Press "Enter" to skip to content

Posts published in “Security”

The Ongoing Wars Against Free Tech

By Christine Hall on December 4, 2014 |

Internet, Politics and Security

After a few months of not hearing much from Microsoft, the company has been in the news a bit recently. First there was the brouhaha when it announced it was offering the .NET framework as open source. Then there were several big security problems with Windows, with one serious vulnerability going all the way back to Windows 95.

Although this would’ve been big news in the old days, the FOSS press has been relatively quiet about all this. There were a few articles about the .NET thing, with some writers pointing out that the MIT license which Redmond is using will offer no patent protection for Redmond owned .NET related patents, and the Windows security issues got next to no FOSS coverage at all.

My how times have changed.

A decade ago the open sourcing of any major program by Microsoft would have FOSS writers in a dither, even if released under the GPL. We would’ve been uber suspicious, certain that this was only the front end of a plan to end Linux and FOSS as we know it. As for the Windows security woes, we’d be rubbing our hands with glee, writing paragraph after paragraph on how much this proves the inferiority of Windows and the superiority of our beloved Linux. In those days, we had to take our good news wherever we could find it.

Continue readingThe Ongoing Wars Against Free Tech
Facial Recognition: It’s Hide Your Face Timefacial recognition - surveillance cameras

Facial Recognition: It’s Hide Your Face Time

By Christine Hall on November 6, 2014 |

News, Politics and Security

Do you have any traffic tickets you neglected to pay? You know, the kind that eventually turn into bench warrants and cause you to be super careful when you drive, lest you get pulled over for yet another minor infraction and end up handcuffed in the back of a squad car, on your way to spend a few hours in the local hoosegow until your significant other shows up with bail? If so, don’t worry. As long as you manage to not get pulled over, you’re still reasonably safe. But the time is rapidly coming when just walking down the street minding your own business might cause a squad car to be dispatched to pick you up to make sure you pay your fine, thanks to our old buddy, facial recognition.

facial recognition - surveillance camerasI know this is old news and it seems like implementation of the technology in such manner is years away — but I think it’s coming quicker than we think. Some may even think this to be no big deal. After all, what’s wrong with the fuzz having the ability to pick lawbreakers out of downtown pedestrian traffic or while on a jaunt across the parking lot to Office Depot at a local strip mall? Wouldn’t that include the ability to get dangerous violent criminals off the street?

Well, yes. But this old hippie still doesn’t like it. During my life I’ve seen too many instances where the police overzealously abuse a new technology they’ve embraced. Think tasers or pepper spray — or swat teams for that matter. Do a Google to get an idea of how many unarmed citizens have been dispatched to their graves through the wrongful use of tasers or pepper spray — although the investigation of these incidents rarely find fault with the officer who did the dispatching.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingFacial Recognition: It’s Hide Your Face Time
Drupal Hack & WordPress UsersWordPress logo

Drupal Hack & WordPress Users

By Christine Hall on October 30, 2014 |

Internet and Security

It’s not a good day for Drupal users, with the security folks at the CMS platform telling all users to consider themselves compromised if they didn’t install a security patch within seven hours of its release on October 15th.

Fixing the infected sites will require a bit of work. Sites will need to be taken offline, and the current install of Drupal blown-up and replaced with a backup from before October 15th. Any changes made made to a site since that date will have to be redone. Site owners will also need to notify their hosting companies of the situation, since the Drupal exploit could also be used to hack into other sites on a host’s server. Hosts will not be happy to hear this.

Users of other CMS platforms can give a sigh of relief — after all, they’ve dodged a bullet — but they’d be well advised to pay attention; a similar scenario could play out on any platform at any time.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingDrupal Hack & WordPress Users
Should Everything in the World Be Facing the Internet?security

Should Everything in the World Be Facing the Internet?

By Christine Hall on October 9, 2014 |

Business, Internet and Security

From its inception, we knew the Internet to be an unsafe place. Before the first server was cracked by an online hacker, we knew that was bound to happen sooner or later. We knew because people were already breaking into computers, even without the Internet offering 24/7 cracker/hacker convenience.

Back in the early 90s, when I was living in the college town of Chapel Hill, I shelled-out five bucks or so at the local Egghead Software store for a shrink wrapped floppy disk loaded with “shareware” utilities for MS-DOS. Twenty years have passed, so I don’t remember what tool I needed, but I’d gone there specifically looking for something or another and had been directed to that particular product by a clerk at the store. Once I got home, I stuck the disk into the drive, looked over its contents and installed a couple of the apps.

securityThat was the end of it, or so I thought.

Several months later a biology major friend of mine with no computer skills — yes, in those days it was possible to earn an undergraduate science degree without knowing how to use a computer — dropped by to use my computer, a 486 with a whopping 4 megs of RAM. She was set to graduate soon and needed to use my machine to prepare a resume. I opened WordPerfect and set her loose to type away, answering any questions she had as she worked — such as how to remove a formatting code or preview how the document would look when printed.

An hour or so later, when she finished, I saved her work to a new blank floppy and sent her to see our mutual friend, Tony, to print it, as all I had was an old, noisy and beat-up Epson dot matrix printer and he had a fancy daisy wheel job. Two days later, she was back at my door, mad as hell.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingShould Everything in the World Be Facing the Internet?
Researchers Release USB Exploit & Incomplete Fix on GitHubUSB exploit

Researchers Release USB Exploit & Incomplete Fix on GitHub

By FOSS Force on October 8, 2014 |

Hardware, News and Security

Now that a working exploit of the USB vulnerability that’s baked-in to the USB standard has been released, it might be a prudent move to no longer employ any USB devices that aren’t already under your control until this situation has been fixed.

The exploit was first made public two months ago at the Black Hat conference in Las Vegas when Karsten Nohl and Jakob Lell of Berlin based Security Research Labs (SRL) demonstrated an attack they called BadUSB to a standing-room-only crowd.

Continue readingResearchers Release USB Exploit & Incomplete Fix on GitHub
‘Tux Machines’ DDOS Attack Moves to ‘TechRights’Tux Machines logo

‘Tux Machines’ DDOS Attack Moves to ‘TechRights’

By FOSS Force on October 4, 2014 |

Media, News and Security

Editor’s note: This article was updated 9/4/2014 at 5:15 p.m. EDT to include latest update from Tux Machines publisher.

The DDOS attack that has rendered the popular Linux site Tux Machines virtually unreachable for nearly two weeks, now seems to be affecting sister site TechRights. Roy Schestowitz, publisher of both sites, told FOSS Force that the attack on TechRights began at about one o’clock Friday afternoon GMT.

“…an hour ago I got some automatic reports and some messages from readers saying that Tech Rights had gone offline,” he said. “I then checked logs, grepped on ‘NT’ (all the zombies are [running different versions of] NT), and saw pretty much the same pattern as on Tux Machines.”

As of eleven o’clock this evening EDT, both site were reachable from FOSS Force’s offices in North Carolina, but we’ve been unable to determine if this is because the attacks have ended or if this is only a temporary reprieve.

Continue reading‘Tux Machines’ DDOS Attack Moves to ‘TechRights’

Secure Linux Systems Require Savvy Users

By Christine Hall on September 29, 2014 |

Community, News, Operating Systems and Security

Linux securityPatches are available to fix the bash vulnerability known as Shellshock, along with three additional security issues recently found in the bash shell. The patches are available for all major Linux distros as well as for Solaris, with the patches being distributed through the various distros.

After the patch is applied, there are a couple of commands that can be run from a terminal to ascertain that a system is no longer vulnerable. For details, see the article Steven J. Vaughan-Nichols has written for ZDNet. As yet, there is no patch available for OS X, although Apple says that one is on the way, while assuring its users that Mac systems aren’t vulnerable except for the most advanced users.

The good news about all this is that it demonstrates how quickly the Linux community can get the word out and then rally to engineer a solution when a security problem is discovered. The bad news is that not all Linux users listen. Too many users believe that the security features that are baked into Linux offer complete protection, no matter what. Unfortunately, that’s not the case. It never was, nor can it ever be.

My friend Andrew Wyatt, who spent time some years back as the founder and lead developer of the Fuduntu Linux distro, attempted to address this fact recently in a comment to an article on FOSS Force:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingSecure Linux Systems Require Savvy Users

When the Police Can Brick Your Phone

By Christine Hall on August 16, 2014 |

Hardware, Mobile and Security

“Tyranny. Pure and simple. If it is software, somebody will find a way to hack it. If it is hardware, ‘old’ smartphones will be worth their weight in platinum.”

My friend Ross from Toronto made this comment with a link he posted on Facebook to The Free Thought Project’s article on a new about-to-be law in California. The law mandates a kill switch on all new smartphones, allowing the owner of a stolen phone to disable it until it’s recovered. The bill, CA SB 962, now only needs the expected signature of governor Jerry Brown to become law. In July, a similar law went into effect in Minnesota.

Organized using smartphones.
Photo by Jonas Naimark – Licensed under Creative Commons Attribution 3.0
On the surface, a law with the purpose of protecting expensive smartphones from theft might seem to be a no-brainer good thing. Just render the device inoperable, while activating a homing program to locate it. Presto! In no time at all the phone is back in the hands of its rightful owner and made operable again. Supporters also hope the kill switch becomes a deterrent that greatly reduces the number of phone thefts.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingWhen the Police Can Brick Your Phone
USB Ports Are No Longer Your Friend (If They Ever Were)USB exploit

USB Ports Are No Longer Your Friend (If They Ever Were)

By Christine Hall on August 9, 2014 |

Hardware, News and Security

Just because the good guys have discovered a new security risk doesn’t mean the bad guys haven’t known about it forever. The risk is only new to us. It’s actually been there for a long time, maybe forever. Who knows how long everyone from the black hats in Moscow to the NSA in bucolic Maryland have been taking advantage of what appears to us to be a “new” exploit?

The USB security hole recently unveiled by Berlin based Security Research Labs (SRL) seems to be of those that’s been around “forever.”

USB exploit infecting Linux
A slide used by Security Research Labs at the Black Hat USA security conference explaining how a USB device can be infected by a Windows computer in order to gain root access on Linux.
(click to enlarge)
While it shouldn’t be news to anybody that caution should be exercised when using USB devices, the new exploit would seem to indicate that even the most draconian security measures, short of doing away with USB devices entirely, might not be enough. The recently revealed problem has to do with the USB controller chip found in most, if not all, USB devices. The chip basically identifies the device type to the computer.

The trouble is, most of these chips are relatively easy to reprogram.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingUSB Ports Are No Longer Your Friend (If They Ever Were)

China Says ‘No’ to Windows 8

By Christine Hall on May 21, 2014 |

Business, News, Operating Systems, Politics and Security

Reuters reported yesterday that the Chinese government has banned the use of Windows 8 on Chinese government computers. According to the official Xinhua news agency, the ban is being put in place by the Central Government Procurement Center primarily over security concerns now that Microsoft has ended support for XP, which is thought to be the most widely used operating system within China. This news has led Forbes to speculate that this may prompt Redmond to continue to support the OS within the People’s Republic.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingChina Says ‘No’ to Windows 8

eBay Hacked – Will Ask Users to Change Passwords

By Christine Hall on May 21, 2014 |

Internet, News and Security

eBay announced this morning that they’ve been hacked and that “encrypted passwords and other non-financial data” have been compromised. They’re expected to begin notifying their customer base later today, which will include a suggestion for users to change their passwords. The company says that PayPal, an eBay subsidiary, uses its own servers and was not affected by the attack.

According to CNET, the first public news of the compromise came by way of a cryptic blog posting by PayPal:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingeBay Hacked – Will Ask Users to Change Passwords
Breaking News: