Press "Enter" to skip to content

Posts published in “Security”

Happy Birthday Tux, Android Number One in Malware & Kubrick to the Rescue

Friday FOSS Week in Review

I’m back from vacation and raring to go. Of course, when I decided to take time off, all heck broke out in the tech world – isn’t that the way it always goes. Now that I’m back, things will probably slow down and I’ll find myself begging for things to write about. Of course, the biggest story this week has little direct connection with FOSS, but has to do with Apple…

Steve Jobs Resigns as Apple’s CEO

By now, I assume everyone’s heard the news about Steve Jobs’ resignation as CEO of Apple, presumably due to health reasons. For the time being he’ll be staying on as board chairman and will continue in some undefined role as an “employee.” He’ll be replaced as CEO by chief operating officer Tim Cook, who’s worked closely with Jobs for thirteen years. By all accounts Cook is capable and is credited with solving the company’s supply problems early in his tenure at Apple. To my thinking, it’s much too soon to tell how Jobs departure will affect Apple, though it’s certain his absence will be felt.

Congress Considers Stepping on Rights, Windows Mobile Share Nil & Whose DNA Is It Anyway?

Friday FOSS Week in Review

With the Black Hat Conference going on in Las Vegas, and with Congress messing around where they shouldn’t, this has been a busy week in the FOSS world. Some of the news is good; some of the news is not so good. I’ll start with a rant…

Proposed Data Retention Bill Would Chill Free Speech

The House will soon be considering a bill that will require ISP’s to maintain logs of their customers Internet use for a 12 month period. As I understand it, the law would include a customer’s browsing history, credit card numbers, etc. The stated purpose of the proposed law is to catch pedophiles visiting child porn sites, but everybody who knows anything about the Internet agrees it won’t be very effective at doing that. What it will do, if enacted, is bring Orwell’s “Big Brother” vision a little closer to home and make your network connected devices look even more like telescreens than they do now.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

osCommerce Under Attack – So Far 3.79 Million Pages Affected

The popular osCommerce ecommerce application has been under attack at least since last week, according to web application security firm Amorize. At last count the attack has affected more than three million pages. The attack, in the form of an iFrame injection, utilizes several vulnerabilities in older versions of osCommerce. The latest version doesn’t seem to be affected. Any business using an older version of osCommerce is advised to upgrade immediately.

The Zen Cart ecommerce application, which was initially a value added fork of osCommerce, doesn’t seem to be affected. Kim Elliott, one of the founding members of Zen Cart, told me, “As far as I know there hasn’t been a problem. As long as you have our latest version and file permissions set correctly you shouldn’t have any issues.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Google’s Problems with Android Apps, Webmaster Tools and Oracle – RMS Says “Don’t Go There”

Friday FOSS Week in Review

Google’s been everywhere in the news this week, so much so that I’ve considered calling this week’s column “Friday Google Week in Review.” It’s not all Google, however, but it is all interesting – at least to me.

8% of Android Apps Leak Data

On Tuesday, security site Dark Reading reported that Neil Daswani, CTO for security firm Dasient has found that about 8% of Android apps leak user data. In a study that will be released in full at next month’s Black Hat conference in Las Vegas, Daswani found that 800 out of 10,000 applications tested were found to be leaking personal data. Eleven of the apps were sending mobile spam, SMS messages, to other smartphones.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

WordPress Plugins for Security & Robustness

Yesterday I wrote about how WordPress has evolved into a first rate platform that can be easily customized. One of the ways that WordPress is customized to meet the unique needs of a site is through the use of plugins that add functionality. Most of these functions are visual and offer visitors a richer experience while on your site. Others are never even seen by the visitor and only indirectly affect his or her experience.

During site design, it can be easy to become so blinded by the the former group, the plugins that add lots of gee-whiz bells-and-whistles, that we ignore the later group that does the grunt work to increase our site’s performance. However, judicious use of these behind-the-scenes plugins can make our WordPress sites more secure and help reduce server loads, making for a safer and quicker site and a better experience for our visitors.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Security Risk in Firefox & Chrome

Many of us who use Firefox or Chrome browsers do so for security reasons. Unfortunately, this lulls many of us into a false sense of security, as there’s really no such thing as “safe” browsing. This has become increasingly true in recent years, as major content providers have insisted that a feature rich web experience should trump security, with the folks at Mozilla and Google seemingly willing to lend a helping hand.

According to James Forshaw with the security firm Context, there is a new security threat to worry about in the form of WebGL, which is enabled by default in Firefox 4 and Chrome. According to Forshaw, the risk is substantial – both to your data and to your hardware. Just to give you an idea:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Breaking News: