Posts published in “Security”

Microsoft Infects Windows Computers With Malvertising

By Christine Hall on October 15, 2015 |

I thought about ignoring this one and letting it slide, but it’s too priceless, too typically Microsoft, not to pass on. It seems that Redmond has been inadvertently infecting Windows computers with ransomware through its MSN website. Not to worry, however. The company is happy to hand you a tool to remove the malware, which is akin to locking the door after the horse is gone, as your files will by then be locked up tighter than a waterproof safe.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com

The Elderly & the Scam Masters

The Elderly & the Scam Masters

By Ken Starks on July 28, 2015 |

Community and Security

It always happens to someone else. Right? I mean, what are the chances it will happen to me? Or you? Be it winning the lottery or developing a debilitating disease. We all know someone who knows someone who…well, you know how it goes. It will happen to someone else.

And it did, two days ago. Across the street from me.

Claude and Jane are good folks. Both in their mid 70s. They live on their combined retirement funds and spend their time keeping busy with kids, grandkids, and from what I hear, a great-grandchild in a matter of months. They come over for coffee or tea at times, and we always see them at community center events. They are not well off by any standard, but they do okay…until last Saturday.

Ken Starks

Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue

linuxlock.blogspot.com/

OSCON: Purism Respects Your Rights & Freedom

OSCON: Purism Respects Your Rights & Freedom

By Larry Cafiero on July 23, 2015 |

Hardware, News, Security and Software

Your digital rights — do both your hardware and software respect them?

Because if they don’t, Purism might have the answer to this shortcoming.

At OSCON, Purism has on hand the Librem 13 and Librem 15 laptops – the numbers designating the screen size (13-inch and 15-inch, respectively) — which are both designed, chip-by-chip and line-by-line to respect your rights to privacy, security and freedom, which is Purism’s philosophy.

“We developed Purism so that users can have access to the highest quality computers without compromising these beliefs,” the Purism website states. “The founder of Purism developed the Philosophical Contract, that we all abide by, which was adopted from the Free Software Foundation, and expanded to include hardware manufacturing as it relates to software.”

Larry Cafiero

Larry Cafiero is a journalist and a Free/Open Source Software advocate and is involved in several FOSS projects. Follow him on Twitter: @lcafiero

Wetware: The Most Important Trend in Malware

By Don Parris on July 7, 2015 |

Internet and Security

Blaster worm screenshot — Hex dump of 2003’s Blaster worm, that left a message for Microsoft CEO Bill Gates.

On Thursday, Christine Hall looked at the economy of cybercrime. I also took a peek at the Symantec report, and indeed, the statistics are sobering. There is one statistic, however, that Symantec has ommitted from its report. They did not report – at least not numerically – on the trend of growing wetware vulnerabilities that take advantage of users’ bad habits.

Don Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in Perú.

Yet Another Windows Security Fail

By Christine Hall on July 6, 2015 |

Admin, News, Operating Systems and Security

Windows logo We might as well start with the moral of this story: Don’t protect Windows with Windows.

For at least a decade, Microsoft has been chanting the mantra, “at Microsoft security is job one,” over and over and over. During this time, it’s repeated this mantra often enough to convince a lot of people that Windows is much safer than it once was, which I suppose is true since it couldn’t have gotten much worse. However, a new report from AV-Test proves the company isn’t yet ready to move up to the next mantra level and begin chanting, “at Microsoft we do security right,” because clearly it doesn’t.

Christine Hall

FOSSForce.com

Looking at the Cracker Hacker Economy

By Christine Hall on July 2, 2015 |

Security

Today I spent some time looking at a white paper issued by the security firm Symantec called Website Security Threat Report, which is basically a catalog of malware threats for the non-techie suits who control the purse strings for web facing server deployments — sort of a “here boss, this is why we have to spend so much money on security” type of thing. Most of it’s old news to those of us who, for whatever reason, follow tech news, but some of the trends noted by the folks at Symantec are interesting enough.

As a matter of fact, there’s a bit of sobering news for sites like FOSS Force, as again in 2014, technology sites top the list of the type of sites most likely to be exploited by cracker hackers, with the number on the rise. According to Symantec, last year tech sites represented 21.5 percent of sites infected by malware, up from 9.9 percent in 2013. Even more disturbing is that number two on this list are hosting sites, up from the number three position in 2013, with 7.3 percent of malware infected sites.

Christine Hall

FOSSForce.com

Limit Your Linux Super Powers With su & sudo

Limit Your Linux Super Powers With su & sudo

By Don Parris on June 30, 2015 |

Admin, Security and Tutorial

I recently offered some security tips aimed at new system administrators. And hey, the home users among you should take note, after all, you’re the administrator of your home system! One of the tips was “Don’t run as root.” Today I would like to expand on that a bit. First, we’ll take a look at why you should limit the use of your super powers. Then we’ll look at the best ways to use su and sudo to help you limit your risks.

Don Parris

The NSA, Windows & Antivirus

The NSA, Windows & Antivirus

By Christine Hall on June 25, 2015 |

Admin, News, Operating Systems and Security

Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.

Ironically, this side door is intended to be a security door for third party add-ons that every Windows machine needs to keep it safe from cracker hackers — if that’s indeed possible. And this security tool is usually more trusted by Microsoft system admins, especially those outside the U.S., than Windows itself.

Christine Hall

FOSSForce.com

Five Security Tips for New Linux Admins

Five Security Tips for New Linux Admins

By Don Parris on June 22, 2015 |

Admin, Operating Systems and Security

It’s generally fairly easy for new Linux administrators to get up and running with the basics of installing, configuring and managing Linux systems at a basic level. Truthfully, though, it takes years to get the in-depth knowledge required in many server environments today. One thing I really recommend learning early on — i.e. from the beginning — is security.

I participate in a group of professional penetration testers (the nice folks who help you test your security as if they were the bad guys) called Charlotte Hackers Anonymous. I asked the group what they thought were the most important tips for new system administrators, and below are their tips, along with my thoughts on each.

Don Parris

Is the FOSS Infrastructure Crumbling?

By Christine Hall on June 17, 2015 |

Community and Security

It appears as if much of the open source infrastructure we depend on is suffering from neglect. That’s the message brought to the SouthEast LinuxFest (SELF) by David Nalley. Listening to his talk, “The Tragedy of Open Source,” it was hard not to think that some of our infrastructure projects are beginning to resemble some disintegrating municipal water and sewer systems, or maybe compare his examples with our crumbling roads and bridges. Nalley is a South Carolina based “recovering sysadmin” who now wears many hats at Apache as well as being an employee at Citrix.

The neglect he mentions has caused more than a few near misses that fell inches short of disaster, with two major incidents happening last year alone.

Take the Heartbleed vulnerability that affected openSSL. Nalley points out that last year when the bug was discovered, there was only one person, earning a mere twenty grand a year, actively maintaining the openSSL project. Also last year, there was only one person maintaining bash when Shellshock was discovered.

Christine Hall

FOSSForce.com

Redmond Fights FOSS Openness With ‘Transparency’ Centers

Redmond Fights FOSS Openness With ‘Transparency’ Centers

By Christine Hall on June 4, 2015 |

Business, News, Operating Systems, Politics and Security

The allegations that came with the Edward Snowden revelations of Microsoft’s cooperation with U.S. spy agencies is evidently still a problem for Redmond, if a blog item posted yesterday by security VP Matt Thomlinson is any indication. It seems the company has opened a second Transparency Center, this one in Brussels. The news comes eleven months after the announcement of the first such center on the company’s Redmond campus.

At the height of the media frenzy that developed around Snowden’s initial revelations, there were allegations that Microsoft had not only built back doors in its software for the NSA and other government agencies to use against foreign businesses and governments, but that it was cooperating with U.S. authorities in other ways as well. For example, one report indicated that the company was passing along details of unpatched security vulnerabilities in Windows to the NSA, effectively adding temporary tools to the spy agency’s cyber arsenal.