Ryan Dahl, creator of Node.js and Deno, gave a new interview this week to the IT outsourcing company Evrone: Evrone: You have hands-on experience with lots of programming languages: C, Rust, Ruby, JavaScript, TypeScript. Which one do you enjoy the most to work with? Ryan: I have the most fun writing Rust these days. It has a steep learning curve and…
Tag: SSH
Backdoor Account Discovered in More Than 100,000 Zyxel Firewalls, VPN Gateways
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. From a report: The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms…
A New Botnet Is Covertly Targeting Millions of Servers
An anonymous reader quotes a report from Wired: FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe. Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch…
Hacker Leaks Passwords For 900+ Enterprise VPN Servers
A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet reports: According to a review, the list includes: IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware version, SSH keys for each server, a list of all local users and their password…
State-of-the-Art Crypto Goes Post-Quantum (with Containerized TinySSH)
emil (Slashdot reader #695) writes: The advent of quantum computing poses a well-recognized threat to RSA and other well-known asymmetric cryptosystems. It has been four years since NIST opened the post-quantum cryptography competition, and we are seeing extensive delays compared to AES. A new and (hopefully) quantum-secure SSH key exchange, based on NTRU Prime, has been present in OpenSSH since January…
Supercomputers Breached Across Europe To Mine Cryptocurrency
An anonymous reader quotes ZDNet: Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain. Cado Security, a US-based cyber-security firm,…
Linus Torvalds Pulls WireGuard VPN into Linux 5.6 Kernel Source Tree
“The WireGuard VPN protocol will be included into the next Linux kernel as Linus Torvalds has merged it into his source tree for version 5.6,” reports TechRadar: While there are many popular VPN protocols such as OpenVPN, WireGuard has made a name for itself by being easy to configure and deploy as SSH… The WireGuard protocol is a project from security…
7 Years Later, Emergency Alert Systems Still Unpatched, Vulnerable
chicksdaddy writes: The Security Ledger is reporting that more than 50 Emergency Alert System (EAS) devices made by Monroe Electronics (now Digital Alert Systems) are un-patched and accessible from the public Internet, seven years after security researchers alerted the public about security flaws in the devices. More than 50 EAS deployments across the United States still use a shared SSH key,…
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
ThreatPost reported on some big research last week: A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by Gaëtan Leurent and Thomas Peyrin, academic researchers at Inria France and Nanyang Technological…