Press "Enter" to skip to content

Posts published in “Security”

Java Still Isn’t Safe – Possible New Vulnerability

By Christine Hall on January 16, 2013 |

Browsers, Internet, News and Security

I was just guessing on Monday when I said that the Java security patch pushed by Oracle on Sunday was “too little too late.” This appears to have been a lucky good guess on my part, as word is out now that the Java browser plugin still isn’t safe.

At least that’s what Brian Krebs is reporting on his blog Krebs On Security. Evidently there’s a black hat on a hacker forum who’s offering-up info to two buyers on a new vulnerability in the latest and greatest version of Java (that would be version 7, update 11) for the sum of $5,000 each.

Continue readingJava Still Isn’t Safe – Possible New Vulnerability

Java Security Vulnerability – How To Disable Java In Linux Browsers

By Christine Hall on January 11, 2013 |

Browsers, Internet and Security

When the Homeland Security folks get into the mix and urge all computer users to disable Java in their browsers, you know it’s serious. Indeed, the exploit announced yesterday seems to affect all operating systems, including Linux, and it’s already being exploited. According to Trend Micro the flaw is already being used by blackhat toolkits mainly to distribute ransomware. In a blog posted yesterday, the company advises all users to disable or uninstall Java:

To prevent this exploit, and subsequently the related payload, we recommend users to consider if they need Java in their systems. If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7. The said feature disables Java content in webpages. If Java content is not needed, users may opt to uninstall Java as it can pose certain security risk.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingJava Security Vulnerability – How To Disable Java In Linux Browsers

ZoneAlarm: Defining the Difference Between Freeware and Free Software

By Christine Hall on July 30, 2012 |

Browsers and Security

The other day, when my friend’s laptop spit-up a warning from ZoneAlarm that she was no longer protected, I stood over her shoulder and instructed her to update the firewall. The warning was basically a scare tactic, of course. Without the update she would still be protected, just as protected as she had been the day before. She just wouldn’t have any new whiz-bang features included in the update, nor would she be able to take advantage of any new security enhancements.

We ran the default install. This was Windows, so there had to be a reboot. After that, we opened the browser to find that the homepage had been reset to a ZoneAlarm themed Google search page. We had not opted-in to any such change; the ZoneAlarm folks had just taken it on themselves to hijack Firefox’s revenue, which I didn’t think cricket.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingZoneAlarm: Defining the Difference Between Freeware and Free Software

The Death of Zune, the Resurrection of WebOS & Kernel.org Returns

By Christine Hall on October 7, 2011 |

Browsers, Business, Distros, Internet, Mobile, News and Security

Friday FOSS Week in Review

It was already a slow week when the news came on Wednesday of Steve Jobs’ demise. Since then, most tech sites have been reporting on not much else. As always, however, there were a few things to note…

Privacy Issues with Kindle Fire’s Silk Browser

Almost as soon as Amazon unveiled their new Kindle Fire tablet last Wednesday, Naked Security raised some privacy concerns about the device’s browser, called Silk. It seems the browser, in order to offer a quicker user experience, does most of it’s heavy lifting in the cloud:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingThe Death of Zune, the Resurrection of WebOS & Kernel.org Returns

Secure Boot: What’s Microsoft’s Agenda?

By Christine Hall on October 3, 2011 |

Hardware and Security

Secure boot is the sort of security solution Microsoft loves. Back in the days when Windows was even less secure than it is now, one of their security solutions was to have software vetted and signed. Although this might have helped enterprise customers a bit, it did little to make the home user more secure, as any software would still install normally after clicking through an “are you sure” warning. If this scheme did anything, it hurt small vendors who couldn’t afford to go through the process of having their software approved by Redmond.

Secure boot is the same sort of scheme, except this time there’s no “are you sure” screen to click through. If a user is trying to install an operating system (or even run one from a live CD) on a machine with secure boot enabled, that operating system will have to have unlock keys to enable hardware devices. These keys are provided to the creator of the operating system at the whim of the hardware makers.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingSecure Boot: What’s Microsoft’s Agenda?

Can Penguins Dance on a Dell, Will Reiser File Again, Are Samsung and Intel Going to the Prom?

By Christine Hall on September 30, 2011 |

Business, Distros, Hardware, Mobile, News, Patents, Security and Software

Friday FOSS Week in Review

The biggest news this week has centered around fears that Linux may become uninstallable on Wintel machines from the big OEM’s. But there’s been more. Some fun stuff. Some silly stuff. Some stuff that might eventually develop into something important…

Secure Boot Has Penguinistas Buzzing

Last week on FWIR I mentioned there was a storm beginning to brew around Windows 8 and secure boot, which could potentially keep Linux from being installed on some computers once they’re implemented. Well, it’s not just brewing anymore, it’s a full fledged storm with hurricane force winds.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingCan Penguins Dance on a Dell, Will Reiser File Again, Are Samsung and Intel Going to the Prom?

Kernel Archives Hacked, SCO Dies Again, More HP Changes & More

By Christine Hall on September 2, 2011 |

Business, News and Security

Friday FOSS Week in Review

It’s been a busy week in the FOSS world. Evidently everyone’s been in a hurry to make some news happen before leaving town for the Labor Day weekend. Well, lots of FOSS news is good for me, makes my job easy, so here goes…

HP Makes PR Changes After WebOS/PC Fiasco

I’ve been working on a story all week on the mess at HP caused by the all-at-once and probably premature announcement they’re dropping WebOS, smartphones and consumer PCs. One trouble, I keep having to go back and rewrite stuff, because the story is still very, very fluid and new aspects keep popping up almost daily.

On Monday, Bloomberg Businessweek announced that HP’s chief communications officer, Bill Wohl, will be moving to a “special assignment.” Chief Marketing Officer Marty Homlish will be picking up the slack with the corporate communications team and Lynn Anderson will take care of PR’s day-to-day operations, at least for the time being. According to the Bloomberg, both Wohl and Homlish have a history with CEO Leo Apotheker that predates his tenure at HP:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingKernel Archives Hacked, SCO Dies Again, More HP Changes & More

Happy Birthday Tux, Android Number One in Malware & Kubrick to the Rescue

By Christine Hall on August 26, 2011 |

Business, Mobile, News, Patents and Security

Friday FOSS Week in Review

I’m back from vacation and raring to go. Of course, when I decided to take time off, all heck broke out in the tech world – isn’t that the way it always goes. Now that I’m back, things will probably slow down and I’ll find myself begging for things to write about. Of course, the biggest story this week has little direct connection with FOSS, but has to do with Apple…

Steve Jobs Resigns as Apple’s CEO

By now, I assume everyone’s heard the news about Steve Jobs’ resignation as CEO of Apple, presumably due to health reasons. For the time being he’ll be staying on as board chairman and will continue in some undefined role as an “employee.” He’ll be replaced as CEO by chief operating officer Tim Cook, who’s worked closely with Jobs for thirteen years. By all accounts Cook is capable and is credited with solving the company’s supply problems early in his tenure at Apple. To my thinking, it’s much too soon to tell how Jobs departure will affect Apple, though it’s certain his absence will be felt.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingHappy Birthday Tux, Android Number One in Malware & Kubrick to the Rescue

Congress Considers Stepping on Rights, Windows Mobile Share Nil & Whose DNA Is It Anyway?

By Christine Hall on August 5, 2011 |

Browsers, Business, Distros, Internet, Mobile, News, Patents, Politics, Security and Software

Friday FOSS Week in Review

With the Black Hat Conference going on in Las Vegas, and with Congress messing around where they shouldn’t, this has been a busy week in the FOSS world. Some of the news is good; some of the news is not so good. I’ll start with a rant…

Proposed Data Retention Bill Would Chill Free Speech

The House will soon be considering a bill that will require ISP’s to maintain logs of their customers Internet use for a 12 month period. As I understand it, the law would include a customer’s browsing history, credit card numbers, etc. The stated purpose of the proposed law is to catch pedophiles visiting child porn sites, but everybody who knows anything about the Internet agrees it won’t be very effective at doing that. What it will do, if enacted, is bring Orwell’s “Big Brother” vision a little closer to home and make your network connected devices look even more like telescreens than they do now.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingCongress Considers Stepping on Rights, Windows Mobile Share Nil & Whose DNA Is It Anyway?

osCommerce Under Attack – So Far 3.79 Million Pages Affected

By Christine Hall on August 1, 2011 |

Internet, News, Security and Web Apps

The popular osCommerce ecommerce application has been under attack at least since last week, according to web application security firm Amorize. At last count the attack has affected more than three million pages. The attack, in the form of an iFrame injection, utilizes several vulnerabilities in older versions of osCommerce. The latest version doesn’t seem to be affected. Any business using an older version of osCommerce is advised to upgrade immediately.

The Zen Cart ecommerce application, which was initially a value added fork of osCommerce, doesn’t seem to be affected. Kim Elliott, one of the founding members of Zen Cart, told me, “As far as I know there hasn’t been a problem. As long as you have our latest version and file permissions set correctly you shouldn’t have any issues.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingosCommerce Under Attack – So Far 3.79 Million Pages Affected

Google’s Problems with Android Apps, Webmaster Tools and Oracle – RMS Says “Don’t Go There”

By Christine Hall on July 22, 2011 |

Mobile, News, Patents and Security

Friday FOSS Week in Review

Google’s been everywhere in the news this week, so much so that I’ve considered calling this week’s column “Friday Google Week in Review.” It’s not all Google, however, but it is all interesting – at least to me.

8% of Android Apps Leak Data

On Tuesday, security site Dark Reading reported that Neil Daswani, CTO for security firm Dasient has found that about 8% of Android apps leak user data. In a study that will be released in full at next month’s Black Hat conference in Las Vegas, Daswani found that 800 out of 10,000 applications tested were found to be leaking personal data. Eleven of the apps were sending mobile spam, SMS messages, to other smartphones.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingGoogle’s Problems with Android Apps, Webmaster Tools and Oracle – RMS Says “Don’t Go There”
Breaking News: