Weekly Roundup Episode 100! A lot of major news!

Debian 10 was released and Netflix will produce a new series based on Neil Gaiman's "Sandman".
Finally, a famous cybersecurity expert is leaving a famous company, while chinese governement makes questionable uses of mobile apps.



INBOX

In a message on my Facebook Page, Nick asks:

Andrea, could you please recommend software to make the .img for recuperabit? Thanks Nick

So, two suggestions: on Linux systems you could use the old-but-gold "dd":

# dd if=/dev/sdX of=./image.img bs=1M

On Windows, you can use a free version of FTKImager or an OSS tool like Clonezilla.


Technology

Debian 10 "buster" released

After 25 months of development the Debian project is proud to present its new stable version 10 (code name "buster"), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team.

Debian 10 "buster" ships with several desktop applications and environments. Amongst others it now includes the desktop environments:  

* Cinnamon 3.8,  
* GNOME 3.30,  
* KDE Plasma 5.14,  
* LXDE 0.99.2,  
* LXQt 0.14,  
* MATE 1.20,  
* Xfce 4.12.

In this release, GNOME defaults to using the Wayland display server instead of Xorg.

https://lists.debian.org/debian-announce/2019/msg00003.html


Cybersecurity

New Malware Evades Traffic Monitoring via DNS over HTTPS

A Lua-based backdoor malware capable of targeting both Linux and Windows users while securing its communication channels via DNS over HTTPS (DoH) was discovered by researchers at Network Security Research Lab of Qihoo 360.
By using DoH to encapsulate the communication channels between command-and-control servers, the infected machines, and the attacker-controlled servers within HTTPS requests, the malware dubbed Godlua manages to block researchers from analyzing its traffic.
Godlua's main function seems to be that of a DDoS bot and it was already seen in action when its masters launched an HTTP flood attack against the liuxiaobei[.]com domain, as observed by the Qihoo 360 researchers.

https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Canonical’s GitHub Account has been compromised!

On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., the organization behind the Ubuntu Linux distribution.
The company immediately launched an investigation, the good news is that the source code of the popular Linux distro was not impacted.
“We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities.”

https://www.andreafortuna.org/2019/07/07/canonicals-github-account-has-been-compromised/

RDP BlueKeep exploit shows why you really, really need to patch

https://vimeo.com/344915265

The PoC, described by BlueKeep namer and ‘megathread’ keeper Kevin Beaumont as ‘incredible‘, was created by the SophosLabs Offensive Security team.
The code is obviously too dangerous to be released publicly, so SophosLabs has recorded a video showing the fileless exploit being used to gain full control of a remote system without authentication.

https://nakedsecurity.sophos.com/2019/07/01/rdp-bluekeep-exploit-shows-why-you-really-really-need-to-patch/

Security maven Bruce Schneier is leaving IBM

Infosec veteran Bruce Schneier has said he'll step down as a "special advisor" to IBM's security business to, in part, focus his time on teaching the next generation of security pros.
Schneier said he also wanted to focus on work with nonprofit projects including Tor and the Electronic Frontier Foundation (EFF), where he is a board member.

https://www.theregister.co.uk/2019/07/01/dont_tell_alice_and_bob_security_guru_schneier_is_leaving_ibm/


Privacy

China installs a surveillance app on tourists’ phones while crossing in the Xinjiang

China’s border authorities routinely install the app on smartphones belonging to travelers who enter Xinjiang by land from Central Asia, according to several people interviewed by the journalists who crossed the border recently and requested anonymity to avoid government retaliation. Chinese officials also installed the app on the phone of one of the journalists during a recent border crossing. Visitors were required to turn over their devices to be allowed into Xinjiang.

https://www.nytimes.com/2019/07/02/technology/china-xinjiang-app.html

Google Turns to Retro Cryptography to Keep Data Sets Private

Certain studies require sensitive data sets: the relationship between nutritious school lunch and student health, the effectiveness of salary equity initiatives, and so on. Valuable insights require navigating a minefield of private, personal information. Now, after years of work, cryptographers and data scientists at Google have come up with a technique to enable this "multiparty computation" without exposing information to anyone who didn't already have it.

https://www.wired.com/story/google-private-join-compute-database-encryption/

What Is Homomorphic Encryption?

Homomorphic encryption is a method of performing calculations on encrypted information without decrypting it first. Why do you care about some arcane computer math? Because it could make cloud computing a lot more secure. It's not quite ready for your email though—right now it makes processes literally a million times slower if you use it.

https://www.wired.com/2014/11/hacker-lexicon-homomorphic-encryption/


SciFi

Netflix is reportedly adapting Neil Gaiman’s Sandman

Another Neil Gaiman property is being adapted for the small screen. The Hollywood Reporter says that Netflix is closing in on a deal with Warner Bros. to adapt the author’s acclaimed comic series Sandman into a live-action TV show, in what is being described as “the most expensive TV series that DC entertainment has ever done.”

https://www-theverge-com.cdn.ampproject.org/c/s/www.theverge.com/platform/amp/2019/6/30/20656664/netflix-neil-gaiman-sandman-tv-series-comic-book-adaptation-allan-heinberg

'Sandman' TV Series From Neil Gaiman, David Goyer — With Huge Price Tag — a Go at Netflix

The drama, from Warner Bros. TV, landed at the streamer with what sources describe as a massive financial commitment and DC Entertainment's most-expensive TV foray ever.

https://www.hollywoodreporter.com/live-feed/sandman-tv-series-neil-gaiman-david-goyer-a-go-at-netflix-1220761

Netflix is set to adapt Neil Gaiman's 'Sandman' comics into a TV series

Beloved by comic fans, Sandman mixes elements of fantasy, horror, and folklore to tell the tale of Morpheus, the Lord of Dreams, and the other six Endless beings who personify aspects of the universe. The series is published by Vertigo, an imprint of DC Comics.

https://www.engadget.com/2019/07/01/netflix-neil-gaiman-sandman/?guccounter=1