Skip to main content

World markets dive as Trump sparks trade, North Korea worries

Global stocks sank Wednesday after US President Donald Trump said he was not satisfied with talks that are aimed at averting a trade war with China. Equities were also dented by poor eurozone economic data, and as Trump cast doubt on a planned summit with North Korean leader Kim Jong Un. “Trump (is) continuing to drive uncertainty over global trade,” said analyst Joshua Mahony at trading firm IG. “European markets are following their Asian counterparts lower, as a pessimistic tone from Trump is compounded by downbeat economic data,” he added. Markets had surged Monday after US Treasury Secretary Steven Mnuchin and Chinese Vice Premier Liu He said they had agreed to pull back from imposing threatened tariffs on billions of dollars of goods, and continue talks on a variety of trade issues. However, Trump has declared that he was “not satisfied” with the status of the talks, fuelling worries that the world’s top two economies could still slug out an economically pain...

See how you Could Uses Fixes MIA for Many Linux Kernel Flaws.

A Google code security researcher's recent discovery of 14 flaws in Linux kernel USB drivers led to last-minute fixes in the Linux 4.14 release candidate code set for distribution on Sunday.
The flaws, which Google researcher Andrey Konovalov disclosed earlier this week, affect the Linux kernel before version 4.13.8.
All 14 have available fixes. However, they are part of a much larger group of 79 flaws affecting the Linux kernel's USB drivers, some of which remain unpatched.
Within this larger group of coding flaws, 22 now have a Common Vulnerabilities and Exposures number, and fixes are available for them.
However, many of the flaws have not been fixed, according to Konovalov.
Konovalov found the flaws using a kernel fuzzer called "syzkaller," created by another Google security researcher, Dmitry Vyukov. The technique involves throwing large volumes of random code at a target piece of software in an attempt to cause crashes.
"All of the exploits require physical access to a computer, so the attack vector is limited to social engineering engagements," noted Russ Wickless, a senior penetration tester at Schellman & Company.
"None of these look like they can be deployed over the Internet," he told LinuxInsider.

CVE Primer

Attackers must have physical access to the computer in order to carry out the attack, Konovalov confirmed.
The flaws also can be used to hack the air-gapped systems that are not connected to the Internet, he warned, but compromised USBs are the only means of infecting a machine with exploit code.
The 14 latest kernel flaws involve faults with specific parts of the USB subsystems. Each of them allows local users to cause a denial of service or possibly have unspecified other impacts initiated from a crafted USB device. A few of the flaws can be exploited to execute code in the kernel.
Konovalov initially reported the first of the 79 bugs last December via a Google Groups mailing list. He continued updating the group with new findings throughout this year. Among those he notified were Google, Linux kernel developers, Intel and The Linux Foundation.
"Some of the issues simply freeze or cause a system to reboot, which is potentially less damaging," said Chris Roberts, chief security architect at Acalvio.
"This is all depending upon where and what the target machine is doing," he told LinuxInsider.
Overhauling the Linux kernel USB subsystem is probably the best place to start to address these problems, Roberts said, adding that it is one area that has been known to have issues for a while.

What's Next

One of the basic approaches to cleaning up the kernel flaws is to apply best practices, suggested Dodi Glenn, VP of cyber security at PC Matic.
"These problems need to be addressed by continuing to scan source code for vulnerabilities and patching the holes as quickly as possible," he told LinuxInsider.
That best practices approach needs to extend to the users as well, suggested Brian Chappell, senior director of enterprise and solutions architecture atBeyondTrust.
"From a Linux user perspective, adopt a clear USB hygiene approach. Do not insert USB devices of unknown origin, and do not leave USB drives attached -- even after these vulnerabilities have been mitigated," he told LinuxInsider.

Who Owns the Fixing?

In this case, it is the community maintainers of this area of kernel code who are responsible for fixing the flaws, said Mike Kail, CTO of Cybric.
However, this problem is not unique to Linux security, he pointed out.
"It simply exposes the lack, once again, of continuous security testing," Kail told LinuxInsider.
Responsibility for the Linux kernel does not fall to the individual distros, but to the kernel community at large, said Schellman & Company's Wickless. It is mostly a matter of keeping the distro's package manager up to date.
Anyone can submit a patch to the kernel, he said.

Linux on Display

Despite recent bad publicity about Linux vulnerabilities, Linux is still the most secure operating system for servers and users alike, Wickless maintained.
"If these would have been remote code execution bugs, that would have given me cause for worry," he added.
Because any operating system today is massively complex and written by humans, errors will exist in the code. Linux is served by a massive community working hard to close off vulnerabilities and improve the code, while also continuing to develop and enhance the operating system, according to BeyondTrust's Chappell.
"Linux still remains a good option for a secure environment. Like all systems, physical access should always be tightly controlled and monitored," he said.
What this says about Linux depends on one's point of view, suggested Chris Morales, head of security analytics at Vectra.
The positive perspective is that the community constantly reviews Linux source code and is able to respond before attackers do, he told LinuxInsider. "The negative view is that open source code is not maintained regularly and depends on an army of volunteers to keep safe. The truth is somewhere in between."

Covered by https://wikiaskblog.com

Comments

Popular posts from this blog

How to Migrate from Bootstrap Version 3 to Advance Bootstrap 4.

This article would illustrate and expatiate on how to  migrate from Bootstrap 3 to Bootstrap 4 ? You’re in luck; today we’ll walk through the changes and new features between versions. The changes you need to make are generally just class renames and some set-up. To save you a lot of time scouring the changelog, I have compiled a list of the things you need to know when migrating from Bootstrap 3 to Bootstrap 4. We will start by discussing the changes made in Bootstrap 4 framework and how it will affect your website performance. Then we will examine the new way of  installing bootstrap and how the grid measurement unit  has change and how  flexbox can help on responsive designs . We will also discuss changes to some of the components and take a look what happens to JavaScript on the new version. Finally, we’ll take a look at some of the new components including cards, tooltips and flexbox. If you are getting ready to migrate a site from the old Bootst...

World markets dive as Trump sparks trade, North Korea worries

Global stocks sank Wednesday after US President Donald Trump said he was not satisfied with talks that are aimed at averting a trade war with China. Equities were also dented by poor eurozone economic data, and as Trump cast doubt on a planned summit with North Korean leader Kim Jong Un. “Trump (is) continuing to drive uncertainty over global trade,” said analyst Joshua Mahony at trading firm IG. “European markets are following their Asian counterparts lower, as a pessimistic tone from Trump is compounded by downbeat economic data,” he added. Markets had surged Monday after US Treasury Secretary Steven Mnuchin and Chinese Vice Premier Liu He said they had agreed to pull back from imposing threatened tariffs on billions of dollars of goods, and continue talks on a variety of trade issues. However, Trump has declared that he was “not satisfied” with the status of the talks, fuelling worries that the world’s top two economies could still slug out an economically pain...

Saturated Fats vs. Unsaturated Fats.

Saturated Fats vs. Unsaturated Fats Diffen  ›  Food  ›  Diet & Nutrition The human body needs both  saturated fats  and  unsaturated fats  to remain healthy. Most dietary recommendations suggest that, of the daily intake of fat, a higher proportion should be from unsaturated fats, as they are thought to promote  good cholesterol  and help prevent cardiovascular disease, whereas an overabundance of saturated fats is thought to promote bad cholesterol. However,  a few studies  have found that little evidence for a strong link between the consumption of saturated fat and cardiovascular disease. Note: It is technically more accurate to call saturated and unsaturated fats types of  fatty acids , as it is specifically the  fatty acid  found in a fat that is either saturated or unsaturated. However, referring to fatty acids as fats is common. Comparison chart Saturated Fats versus Unsaturated F...