Victoria Fox's Blog, page 115

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye.Getty Images

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.

The compression utility, known as xz Utils, introduced the malicious code in versions ​​5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no confirmed reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora 40 and Fedora Rawhide and Debian testing, unstable and experimental distributions.

Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it’s not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm ANALYGENCE, said in an online interview. “BUT that’s only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

Breaking SSH authentication

The first signs of the backdoor were introduced in a February 23 update that added obfuscated code, officials from Red Hat said in an email. An update the following day introduced functions for deobfuscating that code and injecting it into code libraries as they were being built during the xz Utils update process. The malicious code has resided only in the archived releases—known as tarballs—which are released upstream. So-called GIT code available in repositories aren’t affected, although they do contain second-stage artifacts allowing the injection during the build time. In the event the obfuscated code introduced on February 23 is present, the artifacts in the GIT version allow the backdoor to operate.

The malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project.

“Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system,” an official with distributor OpenWall wrote in an advisory. “Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the ‘fixes’” provided in recent updates. Those updates and fixes can be found here, here, here, and here.

On Thursday, someone using the developer’s name took to a developer site for Ubuntu to ask that the backdoored version 5.6.1 be incorporated into production versions because it fixed bugs that caused a tool known as Valgrind to malfunction.

“This could break build scripts and test pipelines that expect specific output from Valgrind in order to pass,” the person warned, from an account that was created the same day.

One of maintainers for Fedora said Friday that the same developer approached them in recent weeks to ask that Fedora 40, a beta release, incorporate one of the backdoored utility versions.

“We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added),” the Ubuntu maintainer said.

He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise.

Maintainers for xz Utils didn’t immediately respond to emails asking questions.

The malicious versions, researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems. SSH provides robust encryption for ensuring only authorized parties connect to a remote system. The backdoor is designed to allow a malicious actor to break the authentication and from there gain unauthorized access to the entire system. The backdoor works by injecting code during a key phase of the login process.

“I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access,” Freund wrote. “Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.”

In some cases, the backdoor has been unable to work as intended. The build environment on Fedora 40, for example, contains incompatibilities that prevent the injection from correctly occurring. Fedora 40 has now reverted to the 5.4.x versions of xz Utils.

Xz Utils is available for most if not all Linux distributions, but not all of them include it by default. Anyone using Linux should check with their distributor immediately to determine if their system is affected. Freund provided a script for detecting if an SSH system is vulnerable.

SOURCE

The subsidiary of the listed group Innovative Solutions Ecosystem (ISE) presents voluntary bankruptcy due to continued losses and lack of financing. In the past decade, the company tried to compete with Indra in the electoral counting business in Spain, but the fiasco of its management during the 2019 municipal and European elections buried its aspirations.

End of stage for one of the great promises of the Spanish technological ecosystem. The company Scytl Election Technologies , specialized in electoral processes, has filed a voluntary liquidation contest before the Commercial Courts of B

To continue reading go Premium
Try it for €1 the first month

and enjoy unlimited access to all Expansión web content

I love you

Or sign up with your Google account in two clicks

SOURCE

The French fund is studying all possibilities for the former Lyntia Access, valued at around 1,000 million euros. Grow, sell it or merge it to participate in the consolidation of the sector.

Antin Infrastructure Partners , the French investment fund, has hired the Swiss bank UBS to help it study strategic alternatives for Elanta , the neutral wholesale operator of fiber optic networks – formerly called Lyntia Access -, s

To continue reading go Premium
Try it for €1 the first month

and enjoy unlimited access to all Expansión web content

I love you

Or sign up with your Google account in two clicks

SOURCE

Maryanne Wolf actually wanted to become a Rilke researcher. Then she realized how important reading is for children and their development and went into science. Today she is one of the most renowned reading researchers in the world.

ZEIT ONLINE: Ms. Wolf, when I read a text on my smartphone, I sometimes skip entire paragraphs. Has reading on a screen shortened my attention span?

Maryanne Wolf: Yes. The screen programs us to be distracted. This is an extraordinary change from the kind of immersive or in-depth reading we experience on paper or in a hardback book.

SOURCE

FTX founder Sam Bankman-Fried has been sentenced to 25 years in prison in a New York court. U.S. District Judge Lewis Kaplan imposed the sentence at a hearing in Manhattan after rejecting Bankman-Fried’s claim that FTX customers did not lose money. He accused him of lying during his trial testimony.

Judge Kaplan said Bankman-Fried was capable of “doing something very bad in the future, and that is not a small risk.” Bankman-Fried also showed no remorse, even though he knew what he did was wrong. The 32-year-old’s lawyers have been considering an appeal since his conviction in November.

In addition to the prison sentence, Kaplan also ordered the confiscation of $11.2 billion from Bankman-Fried, US broadcaster CNN reported. However, there will be no compensation payments as this is practically impossible in this case with so many victims.

Guilt confirmed in November

The founder of the cryptocurrency exchange FTX was found guilty by a jury in November. The public prosecutor requested 40 to 50 years in prison. Bankman-Fried’s lawyers suggested around six years in prison. They point out that investors could be compensated by monetizing former investments by FTX.

FTX is one of the largest cryptocurrency trading venues alongside Bitcoin and collapsed at the end of 2022. Bankman-Fried was arrested in the Bahamas and extradited to the United States. He was found guilty of, among other things, fraud and money laundering. Under his leadership, FTX customer assets were secretly invested in the crypto investment fund Alameda Research, also founded by Bankman-Fried. But due to the general crisis of digital currencies, investors withdrew their funds and FTX went bankrupt. In the end, around 7.98 billion euros were missing.

Losses of billions, perjury, influencing witnesses

Judge Kaplan rejected Bankman-Fried’s argument that FTX’s customers did not actually lose money. On the contrary, FTX customers would have lost $8 billion, FTX equity investors $1.7 billion and Alameda Research lenders $1.3 billion.

He also rejected the argument that the losses would be fully repaid as part of the bankruptcy process. “Defendant’s assertion that FTX customers and creditors will be paid out in full is misleading, logically flawed and speculative,” Kaplan said. “A thief who brings his loot to Las Vegas and successfully bets with the stolen money is not entitled to a reduction in sentence by using his Las Vegas winnings to repay the stolen money.”

The judge also found that Bankman-Fried lied on the witness stand at his fraud trial last year when he said he did not know that his hedge fund had spent customer money from the FTX cryptocurrency exchange he founded.

In court, Bankman-Fried apologized to his former colleagues at FTX. “They put a lot of themselves into it, and I threw it all away,” Bankman-Fried said. It haunts him every day. Former confidants of Bankman-Fried, who was previously celebrated as a child prodigy, had heavily incriminated him and confirmed deliberate fraud .

FTX founder Sam Bankman-Fried has been sentenced to 25 years in prison in a New York court. U.S. District Judge Lewis Kaplan imposed the sentence at a hearing in Manhattan after rejecting Bankman-Fried’s claim that FTX customers did not lose money. He accused him of lying during his trial testimony.

Judge Kaplan said Bankman-Fried was capable of “doing something very bad in the future, and that is not a small risk.” Bankman-Fried also showed no remorse, even though he knew what he did was wrong. The 32-year-old’s lawyers have been considering an appeal since his conviction in November.

SOURCE

The new group will have 7.3 million fiber customers compared to Movistar’s 5.9 million and 30 million mobile customers compared to its rival’s 20 million, although it will be lower in sales and EBITDA.

Orange and MásMóvil definitively closed yesterday the merger of their businesses in Spain , which creates the national leader in the telecommunications sector in terms of customers, although not in revenue or gross operating margin (ebitda). It is the largest or

To continue reading go Premium
Try it for €1 the first month

and enjoy unlimited access to all Expansión web content

I love you

Or sign up with your Google account in two clicks

SOURCE

Even if the Government reached the 6.7% necessary to demand a director, it could not appoint him before the meeting and would have to propose an extraordinary meeting.

The Government of Pedro Sánchez has decided to finally start the landing in the capital of Telefónica , with the announcement on Monday that the state holding Sepi – dependent on the Ministry of Finance – has already reached 3% of the teleco , despite not co

To continue reading go Premium
Try it for €1 the first month

and enjoy unlimited access to all Expansión web content

I love you

Or sign up with your Google account in two clicks

SOURCE

Boys get cars and girls get dolls. At least that no longer seems to be a law of nature today, and it is just as pleasing that the blue-pink dichotomy of children’s clothing is now being questioned. Nevertheless, many assumptions about gender-neutral child-rearing crumble when you see the crowds of three to ten-year-old girls in blue glittery dresses who visit the Hamburg Frozen every day. There is something that fascinates – not only, but especially – many young girls about princesses.

Nintendo probably thought exactly of this target group and now Princess Peach: Showtime! published. After the test it is clear: this game should be fun for all children. And if a girl wants to be a princess, then this one is the coolest.

SOURCE

Amazon recently made a significant investment in the startup company Anthropic, pouring $2.7 billion into the venture. This investment is the largest ever made by Amazon in a startup, highlighting the company’s confidence in Anthropic’s potential.
Anthropic is a technology company that specializes in artificial intelligence (AI) research and development. Their expertise lies in developing AI systems that have a deep understanding of human behavior and can make intelligent decisions accordingly. This aligns with Amazon’s focus on AI technology and its goal of enhancing customer experiences.
By investing in Anthropic, Amazon aims to leverage the startup’s cutting-edge AI capabilities to further improve its products and services. This strategic move allows Amazon to tap into Anthropic’s advanced algorithms and models to enhance its recommendation systems, personalization features, and overall customer satisfaction. With AI playing an increasingly significant role in the e-commerce industry, this investment positions Amazon at the forefront of AI innovation.
Moreover, this investment also represents Amazon’s commitment to supporting and nurturing startups in the tech industry. By injecting a substantial amount of capital into Anthropic, Amazon provides the startup with the resources it needs to accelerate its growth and develop breakthrough AI technologies. This demonstrates Amazon’s dedication to fostering innovation and driving technological advancements in the market.
For Anthropic, this investment presents a tremendous opportunity for expansion and further research and development. With Amazon’s backing, Anthropic gains access to the vast resources and expertise of one of the world’s most influential technology companies. This partnership will enable Anthropic to scale its operations, attract top talent, and push the boundaries of AI technology even further.
In conclusion, Amazon’s $2.7 billion investment in Anthropic marks a significant milestone in the tech industry. It showcases Amazon’s confidence in Anthropic’s AI capabilities and signals the company’s commitment to staying at the forefront of technological innovation. With this partnership, both Amazon and Anthropic are poised to shape the future of AI and revolutionize the way we interact with technology.

url url url url url url url url url url url url url url url url url url url url url url url url url url url url url url

The Government begins its escalation to 10% of the operator, ending 27 years in which it has been private. He claims that it will give shareholder stability to a “strategic” company.

The State Society of Industrial Participations (Sepi) , the public business holding company dependent on the Ministry of Finance directed by María Jesús Montero , announced yesterday that it has already reached 3% in the capital of Telefónica . Holding clears

To continue reading go Premium
Try it for €1 the first month

and enjoy unlimited access to all Expansión web content

I love you

Or sign up with your Google account in two clicks

SOURCE