January 2013 Issue of Linux Journal: Security

Sticky Note of Doom

Years ago, I had the brilliant idea that all my users in the finance department should have complex passwords. This made perfect sense to everyone, since dealing with millions of dollars of revenue is something that should be secured. So, the passwords were changed with complexity requirements enforced. I slept better that night knowing our paychecks were no longer secured by passwords like "mustang" or "mrwhiskers".

I came in the next day only to find very complex passwords written on sticky notes and affixed to everyone's monitors. Security software is no match for a Sharpie marker and a Post-It. It was a lesson well learned. This month is our Security issue, and although we don't have an answer to the Sticky Notes of Doom, we do have some great articles on Linux-related security.

Reuven M. Lerner starts off the issue with an interesting column on real-time messaging over the Web. Back in the days when every user was in a terminal window, a quick wall command would send everyone a message. Reuven describes a similar concept, but with Web users. Dave Taylor follows up not with Web programming, but with game programming. Using his talent for making learning fun, Dave shows how to write a script to play Cribbage.

Kyle Rankin returns to his PXE magic from a couple years back and explains how to leverage the network bootloader not only to install operating systems, but also to boot them directly. If you've ever been intimidated by PXE menus, or if you thought PXE was too limited, you'll want to read Kyle's column. It's a great followup to his last piece on the topic, and it showcases just how flexible PXE can be.

I joined the security bandwagon this issue and decided to talk about passwords. If you (or a "friend") use the same password for every Web site, or if you use your pet's name to secure your credit-card statements, you really need to read my column this month. Whether it's to pick up some hints on password creation or just get some pointers for convincing others to use good passwords, I hope you'll find my tips helpful.

If you're fascinated by data encryption, Joe Hendrix's article on Elliptic Curve Cryptography is more than just an interesting read. Joe not only shows how to implement this method, but also how to use it in real life with OpenSSH. With most encryption methods, people just keep making a bigger and bigger encryption key to improve security. Elliptic Curve Cryptography offers more security and smaller key sizes. When it comes to passwords, encryption is great, but even better is to destroy the password completely after using it. Todd A. Jacobs teaches how to configure one-time passwords on your servers. If you're working from an open Wi-Fi hotspot, a one-time password is a way to make sure you're safe even if your password is hijacked.

Speaking of Wi-Fi, Marcin Teodorczyk has a fun article on setting up a Wi-Fi honeypot. If you want to have fun with your neighbors, or if you're just curious about what people do to an open access point, Marcin shows you what to do. If you live near a place people tend to gather, your results should astound!

We've also got lots of other goodies for you this month. Mike Diehl discusses how to create smartphone apps with Phonegap. Joey Bernard takes a great look at Gnuplot. Our New Products section features a mention of Kyle Rankin's new book, and our Upfront section has useful tips to inform and entertain. So, in honor of the Security issue, maybe take this opportunity to remove sticky notes from monitors and challenge people to change their passwords to something other than their dogs' names. This was a fun issue for us, and we hope the same will be true for you!

Available to Subscribers: January 1

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

journal for 2013

Rogger's picture

I would suggest please come to this site and take the chance from suplementos importados

I like the job over here it

Jeremiah's picture

I like the job over here it is interesting to share wonderful comments for your creative topic.Graduation essay

I found this is an

Anonymous123's picture

I found this is an informative and interesting post so i think so it is very useful and knowledgeable. I would like to thank you for the efforts you have made in writing this article. Free tenancy agreement template

http://www.hairwigs.de/

CK's picture

When you have nice post then

Allister's picture

When you have nice post then content helps you with latest information. here it is the same situation, i have new tips to reduce your fat in most quick way.
write my research paper

I have found your post to be

ffxibank's picture

I have found your post to be very rousing and full of good information.We are really grateful for your blog post. You will find a lot of approaches after visiting your post. ffxi gold

We've also got lots of other

Anonymous's picture

We've also got lots of other goodies for you this month. Mike Diehl discusses how to create e-papierosy smartphone apps with Phonegap. Joey Bernard takes a great look at Gnuplot. Our New Products section features a mention of Kyle Rankin's new book, and our Upfront section has useful tips to e-papierosy inform and entertain. So, in honor of the Security issue, maybe take this opportunity to remove sticky notes from monitors and challenge people to change their passwords to something other than their dogs' names. This was a fun issue for us, and we hope the same will be true for you!

2013 issue

roger gull's picture

Many web developers use user agent switchers to address this issue

linux jornal

andreas leane's picture

Due to the multifarious nature of the mobile web, developers tend to spend a lot of time testing their work is lipo 6 black, lipo 6 unlimited and dhea

http://www.watchessegment.com

http://www.watchessegment.com's picture

http://www.watchessegment.com This post has helped me to have another perspective. I am researching this topic for a paper I am writing. Your article provided me great insight of my topic.

http://www.watchessegment.com

http://www.watchessegment.com's picture

http://www.watchessegment.com This post has helped me to have another perspective. I am researching this topic for a paper I am writing. Your article provided me great insight of my topic.

hello.

hitesh's picture

Natural Cosmetics Another excellent example of innovation, I am happy to find it. There are so several developers working on this segment but this is one of the best innovative idea ever. Thanks for sharing it here.

Awesome

Jaiswal's picture

You actually make it appear so easy with your presentation but I find this affair to be actually something which I think I would never understand. It seems too recondite and extremely broad for me. I'm looking forward for your next post, I’ll try to get the hang of it!
mode

Security of system as well as

lipin peter's picture

Security of system as well as network is such a serious issue. Especially, in large organizations where system contains many vital information. Same is the condition with home pc as well where there can be many secret data storing. The article could provide a lot of important information about password and system security.for more details

Brilliant!! Enjoying your

Gifts To Pakistan's picture

Brilliant!! Enjoying your ideas. Top Job!.Gifts To Pakistan

Awsome article Waiting for

Send Gifts To Pakistan's picture

Awsome article Waiting for more info dude !!Send Gifts To Pakistan

If you replace "UEFI" with

Anonymous's picture

If you replace "UEFI" with "UEFI Secure Boot", the rest of this section is fine - Although, I'd argue that there is a good amount of FUD still present. RedHat, Ubuntu and Sabayon can all boot with Secure Boot enabled in the BIOS by using Shim. The only prevention of user control that I've seen proof of, is on Windows 8 tablets where Secure Boot cannot be disabled, leaving no opportunity to add keys to allow custom software to run. e-papierosy

Post new comment Please note

Anonymous's picture

Post new comment
Please note that comments may not appear immediately, so there is no need to repost your comment.IBM's platform as a service (PaaS), IBM SmartCloud Application Services, is now generally available and ready to help your development team collaborate in the cloud!
http://www.lehighvalleylive.com/bethlehem/index.ssf/2008/11/australian_c...

I am very interested, unable

Disu's picture

I am very interested, unable to hold oneself back to share with the people around me have a look. Yellow Pages Cybo I support your ideas, and I wish you make persistent efforts.They may have helped him but in all honesty, what was said about the success of the album’s true no matter if the album had a 15 month 200k start before Brantley’s hit.

I am upbeat to found such

web design vancouver's picture

I am upbeat to found such advantageous post. I decidedly broadened my memorizing accompanying peruse your post which may be helpful for me. web design vancouver

I really enjoy simply reading

web design vancouver's picture

I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful web design vancouver

Great post!!

Martin Cooper's picture

I am upbeat to found such advantageous post. I decidedly broadened my memorizing accompanying peruse your post which may be helpful for me. online discount clothing

message

deva's picture

nice sties

addy's picture

Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!Microdermabrasion

diff -u UEFI

Tim Hoppen's picture

I've got a bit of a bone to pick about the last topic discussed in the diff -u section of this issue. When I see sentences like, "I'd say that UEFI almost certainly will be part of the kernel", and "Its purpose is to prevent users from having control of their own systems..." I cry inside. This only shows a lack of good research.

As usual in the Linux community, the concepts of "UEFI" and "UEFI Secure Boot" are all mixed up. UEFI is already supported very well by the kernel and does not, by itself, pose any threat to Linux or Linux users. UEFI, at a basic level, is really only a set of interfaces to replace the 20+ year old BIOS to OS interfaces.

Secure Boot (a single chapter of the UEFI spec, chapter 27) provides a method to only load signed UEFI drivers and applications to prevent malicious or undesired software from being run by the firmware (BIOS).

The main problem is that the definition of "undesired" is not defined at all in the specification.

If you replace "UEFI" with "UEFI Secure Boot", the rest of this section is fine - Although, I'd argue that there is a good amount of FUD still present. RedHat, Ubuntu and Sabayon can all boot with Secure Boot enabled in the BIOS by using Shim. The only prevention of user control that I've seen proof of, is on Windows 8 tablets where Secure Boot cannot be disabled, leaving no opportunity to add keys to allow custom software to run.

-Tim

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix