Press "Enter" to skip to content

Posts published in “Security”

Why Linux Distros Look Insecure Even Though They’re Not

By Robin "Roblimo" Miller on March 3, 2016 |

Operating Systems and Security

Why Linux Distros Look Insecure Even Though They’re NotLinux security

The transparency of open software means that security vulnerabilities are visible and can’t be quietly swept under the rug.

Another bunch of scary security alerts from your favorite Linux distro has hit the front page of FOSS Force. It was the same last week and the week before, and will be the same next week and the week after.

Linux security

One FOSS-boosting friend claims the alerts are the result of “media sensationalism.” While it’s possible that there is a clickbait element to some of the reports (DROWN, anyone?), most of the reported vulnerabilities are real and serious, and we need to know about them.

Continue readingWhy Linux Distros Look Insecure Even Though They’re Not
More Linux Phones, More Mint Hack & Just Plain More…

More Linux Phones, More Mint Hack & Just Plain More…

By Christine Hall on February 26, 2016 |

Browsers, Community, Copyright, Distros, Mobile, Obits, Operating Systems and Security

FOSS Week in Review

As Linux Mint scrambles to get security back on track, numerous prototypes of Linux phones are on display and Ubuntu gathers awards at the Mobile World Conference in Barcelona.

What a week in the FOSS world. So much has happened since our last Week in Review that I think I’ll skip the idle chitchat about the weather and such and get straight to business. Well, I will take the time to tell you that it’s been damned cold in these parts and I’m more than ready for spring…

Linux Mint LogoThe Great 2016 Linux Mint Hack: The hack at one of the crown jewels of Linux distros has undoubtedly been the biggest story this week. I’ll not bore you by repeating details which most of you have probably already read by now, but will direct those of you who don’t know to FOSS Force’s coverage on Sunday, and to our report on Monday in which Freedom Penguin Matt Hartley helps me take a look at the nature of the crack/hack.

The good news is that things are slowly — very slowly — returning to normal for the Mint team. By midweek, things were under control enough that the switch could be flipped on Mint’s server, putting the website back online. On Thursday I had a very brief email discussion with the distro’s project leader Clem Lefebvre — “very brief” because Lefebvre was more than little busy at the time. He and his team are in up to their elbows, working to make sure that everything works and plays well with the hardening they’ve done to Mint’s server, as well as working overtime to find any niggling security issues. In other words, they have it all under control, even as they work to get it more under control.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingMore Linux Phones, More Mint Hack & Just Plain More…
Linux Mint: Anatomy of a HackLinux Mint compromised download page

Linux Mint: Anatomy of a Hack

By Christine Hall on February 22, 2016 |

Distros, News and Security

The hackers who compromised the Linux Mint site on Saturday were evidently not the brightest stars in the dark web, but they managed to create a mess for the Mint crew to clear away.

Everybody understands that none of a stage magician’s tricks are real. The one thing that is real, and which a successful illusionist must practice to perfection, is the art of misdirection — which evidently turned out the be the trick under the sleeves of the cracker/hackers who were responsible for compromising ISO downloads of Linux Mint 17.3 Cinnamon on Saturday.

In the FOSS Force news article on the hack which ran Sunday, we said “the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa).” We now know that’s not quite true, or at least not in the way we meant. The hackers didn’t bust into the Mint server and modify the binaries waiting to be grabbed by the mirror sites for downloads. Instead, this was a case of misdirection.

The hackers had a copy of Mint with their malicious payload in place, packaged as an ISO image and sitting on a Bulgarian server they controlled, waiting to serve downloads of what is arguably the worlds most popular version of GNU/Linux. The intrusion at Mint was a quick in-and-out to change the URLs in the anchor tags on Mint’s download page for the 64-bit Cinnamon version of Linux Mint 17.3 “Rosa.” Afterwards, users who clicked on a link to download from, say, the Internet Solutions mirror in South Africa, were taken to the hackers’ server in Bulgaria. Let the download begin. Wham, bam, thank you mam.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingLinux Mint: Anatomy of a Hack
Linux Mint Hacked: ISO for 17.3 Cinnamon Edition ModifiedLinux Mint Logo

Linux Mint Hacked: ISO for 17.3 Cinnamon Edition Modified

By FOSS Force on February 21, 2016 |

Distros, News and Security

An intrusion of the Linux Mint server on Saturday makes downloads performed on Saturday of version 17.3 Cinnamon potentially vulnerable.

Linux Mint project leader Clem Lefebvre revealed in a blog post today that the popular Linux distribution’s servers were hacked on Saturday. During the “brief” intrusion, the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa) and also gained access to the distro’s forum database. Only this particular ISO is affected; other editions or releases are considered safe. Only ISO’s downloaded Saturday are potentially vulnerable.

Continue readingLinux Mint Hacked: ISO for 17.3 Cinnamon Edition Modified
FreeBSD, Variants Not Affected by Recent GNU BugBSD logo

FreeBSD, Variants Not Affected by Recent GNU Bug

By Larry Cafiero on February 18, 2016 |

News, Operating Systems and Security

Larry the BSD Guy

The glibc security vulnerability that Linux developers have been scrambling to patch does not affect *BSD.

Much has been made about a vulnerability in a function in the GNU C Library. And searching far and wide over the Internet, there was little — actually nothing — I could find regarding how this affected BSD variants.

However, you can rest easy, BSDers: Not our circus, not our monkeys.

Dag-Erling Smørgrav, a FreeBSD developer since 1998 and a former FreeBSD Security Officer, writes in his blog that “neither FreeBSD itself nor native FreeBSD applications are affected.”

Larry Cafiero

Larry Cafiero is a journalist and a Free/Open Source Software advocate and is involved in several FOSS projects. Follow him on Twitter: @lcafiero

Continue readingFreeBSD, Variants Not Affected by Recent GNU Bug
Microsoft Kidnaps Windows, Malware Everywhere & More…Windows 10 screen shot

Microsoft Kidnaps Windows, Malware Everywhere & More…

By Christine Hall on February 5, 2016 |

Distros, Mobile, News, Operating Systems and Security

FOSS Week in Review

The big Linux conference down in the land of Oz just completed and there are no really big shows on the agenda until Atlanta’s Great Wide Open opens its great doors wide in March. Everybody here in North Carolina, which I call home, is on the road, hanging out in Baghdad-by-the-Bay waiting to see how well the Panthers play in fog and trying to pretend to be old hats at having a pro home team worth the effort of a root or two.

You’d think it would be quiet around here, but it’s not. As always, it’s one thing after another, and as a coworker often often says, I’m getting too old for this. I could tell you stories, but I’m not. What I am going to tell you is the high points of this week in FOSS…

If you’re a Windows user, which most of you reading FOSS Force aren’t, then Microsoft wants to hijack your machine. It seems that the company that’s been spending millions — and has been buying into every free and open source conference it can find and a few it can’t — to get the word out that “Microsoft has changed,” hasn’t. If you happen to be unlucky enough to be using Windows 7, 8 or 8.1, you’re probably beginning to realize this right about now.

Windows users might be well advised to think about unplugging their computers from the Internet when they’re not around to keep an eye on things or they’re likely to wake-up in the morning, or return home from work, to find they’re running Windows 10 instead of whatever version they know and love.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingMicrosoft Kidnaps Windows, Malware Everywhere & More…
Readers Say ‘No’ to Antivirus on LinuxSecurity lock

Readers Say ‘No’ to Antivirus on Linux

By FOSS Force on February 5, 2016 |

Operating Systems, Polls and Security

The FOSS Force Poll

A few weeks back when Ken Starks wrote an anecdotal column on an experience with a false positive from Avast antivirus on GNU/Linux, we started thinking. We run antivirus on our LAMP servers with the intent of protecting poor suckers on Windows, but on our Linux desktops and laptops? Pretty much, no. Some of us had tried the open source ClamAV at one time or another, mainly out of curiosity, but none of us had stuck with it. To our knowledge, until Starks wrote his column none of us even knew anybody who had ever run proprietary AV on Linux boxes.

antivirus can be picked like a lock
By Rudolf Simon [CC BY 3.0 ]
That was a far cry from our Windows days — and it would be a fair assumption to say that everyone here at one time or another relied on Windows as their primary operating system. In those days, the first thing we’d do with a new or new used box was download and install AVG, Avast or Symantec, and maybe even throw in a third party firewall such as Zone Alarm, just to be on the safer side.

Did any of it work? Who knows? But as an old friend of ours used to say, “We have to do something, even if it’s wrong.”

Continue readingReaders Say ‘No’ to Antivirus on Linux
Ghosts in the Linux Machinecomputer virus

Ghosts in the Linux Machine

By Ken Starks on January 26, 2016 |

Operating Systems and Security

I’ve been smug about it for years now. No, smug doesn’t really cover it. “Haughty” might be a closer match. Now there’s an old school word: Haughty. It was used in a time when every other sentence didn’t contain a hyperbolic term or a phrase.

“Man, that movie was awesome!”

No, that movie wasn’t awesome. It might have been extremely entertaining or thought-provoking, but it wasn’t awesome. The overwhelming swell within you when you first see the Milky Way out in the middle of nowhere with no light pollution, that is awesome. An F5 tornado rending a human body part down to slimy, unrecognizable DNA, now that’s awesome. Watching Jupiter take one for the home team here on earth, thusly avoiding an extinction-level event, that was awesome. Awesome is when you have no words or ability to say words.That’s what awesome is

Regardless of how I parse it, the fact is that as a Linux user, I felt just a wee bit sorry for my Windows brethren and probably a wee bit superior. All that chugging and churning their computers went through several times a week while their antivirus software brought their machines to their knees….

Not me. I’m a Linux user.

Ken Starks

Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue

linuxlock.blogspot.com/
Continue readingGhosts in the Linux Machine
Ubuntu, Microsoft, Tizen & More…SUSE

Ubuntu, Microsoft, Tizen & More…

By Christine Hall on January 15, 2016 |

Distros, Mobile, News, Operating Systems and Security

FOSS Week in Review

There was plenty of FOSS news this week, but in many ways it was just more of the same — the more things change and all that. Unfortunately, some of the news harkens back to the dark ages, when armour clad knights from Redmond seemed to be hiding behind every tree…

SUSEIs Ubuntu the new Novell? It probably wasn’t news to anybody when Microsoft failed to renew it’s deal with SUSE when it expired at year’s end. Many with long memories will remember that way back when SCO was still a viable company, Microsoft inked a deal with Novell, which was then the proud new owner of the SUSE Linux distro. Among other things, the deal gave SUSE users a free pass against getting sued by Microsoft for infringing any of its patents. As part of the deal, Microsoft purchased tons and tons of SUSE support contracts to sell to enterprise customers who might need to keep a Linux machine or two running, which were reportedly given away. Mainly, Microsoft was using SUSE as its official Linux distro, and as a testing ground for Microsoft’s attempts to get Windows to work and play well with Linux.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingUbuntu, Microsoft, Tizen & More…
Gmail and a Can of Spam

Gmail and a Can of Spam

By Ken Starks on January 12, 2016 |

Operating Systems, Security and Web Apps

The Heart of Linux

“You’ve got mail compromised mail!”

The emails started coming in slowly at first. Friends and colleagues were telling me that my Gmail address was pushing out spam.

“Spam? Really?”

My first inclination was to push those emails aside as a temporary albeit bothersome incident. Something similar had happened a few years earlier, but subsided quickly with no real or evident damage. I guessed that some bot did a drive by and picked up my email contacts and started pumping out spam and other messages.

GmailBut this incident wasn’t to be pushed aside. The emails started coming in faster and faster, until I acknowledged that I had a real problem.

Ken Starks

Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue

linuxlock.blogspot.com/
Continue readingGmail and a Can of Spam