look below; command  sudo apt purge --autoremove '*nvidia*...