Press "Enter" to skip to content

Posts published in “Admin”

MongoDB Ransomware Attacks Grow in Number

Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.

MongoDB ransomware

Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.

Guess what? It hasn’t gone down that way — at least not so far.

On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.

Securing SourceForge With HTTPS

SourceForge

SourceForge says, “With a single click, projects can opt-in to switch their web hosting from HTTP to HTTPS.”

SourceForge has added a feature that gives project websites the opportunity to opt-in to using SSL HTTPS encryption. Project admins can find this option in the Admin page under “HTTPS.”

Opting-in will also trigger a domain name change, from http://name.sourceforge.net to https://name.sourceforge.io. Visitors using the old domain will automatically redirect to the new domain.

SCALE 14X Thursday: New Morning in Pasadena

SCALE 14X Thursday

Starting today, the Southern California Linux Expo — SCALE 14X in this year’s 14th annual iteration — moves from being hotel-based event busting at the seams to hold all the exhibitors and sessions to being a full-fledged, freewheeling convention center-based event with wide-open spaces and widespread talks.

The setup is done for today, with exhibitors readying their booths for the opening of the floor tomorrow after Cory Doctorow gives his Friday keynote. But let’s not get ahead of the story for Thursday.

The schedule is posted online, if you’re at the event. If not, you can still follow along at the link.

Larry Cafiero

Larry Cafiero, a.k.a. Larry the Free Software Guy, is a journalist and a Free/Open Source Software advocate. He is involved in several FOSS projects and serves as the publicity chair for the Southern California Linux Expo. Follow him on Twitter: @lcafiero

Linux Foundation’s Deal With the Devil

Last week when Microsoft and the Linux Foundation separately announced a partnership that would see Redmond issuing a Linux certification called Microsoft Certified Solutions Associate Linux (MCSA), Steven J. Vaughan-Nichols felt the need to add the words “not a typo” to the headline of his coverage on ZDNet. A couple of days later, when the story made the pages of The Register the headline included, “Do not adjust your set. This is not an error.”

Linux Foundation LogoWe were just as surprised here at FOSS Force, and Larry Cafiero pulled no punches when breaking the story in Friday’s Week in Review. “There’s the argument that because Microsoft ‘loves’ Linux…we should be more inclusive,” he wrote, “but this is the company that considered Linux a cancer and has fought FOSS for decades. Rather than throw the Microsoft that is treading water a life preserver, I still think throwing it an anchor would be more fitting.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

phpMyAdmin Bids SourceForge Farewell

phpMyAdmin, the popular free and open source web based tool for administering MySQL databases, has left the SourceForge building.

In a blog post on Saturday, the project’s infrastructure coordinator, Michal Čihař, announced that a migration from Sourceforge is all but complete. The few remaining items left on the SourceForge server will be “hopefully handled in upcoming days as well.”

phpMyAdmin logoA popular web based application for administering MySQL databases, phpMyAdmin is the preferred tool of many webmasters for working with MySQL when used to power websites and is installed by default with most web hosting packages. The app can be used to perform a variety of tasks, including creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; and managing users and permissions.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Using the New iproute2 Suite

For years, even in 2015, web tutorials, college textbooks and lab simulators have all been teaching the traditional networking utilities, such as arp, ifconfig, netstat and route. Whether you know it or not, most of these commands were deprecated years ago. They were replaced with commands from the iproute2 suite of utilities. Most Linux distros have continued to install the traditional tools, but CentOS, Arch and now openSUSE (among others), are moving to put them into deprecated status. That means we’ll need to start getting used to the new tools.

For those not familiar, the 2.2 Linux kernel revision (way back in the olden days) brought about some changes to the way the kernel handled networking. New features were introduced back then that had not been implemented anywhere else. The old tools use the /proc interface, while the newer tools use the newer kernels’ netlink interface. At least some of the older tools are no longer in active development. The bottom line is that the iproute2 suite offers some definite advantages over the old tools.

Don Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in Perú.

Yet Another Windows Security Fail

Windows logoWe might as well start with the moral of this story: Don’t protect Windows with Windows.

For at least a decade, Microsoft has been chanting the mantra, “at Microsoft security is job one,” over and over and over. During this time, it’s repeated this mantra often enough to convince a lot of people that Windows is much safer than it once was, which I suppose is true since it couldn’t have gotten much worse. However, a new report from AV-Test proves the company isn’t yet ready to move up to the next mantra level and begin chanting, “at Microsoft we do security right,” because clearly it doesn’t.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Limit Your Linux Super Powers With su & sudo

I recently offered some security tips aimed at new system administrators. And hey, the home users among you should take note, after all, you’re the administrator of your home system! One of the tips was “Don’t run as root.” Today I would like to expand on that a bit. First, we’ll take a look at why you should limit the use of your super powers. Then we’ll look at the best ways to use su and sudo to help you limit your risks.

Don Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in Perú.

The NSA, Windows & Antivirus

Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.

Boris and NatashaIronically, this side door is intended to be a security door for third party add-ons that every Windows machine needs to keep it safe from cracker hackers — if that’s indeed possible. And this security tool is usually more trusted by Microsoft system admins, especially those outside the U.S., than Windows itself.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Five Security Tips for New Linux Admins

It’s generally fairly easy for new Linux administrators to get up and running with the basics of installing, configuring and managing Linux systems at a basic level. Truthfully, though, it takes years to get the in-depth knowledge required in many server environments today. One thing I really recommend learning early on — i.e. from the beginning — is security.

Monitor padlockI participate in a group of professional penetration testers (the nice folks who help you test your security as if they were the bad guys) called Charlotte Hackers Anonymous. I asked the group what they thought were the most important tips for new system administrators, and below are their tips, along with my thoughts on each.

Don Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in Perú.

Breaking News: