News

Fedora developer Vratislav Podzimek has announced a new partition tool built from storage and configuration management tools used in Fedora's Anaconda installer. The new tool, known as blivet-gui, is based on the blivet Python library used in Anaconda. The new tool could eventually become a replacement for GParted and other open source partition tools.

According to the developer, the Linux community needs a new partition tool because of all the new storage technologies that have appeared over the past few years. Traditional tools such as GParted no longer support the full range of Linux filesystem and storage options.

Podzimek's blog states, "The GUI of blivet-gui is heavily based on GParted's UI to minimize the surprise, which is very important in such a critical task as storage management. If you know how to work with GParted, you'll almost instantly know how to work with blivet-gui."

The new tool is still a work in progress. New features like RAID and Btrfs support are still on the way. In the meantime, the developer welcomes bug reports, feature requests, and patches from the community.

The Mozilla Foundation has released a new version of the Mozilla Firefox web browser. Firefox 32 is available through the Firefox website, and the new version will be making its way into Linux repositories and distros over the next few weeks.

As you might surmise from the release number (32), new releases come fairly frequently for Firefox; however, the latest release is attracting some attention, with new security features and improved HTML5 support. A significant change is the addition of public key pinning, which helps prevent man-in-the-middle attacks. Public key pinning lets a website owner specify which certificate authorities have issued valid certificates for the site and reject certificates issued by other authorities. Key pinning is advocated by many security experts, although one could argue that it does abandon the hierarchical unity of the global certificate authority system and, perhaps, returns to an older interpretation of what it means to be "trusted." Time will tell whether public key pinning and other similar concepts will prove popular enough to change the overall security of the Internet.

Also in Firefox 32, the password manager offers better performance and provides additional user-viewable historical information. See the Firefox site for a summary of HTML5 improvements.

The US National Institute of Standards and Technologies (NIST) has published a draft of new Guidelines for SSH Key Management. The new guidelines are aimed at government system admins and CIOs but are intended to serve as a general, best-practice standard for the IT industry. The draft version of NISTIR7966 "Security of Automated Access Management Using Secure Shell (SSH)" is available for download at the NIST website.

SSH co-creator Tatu Ylonen serves as lead author for the guidelines. Early chapters of the 43-page PDF document cover SSH basics and discuss the most common vulnerabilities associated with SSH keys. Later sections focus on recommended practices and procedures for planning and implementing a key management policy.

The guidelines highlight the need for continuous monitoring and auditing of key use, as well as proper configuration and procedures for terminating key access.

Account names and passwords for 5 million Gmail accounts were leaked to Russian forums. A 50MB ZIP file containing the account names and clear-text passwords has appeared on various sites. Google released a statement that plays down (but does not eliminate) the potential danger. The statement says the users on the list have already been notified to change their passwords and that "only around 2%" of the name/password combinations were still working.

Google says the leaks are not due to any security breach within Gmail but were obtained from other sources. The exact meaning of this disclaimer is not clear, but it is possible that readers were enticed to give up their Gmail passwords through a trojan or phishing scheme. Other passwords might have been obtained by attacks on third-party sites that (for whatever reason) stored the user's Gmail password or, possibly, had a password that exactly matched the Gmail password.

One question that Google did not address (and probably doesn't know) is whether other password lists exist that are still undiscovered. The best advice for avoiding ending up on such a list is the same as always for password hacks: According to Google, "Make sure you're using a strong password unique to Google. Update your recovery options so we can reach you by phone or email if you get locked out of your account. And consider 2-step verification, which adds an extra layer of security to your account." Google's press release points to a website where users can update their contact and security information.

In a move that surprised many industry insiders, HP has purchased cloud tool vendor Eucalyptus. HP has been working hard on entering the market as a cloud provider through its HP Helion service, and the company is seen as a strong backer of OpenStack technology. That HP would spend a sum that is estimated at around US$ 100 million for an alternative cloud platform is a surprising development.

The press release announcing the transaction offers few clues for the strategy behind the purchase. Eucalyptus was an early leader in the cloud game before losing attention and market share to rival OpenStack. One reason for the purchase might be Eucalyptus's close ties and ready interface with Amazon Web Services. Eucalyptus's Amazon connections make it ideal for hybrid cloud scenarios, in which a private cloud connects with a public cloud system for peak load and failover services.

HP will be able to sell OpenStack for public cloud configurations and keep Eucalyptus around as an option for private and hybrid cloud scenarios. The deal also gives HP some leverage over the Eucalyptus/Amazon relationship, although it isn't clear whether Amazon will continue to support close ties with Eucalyptus now that it is owned by a cloud competitor. In the long run, HP might intend to adapt Eucalyptus to provide the same level of affinity for the HP Helion cloud it now has for AWS.

This unexpected Eucalyptus purchase underscores an interesting point that could easily get lost in the rush to cloud: Unlike Rackspace, Red Hat, Amazon, Microsoft, and many other companies offering cloud services, HP is primarily a hardware vendor, and they get lots of money for selling the server systems that wind up in conventional server rooms. HP therefore stands to benefit from a local cloud or hybrid cloud scenario that keeps computing resources on site.

Intel has released a new eight-core chip intended for high-end desktop systems. The Intel Core i7-5960 processor Extreme Edition (known as Haswell-E in the development phase) runs at 3GHz and comes with 20MB of Level 3 cache. The eight cores support 16 software threads.

Intel makes no secret of the fact that the new chip, which will sell for US$ 999, is aimed at the high-end gaming market and "enthusiasts who push their systems further than anyone." The system is designed to run cool and to support extensive overclocking to scale up performance. According to Alienware General Manager Frank Azor, "Using new overclocking and monitoring features in Alienware Command Center 4.0, we've been able to really push the processors to the fullest extent and are seeing impressive overclocking headroom. This new Intel processor lineup is the perfect choice for gamers who demand the absolute best performance from their systems."

Despite the initial emphasis on gaming, new technologies in the Intel Core i7-5960 could also benefit professional users in complex modeling and graphics scenarios. As always, the trend toward bigger and faster could eventually work its way back to the general computing market as new applications and components arise to make use of the expanded capabilities.

Researchers at Carnegie Mellon University have developed a way of predicting if a currently uncompromised website will become malicious before it happens. According to their results, nearly 3 million web pages are vulnerable to possible exploitation within the next year. Kyle Soska and Nicolas Christin used the Internet Archive, which periodically stores snapshots of large parts of the Internet, to comb through recent history and look for common traits of websites that become compromised by Internet attackers. According to a paper presented at the recent USENIX Security Symposium, the authors of the study "… manage[d] to achieve good detection accuracy over a one-year horizon; that is, we generally manage to correctly predict that currently benign websites will become compromised within a year."

The authors employed an intelligent algorithm, using samples of malicious sites from blacklists such as PhishTank to train their system to recognize a compromised site. They then used the Internet Archive's Wayback machine, which searches the state of the Internet at previous points in recent history, to look for common characteristics of these sites before they were compromised. The assessment ignored user-supplied content and focused on factors such as unpatched web services and site structure, as well as anomalies in web traffic. The system learned to identify vulnerable sites on the verge of becoming compromised three to 12 months in advance.

In theory, this method could help organizations find flaws in their sites that could eventually lead to compromise. Search engines could also use a version of this technique to warn users about possible vulnerable pages that appear on the search list, which would provide a big incentive for webmasters to put their sites in order.

PC vendor turned cloud provider says the OpenStack march is still on – but why not spice up the mix?

Researchers at Dell SecureWorks Counter Threat Unit (CTU) released a report on their analysis of the CryptoWall ransomware system. CTU says it considers CryptoWall "the largest and most destructive ransomware threat on the Internet," and they believe the threat will "continue growing." Since its appearance in November 2013, CryptoWall has infected 625,000 systems. Like other ransomware tools, CryptoWall takes over the victim's system, encrypts the hard drive, and then charges a fee to the victim to release the files. Dell estimates CryptoWall has earned more than US$  1,100,000 for attackers by exacting ransom payments.

According to the report, "The ransom has frequently fluctuated at the whim of the botnet operators, and no exact pattern has been established that determines which victims receive a particular ransom value. Ransoms ranging from $200 to $2,000 have been demanded at various times by CryptoWall's operators. The larger ransoms are typically reserved for victims who do not pay within the allotted time (usually 4 to 7 days). In one case, a victim paid $10,000 for the release of their files."

The Dell SecureWorks team apparently registered a domain used by CryptoWall as a backup command and control center, allowing them to monitor the malware's behavior and estimate the extent of its reach. Although the CryptoWall code is not as sophisticated as some ransomware alternatives, and the money-laundering enterprise isn't as advanced, the creators have been very successful at distributing CryptoWall around the world, mostly through spam messages with embedded phishing links.

The report provides a detailed description of the malware's behavior and some of the scam messages used to propagate it. As you might have already guessed, the best defenses are: Back up your data and don't click on unfamiliar links from untrusted sources.