Press "Enter" to skip to content

Posts published in “Security”

Wetware: The Most Important Trend in Malware

Blaster worm screenshot
Hex dump of 2003’s Blaster worm, that left a message for Microsoft CEO Bill Gates.
On Thursday, Christine Hall looked at the economy of cybercrime. I also took a peek at the Symantec report, and indeed, the statistics are sobering. There is one statistic, however, that Symantec has ommitted from its report. They did not report – at least not numerically – on the trend of growing wetware vulnerabilities that take advantage of users’ bad habits.

Yet Another Windows Security Fail

Windows logoWe might as well start with the moral of this story: Don’t protect Windows with Windows.

For at least a decade, Microsoft has been chanting the mantra, “at Microsoft security is job one,” over and over and over. During this time, it’s repeated this mantra often enough to convince a lot of people that Windows is much safer than it once was, which I suppose is true since it couldn’t have gotten much worse. However, a new report from AV-Test proves the company isn’t yet ready to move up to the next mantra level and begin chanting, “at Microsoft we do security right,” because clearly it doesn’t.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Looking at the Cracker Hacker Economy

Today I spent some time looking at a white paper issued by the security firm Symantec called Website Security Threat Report, which is basically a catalog of malware threats for the non-techie suits who control the purse strings for web facing server deployments — sort of a “here boss, this is why we have to spend so much money on security” type of thing. Most of it’s old news to those of us who, for whatever reason, follow tech news, but some of the trends noted by the folks at Symantec are interesting enough.

As a matter of fact, there’s a bit of sobering news for sites like FOSS Force, as again in 2014, technology sites top the list of the type of sites most likely to be exploited by cracker hackers, with the number on the rise. According to Symantec, last year tech sites represented 21.5 percent of sites infected by malware, up from 9.9 percent in 2013. Even more disturbing is that number two on this list are hosting sites, up from the number three position in 2013, with 7.3 percent of malware infected sites.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Limit Your Linux Super Powers With su & sudo

I recently offered some security tips aimed at new system administrators. And hey, the home users among you should take note, after all, you’re the administrator of your home system! One of the tips was “Don’t run as root.” Today I would like to expand on that a bit. First, we’ll take a look at why you should limit the use of your super powers. Then we’ll look at the best ways to use su and sudo to help you limit your risks.

Don Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in PerĂº.

The NSA, Windows & Antivirus

Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.

Boris and NatashaIronically, this side door is intended to be a security door for third party add-ons that every Windows machine needs to keep it safe from cracker hackers — if that’s indeed possible. And this security tool is usually more trusted by Microsoft system admins, especially those outside the U.S., than Windows itself.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Five Security Tips for New Linux Admins

It’s generally fairly easy for new Linux administrators to get up and running with the basics of installing, configuring and managing Linux systems at a basic level. Truthfully, though, it takes years to get the in-depth knowledge required in many server environments today. One thing I really recommend learning early on — i.e. from the beginning — is security.

Monitor padlockI participate in a group of professional penetration testers (the nice folks who help you test your security as if they were the bad guys) called Charlotte Hackers Anonymous. I asked the group what they thought were the most important tips for new system administrators, and below are their tips, along with my thoughts on each.

Don Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in PerĂº.

Is the FOSS Infrastructure Crumbling?

It appears as if much of the open source infrastructure we depend on is suffering from neglect. That’s the message brought to the SouthEast LinuxFest (SELF) by David Nalley. Listening to his talk, “The Tragedy of Open Source,” it was hard not to think that some of our infrastructure projects are beginning to resemble some disintegrating municipal water and sewer systems, or maybe compare his examples with our crumbling roads and bridges. Nalley is a South Carolina based “recovering sysadmin” who now wears many hats at Apache as well as being an employee at Citrix.

Heartbleed logoThe neglect he mentions has caused more than a few near misses that fell inches short of disaster, with two major incidents happening last year alone.

Take the Heartbleed vulnerability that affected openSSL. Nalley points out that last year when the bug was discovered, there was only one person, earning a mere twenty grand a year, actively maintaining the openSSL project. Also last year, there was only one person maintaining bash when Shellshock was discovered.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Redmond Fights FOSS Openness With ‘Transparency’ Centers

The allegations that came with the Edward Snowden revelations of Microsoft’s cooperation with U.S. spy agencies is evidently still a problem for Redmond, if a blog item posted yesterday by security VP Matt Thomlinson is any indication. It seems the company has opened a second Transparency Center, this one in Brussels. The news comes eleven months after the announcement of the first such center on the company’s Redmond campus.

Homer Simpson spyAt the height of the media frenzy that developed around Snowden’s initial revelations, there were allegations that Microsoft had not only built back doors in its software for the NSA and other government agencies to use against foreign businesses and governments, but that it was cooperating with U.S. authorities in other ways as well. For example, one report indicated that the company was passing along details of unpatched security vulnerabilities in Windows to the NSA, effectively adding temporary tools to the spy agency’s cyber arsenal.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

WordPress Upgraded to Fix Security Holes

Website publishers using the popular free and open source WordPress content management system (CMS) woke up this morning to find that their sites had been upgraded to version 4.2.2. Users who’s sites somehow missed being automatically upgraded are urged to update immediately, as this update addresses several important security issues. According to Wordfence, maintainers of a popular WordPress security plugin, this release fixes one recently discovered vulnerability and further hardens a security issue that was addressed in version 4.2.1.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Linux Chromebooks, Securing the Web & More…

FOSS Week in Review

Unfortunately, Larry’s a little under the weather today, so here I am…

Put that on your Chromebook and run it

We hear from Softpedia that Chromixium is just about ready for prime time. Well, that may be jumping the gun a little bit. What we really hear is that the distro has now gone from beta to release candidate, and that a honest-to-goodness 1.0 stable version is virtually just around the corner. Trouble is: we’re not sure yet just how far away we are from that corner. Shouldn’t be too far, however. The beta version was only released in February, so these developers aren’t wasting time.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Samsung’s Spying TVs, Ubuntu Phone Sells Out & More…

FOSS Week in Review

Larry Cafiero is busy working for SCALE (pun intended), so you’re stuck with me for another week. Sorry.

Ubuntu Phone sale is gone in a flash

The sale of the first ever Ubuntu phone through a European flash sale was evidently a success. Of course, we wouldn’t know as the phone isn’t available yet to those of us who live on this side of the pond, so it hasn’t been getting much press over here. However, EU sites are all atwitter with headlines like “Ubuntu Sells Out!”

Ubuntu phoneThat was referring to the first flash sale, held Wednesday morning EU time, in which all devices being made available were sold out in “just a few hours,” according to Softpedia. In fact, it sold so quickly that a decision was made to hold another flash sale that same afternoon. The original flash sale was supposed to last for nine hours. The number of devices sold hasn’t been released.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Latest Articles