The size and scope of security problems are growing to be so large that security experts are having more difficulty than ever protecting end users from emerging threats. That was evident in the Black Hat Briefings security conference that opened Wednesday.Case in point: IOActive researcher Dan Kaminsky detailed for the first time the specific nature of the DNS flaw reported recently and its overarching scope, providing example after example of how various Internet technologies that rely on the accuracy of the DNS information they received could be compromised. Kaminsky warned the audience that the DNS vulnerability could let entire countries and entire top-level domains be hijacked.
Since this week has been all over the map, I thought we'd spend today going back and dipping into the over-the-top-security well ;) You may recall a post from last year that we did on making generic user accounts su-only and, maybe even more so, a post we just recently did on using mkfifo and script to keep tabs on user account usage. Both of these were aimed at providing relatively decent security for the Unix or Linux admin, while allowing the user the freedom to do his or her job without too much of a hassle. Both of these posts assumed a box that had consistent user activity, but needed to be secured from those "ooops" moments that end up burning up your night-time hours and, possibly, creating a financial problem as well (most places I've worked have at least one box that is fairly lax, security-wise, but hemorrhages cash the instant it gets taken offline.
Allowing employees to work from home and telecommute poses security and privacy risks that are not being addressed adequately by business or government, according to a study released Tuesday by consulting firm Ernst & Young in partnership with the Washington-based advocacy group Center for Democracy and Technology.
This is a interesting article about how telecommuting can cause a computer security risk for a company. It seems to be a problem that companies should take seriously.
Interoperability, however, could render computer systems more vulnerable to increased security risks. Does that mean, then, that open source users have to choose interoperability over security? Will accessing data produced with a Microsoft application automatically expose users of non-Microsoft products to the same vulnerabilities that plague Redmond's wares?
This article looks at the age old question of how does the openness of open source affect it's security? What do you think is open source software more sure because it's source code is available for everyone to do code review?
This is to announce several assorted items at once. I intend to post another announcement shortly, focusing on new JtR releases, so I have left those out of this one. A patched version of mod_auth_mysql with support for our PHP password hashing framework's (phpass) portable hashes has been added to the
contributed resources list on the phpass homepage: http://www.openwall.com/phpass/
Do you use mod_auth_mysql? The openwall project released a interesting patch that adds support for PHP password hashing framework's.
In an announcement for the 2.6.25.10 stable kernel, Greg KH noted, "it contains a number of assorted bugfixes all over the tree. And once again, any users of the 2.6.25 kernel series are STRONGLY encouraged to upgrade to this release." The emphasis on the word strongly led to a lengthy discussion about how security fixes are handled in the Linux Kernel. Linus Torvalds replied, "I personally consider security bugs to be just 'normal bugs'. I don't cover them up, but I also don't have any reason what-so-ever to think it's a good idea to track them and announce them as something special." Later in the thread he went on to explain, "one reason I refuse to bother with the whole security circus is that I think it glorifies - and thus encourages - the wrong behavior.
This article looks at the how the Linux kernel developers handles security fixes. What do you think about how the kernel team releases security updates? Is there a better way or model?
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.This is a tool that might be useful for both penetration testers performing white box tests and system admins trying to secure their own systems.
Have you ever heard about the Linux security program called Lynis. This was the first time I have read an article about it. What do you think about this project? Should Linux user test it out?
Fedora 9, released last month, included the first release of FreeIPA, a new free/open source project that comes out of Red Hat with the goal of becoming a complete and integrated security information management solution. In this article we take a look at exactly what FreeIPA is, both what it can do now and what its developers hope it will be capable of in the future. It seems destined to become a key feature of Red Hat Enterprise Linux 6, and with Fedora 9 released and FreeIPA tightly integrated, now seems to be the perfect time to explore this new technology.
From reading this article what do you think about this security project that Redhat introduced? I found it interesting that they used MIT Kerberos for authentication.
Google has released the source code for its internal RatProxy security tool.
The software analyses web pages for potential security risks and reports back to the site administrator. RatProxy can pick up cross-site scripting flaws and incomplete cross-site defence mechanisms, as well as potential data leak sources and risky code that retrieves data from outside domains.
Have you tested out Google's RatProxy software on your Linux machines? The software seems to offer a lot to Open Source security community, but what do you think?
Out of the box, a Linux desktop is far more secure than most others.
However, this level of security is not necessarily attained through typical security-focused software or techniques. Sometimes, the easiest means to security are those that are the easiest to forget.
You might find these suggestions to be pure common sense, but maybe you'll see a means of security you never thought of before. If you're a new Linux user, these tips are a great place to start to ensure that your Linux experience is a good one.
Do you have any favorites security tips that you do every time you setup a new Linux desktop? The tip that says that users should mount /home on it's own partitions is something that I don't do. What do you think?
