More from: Technical

Meltdown attack targets Intel processors

For some reason I have felt the preference to buy AMD processors in all my builds for the last decade. I am not against Intel – I used Intel and Motorola processors from the 1970’s onward. I do use liquid cooling and other after market heat sink arrangements which causes me to prefer the socket arrangements for AMD because I feel the AMD is more mechanically solid, but I could identify nothing really significant in my mind that caused this preference. Here is one more little nudge in the AMD direction.

From Information Week’s Dark Reading

Meltdown allows user applications to pilfer information from the operating system memory, as well as secret information of other programs. “If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure,” the researchers wrote in an FAQ about the attacks. “Luckily, there are software patches against Meltdown,” referring to Linux, Windows, and OS X updates (not all of which are yet available, however).

Most Intel processors since 1995 are affected by Meltdown, with the exception of Intel Itanium and Intel Atom prior to 2013). Only Intel processors are confirmed to be affected by it so far.


Worst passwords of 2017

From an article on Tech Republic

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” says Slain. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”

Here are the top 20 worst passwords of 2017:

1. 123456

2. password
3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

11. admin

12. welcome

13. monkey

14. login

15. abc123

16. starwars

17. 123123

18. dragon

19. passw0rd

20. master

Read more on Tech Republic at https://www.techrepublic.com/article/the-20-worst-passwords-of-2017-did-yours-make-the-list/


Microsoft Office exploit

How to remove fingerprints from Windows 10

From Tech Republic today: A newly discovered Microsoft Office zero day could put any machine with an Office install at risk. According to a blog post from cyber security company Sophos, the exploit can deliver remote access Trojans (RATs) without the need to run macros. There’s also not a guaranteed way to stop DDE attacks since they rely on remote access to malicious code and therefore avoid a good portion of antivirus protections.

See the article on Tech Republic


MySQL upgrade – Got error: 2002

free graphic of bed bug

Bug

If you manually control when MySQL starts on your workstation, during upgrade you get “Can’t connect to local MySQL server through socket”. The solution (login as root) that worked for me is to enable MySQL with “systemctl enable mysql”, do the upgrade, then disable again with “systemctl disable mysql”.

systemctl enable mysql

dpkg –configure mysql-server-5.7 (or apt-get dist-upgrade or whatever)

systemctl disable mysql

The error from my screen is as follows:

Setting up mysql-server-5.7 (5.7.20-0ubuntu0.16.04.1) …
insserv: warning: current start runlevel(s) (empty) of script `mysql’ overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `mysql’ overrides LSB defaults (0 1 6).
mysql_upgrade: Got error: 2002: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2) while connecting to the MySQL server
Upgrade process encountered error and will not continue.
mysql_upgrade failed with exit status 11
dpkg: error processing package mysql-server-5.7 (–configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
mysql-server-5.7

There were many opinions as to how to correct. The fix that worked for me was merely to enable MySQL  do the upgrade, then disable it again. Thanks to https://launchpad.net/~leszekpuzio post on https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1605948.

lpuzio (leszekpuzio) wrote : #6

Hi,

I had the same error. I solved this by one command:
sudo systemctl enable mysql

Than I had to start MySql:
sudo service mysql start

After this I was able to update:
sudo apt dist-upgrade

One could try to recreate this bug by disabling MySql before upgrade:
sudo systemctl disable mysql

I hope this helped you.

Regards,


Severe Vulnerability in All Wi-Fi Devices

This entry was posted in General Security on October 16, 2017 by Mark Maunder   22 Replies

There is apparently a major Wi-Fi vulnerability that affects all devices using Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections.

You can read more on the WordFence blog here:

https://www.wordfence.com/blog/2017/10/krack-and-roca/