Scality just announced their newest cloud-native storage object solution, ARTESCA. Secure messaging app, Signal, has discovered Vulnerabilities in Celebrite. An internet outage in a Canadian Village has been blamed on a beaver. We discuss these stories and much more on this week’s Rundown.
HashiCorp found itself in need of revoking a private signing key this week after it was exposed on the Internet. Codecov, an auditing tool designed to help developers test their code, was compormised and ran scripts that collected data from various companies implementing the tool. The malicious scripts collected sensitive data, including private keys used to sign software patches. The breach could have allowed the malacious users to install software that appeared to be legitimate. HashCorp quickly revoked the signing key and rotated to a new key. HashiCorp said it will monitor the situation but also urged users to be vigilant about the exposed key being used to validate software.
It’s a bad day to be a Golden Gopher if you’re a Linux fan. The Univeristy of Minnesota has found itself banned from submitting kernel patches to the Linux kernel development system after they ran afoul of Greg Kroah-Hartman, one of the leaders of the community effort. UMN had previously submitted a series of mangled patches to the kernel and wrote a paper on their findings about stealthily adding vulnerabilities to open source software. After attempting to send in additional patches this week and claiming they were created by automated testing tools, Kroah-Hartman dropped the hammer on the team and banned them from all future contributions to the open source project for “bad-faith intent to cause problems.”
The ongoing saga of the Emotet malware framework took an unexpected turn this week as the viral software was deleted from all infected computers. The move was made by Dutch police in coordination with a global task force designed to bring a halt to the spread of the malware. The agency send an update to infected systems that deleted the malicious code and removed the program on Sunday evening. Researchers at Malwarebytes confirmed their infected test machine was automatically purged.
Scality is talking about their newest cloud-native object storage solution, ARTESCA. The scale-out solution is currently exclusively available from HPE and uses the S3 interface to provision storage for stateful containers. It integrates with Scality’s existing RING architecture and offers customers options to support Kubernetes deployments across a variety of providers. Scality says the current targets for use are cloud-native IoT edge deployments, AI and ML solutions, and big data analytics platforms.
Celebrite is a company that makes tools specifically designed to break into iPhones and extract forensics data. The popular devices are used by several organizations that are interested in getting through the privacy walls that Apple has put up in iOS. Recently, Moxie Marlinspike, the creator of popular secure messaging app Signal was able to find one of these devices and set about pulling it apart to see how it worked. He found a strange amalgamation of old software and bug-ridden tools. He also found a way to craft specific files that could execute code on the Celebrite system that would take over and crash the software completely. After posting his findings on the Signal blog and making it very clear these files would start to be included in future releases of the software, Celebrite patched their outdated software and announced that their deep scanning tool would no longer be compatible with all iPhones.
In case you thought your ISP had issues, welcome to Tumbler Ridge, British Columbia. The sleepy Canadian town of around 900 found itself cut off from the Internet on Saturday morning. After investigating the incident, Telus was able to determine that an eager beaver had chewed through the fiber line connecting the town to Telus’s backbone. The fiber was encased in a 5-inch conduit three feet underground. No word on the certifications the beaver held or if he was part of a secret conspiracy with backhoe operators to create a global fiber apocalypse.
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.