Rare breed: Linux Mint 17.2 offers desktop familiarity and responds to user wants

These days, the desktop OSes grabbing headlines have, for the most part, left the traditional desktop behind in favor of what’s often referred to as a “shell.” Typically, such an arrangement offers a search-based interface. In the Linux world, the GNOME project and Ubuntu’s Unity desktop interfaces both take this approach.

This is not a sea change that’s limited to Linux, however. For example, the upheaval of the desktop is also happening in Windows land. Windows 8 departed from the traditional desktop UI, and Windows 10 looks like it will continue that rethinking of the desktop, albeit with a few familiar elements retained. Whether it’s driven by, in Ubuntu’s case, a vision of “convergence” between desktop and mobile or perhaps just the need for something new (which seems to be the case for GNOME 3.x), developers would have you believe that these mobile-friendly, search-based desktops are the future of, well, everything.

There are, however, some holdouts. These desktops defiantly stick with the traditional task bar and start menu-style interface. Apple’s OS X has thus far been surprisingly conservative about changing its basic metaphors, but then the company has iOS to tantalize developers.

In the Linux world, holdouts including both KDE and Xfce continue to be more or less what they have always been. The word “solid” comes to mind. They’re both solid options, but the words “fun” or “exciting” don’t exactly spring to mind.

Linux Mint on the other hand has managed to do something a bit different, particularly with its Cinnamon desktop. The Mint project recently released Mint 17.2, a significant upgrade for the Ubuntu-based distro that has become one of Linux’s most popular. And while Mint overall manages to be among the last holdouts of the traditional desktop computing paradigm, this iteration manages to feel both familiar and modern at the same time.

In general, Mint is Ubuntu for people who don’t like the Unity desktop. If you essentially want Ubuntu and all the good that comes with it (like an extensive up-to-date set of packages, great documentation, and a Web full of tutorials and helpful users) and not Unity and its baggage (like query-logging search “features” some have called spyware), Linux Mint is likely the distro for you. From my experience, most things that work in Ubuntu will also work in Mint. So all those tutorials and .deb files will in most cases (not all though) serve a Mint user just fine.

Of course, Mint is also notable because of its dual homegrown desktops, Cinnamon and MATE. Both are the rare desktops that both offer task bars, system trays, docks, and other familiar metaphors for interacting with and managing your applications and files. And while Linux Mint 17.2 does have that of-note Cinnamon offering we mentioned, those looking for alternatives to Unity and GNOME 3 will continue to find everything they love about Ubuntu without the Unity Desktop.

Cinnamon 2.6

If you head over to the Linux Mint website, you’ll find two different downloads available, one for the Cinnamon desktop and one for the MATE desktop. Opt for the former and you’ll get Linux Mint 17.2 with Cinnamon 2.6.

Read More: Rare breed: Linux Mint 17.2 offers desktop familiarity and responds to user wants | Ars Technica.

Advertisements

Debian 8: Linux’s most reliable distro makes its biggest change since 1993

Debian 8—nicknamed “Jessie” after the cowgirl character in Toy Story 2 and 3—debuted last week, but it feels overdue. The release was in development within the Testing channel for quite a while, and, if you recall, Debian Linux consists of three major development branches: Stable, Testing, and Unstable. In order for a new iteration of Debian to officially go public, work must progress through each stage (starting in Unstable, ending in Stable). But it wasn’t until the official feature freeze for this release in November 2014 that the contents of Testing really became what you’ll actually find in Debian 8 today.

If all that sounds complicated and slow, that’s because it is. In fact, that’s kind of the point.

Debian Stable is designed to be, well, stable. The foundation of Debian is built upon long development cycles and a conservative approach to application updates.

So as a general rule, Debian Stable lags behind pretty much every other distro on the market when it comes to package updates. If you want the latest and greatest, Debian Stable simply isn’t the distro for you. While Debian 8 may bring a ton of new stuff to Debian, it has almost nothing the rest of the Linux world hasn’t been using for, in some cases, years. What’s more, many things in Debian 8 are still not going to be the latest available versions.

However, Debian 8 has one giant exception to that general rule: systemd. More on that momentarily.

Why use Debian? There are plenty of philosophical reasons: the legendary Debian social contract, the community, and all included software in the repos happens to be free (as in freedom), long a hallmark of Debian.

The more practical appeal of Debian lies in its legendary stability. I’ve been running Debian servers since 2005 (Sarge) and have never had a server crash. This dependability is part of the reason Debian is the base for dozens of downstream distros.

Not everything downstream uses the Stable channel as its base. In fact, it’s worth noting that perhaps the most famous project downstream from Debian, Ubuntu, is built off the package base in the Unstable channel. Still, Debian Stable remains one of the most popular Linux distros. This is particularly true for Web servers where, according to stats from W3Techs.com (which should be taken with a grain, if not a generous helping, of salt), Debian accounts for the largest percentage of Linux servers on the Web: 32.3 percent.

All of this makes Debian Stable updates a much bigger deal than faster moving distros like Ubuntu or Fedora.

And because Debian 8 makes the leap to systemd, the new version just might be the biggest change in Debian since the first release back in 1993. Debian is justifiably famous for being so stable you could blindly type apt-get dist-upgrade on a production box and get away with it. This time, though, there’s systemd to contend with.

Read More: Debian 8: Linux’s most reliable distro makes its biggest change since 1993 | Ars Technica.

Forget flash sales: The first Ubuntu Phone is now available to buy all the time

When the first Ubuntu phone launched, it was only available via limited-time “flash sales.” If you missed them, rejoice! You can now purchase an Ubuntu phone like you would any other product—if you live in the European Union, at least.

The phone in question here is the BQ Aquarius E4.5 Ubuntu Edition. It’s now available for purchase on BQ’s website for €169.90, or about $181 US. This is the same price the phone was offered in via flash sales, but those are done. Want an Ubuntu phone and live in the EU? You can get one for less than two hundred euros.

Make no mistake: BQ’s Ubuntu phone is a low-to-mid-range model. It offers a 540×960 resolution display, 8GB of internal storage, and 1 GB of RAM. But that’s to be expected. After all, it’s only 170 euros. You’d pay more than four times that price for a new, unlocked iPhone 6.

With this announcement, Ubuntu Phone just became much more available. We’ve gone from no phones, to one phone you could maybe get in one region, to—finally!—the first Ubuntu phone that you can always get in one region.

But don’t worry if you’re not in Europe. The BQ Aquarius E4.5 Ubuntu Edition is just the tip of the iceberg.

Want to stay up to date on Linux, BSD, Chrome OS, and the rest of the World Beyond Windows? Bookmark the World Beyond Windows column page or follow our RSS feed.

Don’t live in the EU? A more powerful phone is coming

Canonical’s own website says there are “more Ubuntu phones coming soon.” And we know that Canonical is working with China’s Meizu on a Ubuntu smartphone. Canonical showed off Ubuntu running on a Meizu MX4 LTE phone at Mobile World Congress in March. Meizu’s phones should go on sale soon.

Forget flash sales: The first Ubuntu Phone is now available to buy all the time | PCWorld

Canonical’s Ubuntu Phone OS running on the Meizu MX4 LTE.

Previous rumors have suggested that Canonical might have the rights to sell these Meizu MX4 phones worldwide through their own online store. This would mean the rest of us could finally get our hands on a proper Ubuntu phone—not just Ubuntu running on not-officially-supported Nexus devices —and try it for ourselves.

The wait isn’t all bad. It may actually be for the best. The Meizu MX4 will be more of a “flagship” device, with a 1920×1152 display, at least 16 GB of internal storage, and 2 GB RAM. Ubuntu Phone should perform even better on this device, and it seems like this is the phone Canonical wants to present Ubuntu to the world on.

This flagship phone should be more expensive, though. Given the price of the equivalent Android model, I’d expect to see it retail somewhere around $350-$400 off-contract.

So, is it time to buy an Ubuntu phone if you live in the EU? Well, maybe—if you just can’t wait, or you’d rather get a more inexpensive Ubuntu phone.

Linux geeks looking forward to Canonical’s vision of convergence don’t need to rush, though. Ubuntu phone doesn’t yet offer the convergence features we’re all looking forward to, like the ability to plug them into a larger display and have your phone power a full Linux desktop. We might have to wait a few years to see that up and running. For now, the big selling point of Ubuntu phone is its unique interface.

via Forget flash sales: The first Ubuntu Phone is now available to buy all the time | PCWorld.

Sneaky Linux malware comes with sophisticated custom-built rootkit

A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that’s custom built for each infection.

The malware, known as XOR.DDoS, was first spotted in September by security research outfit Malware Must Die. However, it has since evolved and new versions were seen in the wild as recently as Jan. 20, according to a new report Thursday from security firm FireEye, which analyzed the threat in detail.

XOR.DDoS is installed on targeted systems via SSH (Secure Shell) brute-force attacks launched primarily from Internet Protocol (IP) addresses registered to a Hong Kong-based company called Hee Thai Limited.

The attacks attempt to guess the password for the root account by using different dictionary-based techniques and password lists from past data breaches. FireEye observed well over 20,000 SSH login attempts per targeted server within a 24-hour period and more than 1 million per server between mid-November and end of January.

When the attackers manage to guess the root password they send a complex SSH remote command—sometimes over 6,000 characters long—that consists of multiple shell commands separated by semicolons. These commands download and execute various scripts as part of a sophisticated infection chain that relies on an on-demand malware building system.

The use of SSH remote commands is significant because OpenSSH does not log such commands, “even when logging is configured to the most verbose setting,” the FireEye researchers said. “Since a remote command doesn’t create a terminal session, TTY logging systems also do not capture these events. Both the last and lastlog commands, which display listings of recent logins, are also blind.”

The initial scripts harvest Linux kernel headers from infected systems and also extract the “vermagic” string from the existing loadable kernel modules (LKMs). This information is sent back to attacker-controlled servers and is used to automatically build rootkits that function as LKMs and are customized for each infected system.

This sophisticated on-demand build infrastructure automates the creation of LKM rootkits for different kernels and architectures as each LKM needs to be compiled for the particular kernel it’s intended to run on.

linux attack rore via Flickr/Creative Commons

“Unlike Windows, which has a stable kernel API allowing for the creation of code that is portable between kernel versions, the Linux kernel lacks such an API,” the FireEye researchers said. “Since the kernel’s internals change from version to version, a LKM must be binary compatible with the kernel.”

The rootkit’s goal is to hide the processes, files and ports associated with XOR.DDoS, a malware program that’s also installed on the compromised systems and is primarily used by attackers to launch distributed denial-of-service (DDoS) attacks.

“Unlike typical straightforward DDoS bots, XOR.DDoS is one of the more sophisticated malware families to target the Linux OS,” the FireEye researchers said. “It’s also multi-platform, with C/C++ source code that can be compiled to target x86, ARM and other platforms.”

XOR.DDoS can also download and execute arbitrary binary files, which gives it the ability to update itself. FireEye observed two major versions of XOR.DDoS so far, the second one being first spotted at the end of December.

Networking and embedded devices are more likely to be vulnerable to SSH brute force attacks and it might not be possible for end-users to easily protect them, the FireEye researchers said.

There are many embedded devices that are configured for remote administration and are accessible over the Internet. In 2012, an anonymous researcher was able to hijack 420,000 such devices that had default or no telnet login passwords. He used them to scan the entire Internet as part of a research project that became known as the Internet Census 2012.

The number of devices that are accessible via SSH and use weak passwords that would be vulnerable to complex brute-force attacks like the ones used by the XOR.DDoS gang, is likely to be much higher.

If possible, the SSH servers on these devices should be configured to use cryptographic keys instead of passwords for authentication and remote login should be disabled for their root accounts, the FireEye researchers said. “Home and small business users can install the open source fail2ban utility, which works with iptables to detect and block brute force attacks.”

Full Story: Sneaky Linux malware comes with sophisticated custom-built rootkit | PCWorld.

Meet Linux kernel 3.17’s best new features: Xbox One controller support, laptop ‘free fall’ protection, and more

Linux kernel 3.17—part of the series codenamed “Shuffling Zombie Juror” (yes, really!)—is now out. This means great new features are coming to a Linux distribution near you, though the 3.17 kernel’s changes mostly consist of new and improved hardware support.

New versions of the Linux kernel will eventually make their way into all sorts of other devices, too. A new Linux kernel means improvements for Chromebooks, Android devices, network routers, and any number of other embedded devices.

Here’s the most notable new features you’ll find in the Linux 3.17 kernel.

Xbox One controller support, PlayStation controller improvements

Linux 3.17 adds support for the Microsoft Xbox One controller, albeit without the vibration feature. Microsoft released Windows drivers for the Xbox One controller back in June. Why no vibration yet? Well, as the commit message puts it: “The format of messages controlling rumble is currently undocumented, so rumble support is not yet implemented.”

Some enterprising hacker will have to figure out how that rumble support works so it can be implemented. Believe it or not, Microsoft has submitted patches to the Linux kernel in the past. However, their patches were focused on getting Linux to behave better when virtualized on their own Hyper-V virtualization system. Don’t expect Microsoft to help get your Xbox One controller working properly.

Full Story: Meet Linux kernel 3.17’s best new features: Xbox One controller support, laptop ‘free fall’ protection, and more | PCWorld.

Six Popular Linux Desktop Environments

Unlike Windows and OS X, Linux allows you to fully customize not only the look and feel of your desktop, but also its functionality and settings, thanks to a host of desktop environments it offers. Different desktop environments offer different styles and options, and unavoidably, with choice often comes confusion.

Here’s an overview of the current most popular Linux desktop environments, so you can have a better idea about their core differences, what each has to offer and what could potentially suit you best.

Gnome

Gnome, which stands for GNU Network Object Model Environment, is one of the oldest and most widely used Linux desktop environments. Its design goals include simplicity, accessibility, and ease of internationalization and localization.

The project was initiated in August 1997 by Miguel de Icaza and Federico Mena as a reaction against KDE. While Gnome 2.x was one of the most popular and well received versions of the desktop environment, Gnome 3.x, its latest offering which seems to be more inclined towards handheld devices, failed to impress a large section of its users.

Gnome’s user interface starts in the Activities Overview mode, which allows you to launch new applications, switch windows, and move them between workspaces. The dashboard on the left contains your favorite as well as currently active applications.

There’s a Show Applications icon at the bottom, clicking on which displays all applications installed on your system.You can also search for a specific application by using the search bar present at the top of the screen.

Pros: The interface is fast; Supports a lot of keyboard shortcuts.

Cons: Application search isn’t very smart; Requires time to become proficient.

Cinnamon

Based on Gnome 3.x, the Cinnamon desktop environment aims to provide innovative features along with a Gnome 2.x-like user experience. The idea is to make users feel at home and provide them with an easy to use and comfortable desktop experience. At present, it is the default desktop for Linux Mint, but can also be installed on other Linux distros.

Cinnamon came into existence in 2012 after Gnome transitioned from version 2 to version 3, as the team behind Linux Mint felt that the new version did not fit the design goals they had in mind for the distribution. It started as a Gnome 3.x-based frontend, but soon became a complete desktop environment built on Gnome technologies.

Cinnamon provides a powerful and customizable, yet easy to use desktop layout. Out of the box, the desktop environment’s UI features a single panel located at the bottom of the screen, with applications menu on the left, and system tray, clock, notifications, and more on the right.

Applications can be added to your panel by right clicking on their icon and choosing ‘Add to panel’. You can easily change the panel layout to place it at the top or both top as well as bottom, or change its look and feel with applets and themes.

Pros: Combines the power of Gnome with its in-house features and applications; Easy to navigate.

Cons: Requires 3D acceleration, which means it might not work well for you depending on your machine’s graphics card and/or drivers; It might not be as stable as some of the more mature and established desktops.

Full Story: Six Popular Linux Desktop Environments – TechSpot.

Mint 17 is the perfect place for Linux-ers to wait out Ubuntu uncertainty

The team behind Linux Mint unveiled its latest update this week—Mint 17 using kernel 3.13.0-24, nicknamed “Qiana.” The new release indicates a major change in direction for what has quickly become one of the most popular Linux distros available today. Mint 17 is based on Ubuntu 14.04, and this decision appears to have one major driver. Consistency.

Like the recently released Ubuntu 14.04, Mint 17 is a Long Term Support Release. That means users can expect support to continue until 2019. But even better, this release marks a change in Mint’s relationship with Ubuntu. Starting with Mint 17 and continuing until 2016, every release of Linux Mint will be built on the same package base—Ubuntu 14.04 LTS. With this stability, instead of working to keep up with whatever changes Ubuntu makes in the next two years, Mint can focus on those things that make it Mint.

With major changes on the way for Ubuntu in the next two years, Mint’s decision makes a lot of sense. Not only does it free up the Mint team to focus on its two homegrown desktops (Cinnamon and MATE), but it also spares Mint users the potential bumpy road that is Ubuntu’s future.

In other words, Mint can sit back and work on perfecting its desktop while Ubuntu stumbles through the Mir and Unity 8 transitions. When things have settled down in Ubuntuland, Mint can jump back in with both feet (assuming it still wants to) when Ubuntu 16.04 LTS arrives. If all goes the way Mint developers intend, these changes will give Mint users a more polished, stable distro.

All of this makes Mint 17 an important release—it’s essentially what Mint will be working with for the next two years. Luckily, after spending some time with it, the good news is that Mint 17 will make a great base on which to build.

Linux Mint 17 Cinnamon

As with all Mint releases, there are two separate downloads available, one for the Cinnamon desktop and one for the MATE desktop. The more interesting of the two Mint 17 releases is the Cinnamon flavor, which features the just-released Cinnamon 2.2.

The Cinnamon desktop is a curious hybrid, combining some of the best elements of KDE with the best elements of the now-abandoned GNOME 2.x line. Cinnamon also has more than a few tricks of its own that build on those earlier foundations. It sounds like a recipe for a terrible Frankenstein of a desktop, but fortunately that’s not the case. Cinnamon ends up being perhaps the most user-friendly and all-around useful desktop available on any platform.

Now, Cinnamon has problems, but fortunately 2.2 solves many of the worst. It’s much faster and much more stable than previous releases. In fact, if you tried out Cinnamon even just a few releases ago and dismissed it as slow and buggy (can’t say we blame you; it was), we highly suggest you give it another try in Mint 17.

Among the more noticeable changes in Cinnamon 2.2 is the revamped system settings panel, which is no longer divided up into the somewhat arbitrary sections “normal” and “advanced.” Here there are just settings. The various settings panels are all in one place and have been reorganized into some basic categories that make it easy to find what you’re looking for, while also allowing you to change it.

Full Story: Mint 17 is the perfect place for Linux-ers to wait out Ubuntu uncertainty | Ars Technica.

Linux gets fix for code-execution flaw that was undetected since 2009

Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running updated versions that contain a fix.

The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device.

“This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),” Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. “A bug this serious only comes out once every couple years.” As Ars reported in May 2013, the then-two-year-old CVE-2013-2049 continued to imperil users more than a month after Linux maintainers quietly released a patch for the gaping hole.

While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said. It could also come handy in multi-stage attacks that exploit a variety of bugs that, when combined, give the attacker unfettered control over a targeted system. As others have pointed out, the vulnerability also has the potential to affect Google’s Android and Chrome OSes.

Linux maintainers have committed a fix here, and the patch has already been released for the Ubuntu distributions. Officials with Red Hat say Red Hat Enterprise Linux 5 is not vulnerable to the issue, but updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may be released in the future. The status of Debian is here.

The availability of proof-of-concept code exploiting the flaw is a good indication that it’s not hard for blackhat hackers to take advantage of organizations running vulnerable servers. Administrators and end users should ensure the systems they oversee or rely on are running up-to-date versions.

via Linux gets fix for code-execution flaw that was undetected since 2009 | Ars Technica.

Canonical bug report suggests audacious Ubuntu for Android project may be dead

The idea was audacious: Combine Android, the most popular mobile version of Linux, with Ubuntu, the leading Linux desktop operating system, on a single smartphone that swapped between the two depending on whether the device was docked. Alas, Ubuntu for Android seems to have moved off the active roster as Canonical focuses on its own Ubuntu Touch project, and a new exchange on a Ubuntu project-tracking website seems to suggest Ubuntu for Android may be dead.

Matthew Paul Thomas, an interface designer with Canonical, opened a bug report on Launchpad.net, stating that “[The website] describes Ubuntu for Android as ‘the must-have feature for late-2012 high-end Android phones’. Ubuntu for Android is no longer in development, so this page should be retired.”

Well, that sounds ominous. (The thread in question has been scrubbed from Launchpad, but you can still see a Google-cached version of it.) Canonical developer Anthony Dillon then asked web director Peter Mahnke to check on the situation. Here’s Mahnke’s reply:

“We do check if this and the tv page should be kept on the site. currently the answer is yes. I have removed the 2012 text.”

I’ve asked Canonical to comment on the status of Ubuntu for Android.

If the project is indeed joining Ubuntu One in the deadpool, it can’t quite be called a surprise. Canonical has yet to convince phone makers to preload Ubuntu for Android on phones, while phones running on the company’s Ubuntu Touch OS are slated to hit the streets this very year, after thirst for the OS was fueled by Canonical’s massive Ubuntu Edge smartphone crowdfunding campaign. There are only so many hands to go around, after all.

via Canonical bug report suggests audacious Ubuntu for Android project may be dead | PCWorld.

Zero-day Flash bug under active attack in Windows threatens OS X, Linux too

A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser, researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player.

The attacks were hosted on the Syrian Ministry of Justice website at hxxp://jpic.gov.sy and were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars.

While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible. People using IE 10 and 11 on Windowws 8 will receive the update automatically, as will users of Google’s Chrome browser. It can sometimes take hours for the automatic updates to arrive. Those who are truly cautious should consider manually installing them. Windows users with Firefox installed must run a separate update for both IE and the Mozilla browser.

Kaspersky Lab researcher Vyacheslav Zakorzhevsky said the attacks were carried out in two separate exploits and were detected as early as April 9 by a general heuristic signature in the company’s AV network. Both of the SWF files are able to bypass security mitigations built in to Flash and Microsoft Windows, including Windows 8, he said. One of the exploits, embedded in a file titled include.swf, is designed to target computers that have the Cisco Systems MeetingPlace Express Add-In version 5×0 installed. The app is used to view documents and images during Web conferences.

“We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions,” Zakorzhevsky wrote. “We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer.”

He continued:

When we entered the site, the installed malware payloads were already missing from the “_css” folder. We presume the criminals created a folder whose name doesn’t look out of place on an administration resource and where they loaded the exploits. The victims were probably redirected to the exploits using a frame or a script located at the site. To date, April 28, the number of detections by our products has exceeded 30. They were detected on the computers of seven unique users, all of them in Syria, which is not surprising considering the nature of the site. Interestingly, all the attacked users entered the website using various versions of Mozilla Firefox.

It’s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this.

Moreover, while the first exploit is pretty standard and can infect practically any unprotected computer, the second exploit (include.swf) only functions properly on computers where Adobe Flash Player 10 ActiveX and Cisco MeetingPlace Express Add-In are installed. The Flash Player Pixel Bender component, which Adobe no longer supports, was used as the attack vector. The authors were counting on the developers not finding a vulnerability in that component and that the exploit would remain active for longer. All this suggests that the attackers were not targeting users en masse.

 

via Zero-day Flash bug under active attack in Windows threatens OS X, Linux too | Ars Technica.