Linux, FreeBSD servers infected to run like Windows bot

A malware with the code name “Mayhem” has recently been found infecting Linux and FreeBSD servers throughout the world.

Malware dubbed Mayhem is spreading through Linux and FreeBSD web servers, researchers say. The software nasty uses a grab bag of plugins to cause mischief, and infects systems that are not up to date with security patches.

Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov, who work at Russian internet portal Yandex, discovered the malware targeting *nix servers. They traced transmissions from compromised computers to two command and control (C&C) servers. So far they have found 1,400 machines that have fallen to the code, with potentially thousands more to come.

“In the *nix world, autoupdate technologies aren’t widely used, especially in comparison with desktops and smartphones. The vast majority of web masters and system administrators have to update their software manually and test that their infrastructure works correctly,” the trio wrote in a technical report for Virus Bulletin.

“For ordinary websites, serious maintenance is quite expensive and often webmasters don’t have an opportunity to do it. This means it is easy for hackers to find vulnerable web servers and to use such servers in their botnets.”

FreeBSD Foundation Accepting Travel Grant Applications (EuroBSDCon 2014)

logo_freebsdfoundation For FreeBSD developers interested in attending EuroBSDCon 2014, the FreeBSD Foundation is currently taking applications for travel grants.

The FreeBSD Foundation will be providing a limited number of travel grants to individuals requesting assistance. Please fill out and submit the Travel Grant Request Application at http://www.freebsdfoundation.org/documents/TravelRequestForm.pdf by August 15th, 2014 to apply for this grant.

How it works:

This program is open to FreeBSD developers of all sorts (kernel hackers, documentation authors, bugbusters, system administrators, etc). In some cases we are also able to fund non-developers, such as active community members and FreeBSD advocates.

(1) You request funding based on a realistic and economical estimate of travel costs (economy airfare, trainfare, …), accommodations (conference hotel and sharing a room), and registration or tutorial fees. If there are other sponsors willing to cover costs, such as your employer or the conference, we prefer you talk to them first, as our budget is limited. We are happy to split costs with you or another sponsor, such as just covering airfare or board.

*If you are a speaker at the conference, we expect the conference to cover your travel costs, and will most likely not approve your direct request to us. *

(2) We review your application and if approved, authorize you to seek reimbursement up to a limit. We consider several factors, including our overall and per-event budgets, and (quite importantly) the benefit to the community by funding your travel.

Most rejected applications are rejected because of an over-all limit on travel budget for the event or year, due to unrealistic or uneconomical costing, or because there is an unclear or unconvincing argument that funding the applicant will directly benefit the FreeBSD Project. Please take these points into consideration when writing your application.

(3) We reimburse costs based on actuals (receipts), and by check or bank transfer. And, we do not cover your costs if you end up having to cancel your trip. We require you to submit a report on your trip, which we may show to current or potential sponsors, post on our blog, and include in our semi-annual newsletter.

There’s some flexibility in the mechanism, so talk to us if something about the model doesn’t quite work for you or if you have any questions. The travel grant program is one of the most effective ways we can spend money to help support the FreeBSD Project, as it helps developers get together in the same place at the same time, and helps advertise and advocate FreeBSD in the larger community.

For more information, check out the official announcement here: https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html

FreeBSD 9.3-RELEASE now available

freebsd-logo-largeThe developers of FreeBSD have just made available the official 9.3 RELEASE.

The FreeBSD Release Engineering Team is pleased to announce the
availability of FreeBSD 9.3-RELEASE. This is the fourth release of the
stable/9 branch, which improves on the stability of FreeBSD 9.2-RELEASE and introduces some new features.

Some of the highlights:

* The zfs(8) filesystem has been updated to support the bookmarks
feature.

* The uname(1) utility has been updated to include the -U and -K flags,
which print the __FreeBSD_version for the running userland and kernel,
respectively.

* The fetch(3) library has been updated to support SNI (Server Name
Identification), allowing to use virtual hosts on HTTPS.

* Several updates to gcc(1) have been imported from Google.

* The hastctl(8) utility has been updated to output the current queue
sizes.

* The protect(1) command has been added, which allows exempting
processes from being killed when swap is exhausted.

* The etcupdate(8) utility, a tool for managing updates to files in
/etc, has been merged from head/.

* A new shared library directory, /usr/lib/private, has been added for
internal-use shared libraries.

* OpenPAM has been updated to Nummularia (20130907).

* A new flag, “onifconsole” has been added to /etc/ttys. This allows the
system to provide a login prompt via serial console if the device is
an active kernel console, otherwise it is equivalent to off.

* Sendmail has been updated to version 8.14.9.

* BIND has been updated to version 9.9.5.

* The xz(1) utility has been updated to a post-5.0.5 snapshot.

* OpenSSH has been updated to version 6.6p1.

* OpenSSL has been updated to version 0.9.8za.

You can download the ISO/images here: ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.3/

Check out the official announcement here: http://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001575.html

2014 FreeBSD Core Team Election

The FreeBSD Project has finished choosing the new FreeBSD Core Team, whom will be serving as “board of directors” for the next 2 years. Congratulations!

The FreeBSD Project is pleased to announce the completion of the 2014
Core Team Election. The FreeBSD Core Team acts as the Project’s “board of directors” and is responsible for approving new src committers,
resolving disputes between developers, appointing sub-committees for
specific purposes (security officer, release engineering, port
managers, webmaster, et cetera), and making any other administrative or
policy decisions as needed. The Core Team has been elected by active
FreeBSD committers every 2 years since 2000.

George Neville-Neil and Robert Watson rejoin core after four years and
two years of hiatus respectively, with new members Baptiste Daroussin,
Ed Maste, and Gleb Smirnoff, joining incumbents Gavin Atkinson, David
Chisnall, Hiroki Sato, and Peter Wemm.

The complete newly elected Core Team is:
—————————————-
Gavin Atkinson <gavin@FreeBSD.org>
David Chisnall <theraven@FreeBSD.org>
Baptiste Daroussin <bapt@FreeBSD.org>
Ed Maste <emaste@FreeBSD.org>
George Neville-Neil <gnn@FreeBSD.org>
Hiroki Sato <hrs@FreeBSD.org>
Gleb Smirnoff <glebius@FreeBSD.org>
Peter Wemm <peter@FreeBSD.org>
Robert Watson <rwatson@FreeBSD.org>

Check out the official announcement here: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=326413+0+current%2Ffreebsd-announce