Like many LJ readers these days, I've been leading a bit of a
techno-nomadic lifestyle as of the past few years—jumping from network
to network, access point to access point, as I bounce around the real
world while maintaining my connection to the Internet and other networks I
use on a daily basis. more>>
UEFI (Unified Extensible Firmware Interface) is the open, multi-vendor
replacement for the aging BIOS standard, which first appeared in IBM
computers in 1976. The UEFI standard is extensive, covering the full
boot architecture. This article focuses on a single useful but typically
overlooked feature of UEFI: secure boot.
Encryption and secure communications are critical to our life on the
Internet. Without the ability to authenticate and preserve secrecy, we
cannot engage in commerce, nor can we trust the words of our friends and
Last week has seen an explosion of e-commerce sites infected with the Linux.Encoder.1 ransomware. For those not familiar with the term, ransomware is a particularly vicious type of malware that aims to extort money from the owners of compromised systems. more>>
Freedom and privacy go hand in hand. In an ideal world,
we wouldn't have to worry about who was looking over our shoulders.
None of us would have anything to hide, and we would have ulterior
motives. As citizens of the real world though, we have to take measures to
I'm not generally a privacy nut when it comes to my digital life. That's
not really a good thing, as I think privacy is important, but it often
can be very inconvenient. For example, if you strolled into my home office,
you'd find I don't password-protect my screensaver. more>>
Vigilante. The word itself conjures up images of a man in a mask,
leaping across rooftops as he chases wrongdoers, dancing with the devil
in the pale moonlight. In films and on TV, the vigilante is usually
the character we support. But would you welcome a vigilante into your
home in real life?
Lunar, one of the lead developers on the Debian ReproducibleBuilds project, has recently outlined a serious security hole that could impact all open-source software, including most Linux distributions. It potentially exposes users to unwanted scrutiny from third parties, including security agencies. His project is designed to close this hole.
Most of you probably have heard of Wireshark, a very popular and capable
network protocol analyzer. What you may not know is that there exists a
console version of Wireshark called tshark. The two main advantages of
tshark are that it can be used in scripts and on a remote computer through
an SSH connection. more>>
With many open-source projects built on top of others, a security
weakness in a common piece of infrastructure can have far-reaching consequences.
As OpenSSL's Heartbleed security hole demonstrated, these vulnerabilities can
appear in even the most trusted packages.
Through the years, Firefox has enjoyed a reputation as one of the
most secure Web browsers on any platform, and it's the default browser for many
Linux distros. However, a security exploit appeared this week that has shown
users they can't afford to be complacent about security. more>>
In my last article, I started a series on some of the challenges related to spawning
secure servers on Amazon EC2. In that column, I discussed some of the overall
challenges EC2 presents for security compared to a traditional infrastructure
and elaborated on how I configure security groups and manage secrets. more>>
Through the years, I have settled on maintaining my sensitive data in
files that I then encrypt asymmetrically. Although I take care to harden my
system and encrypt partitions with LUKS wherever possible, I want to secure my
most important data using higher-level tools, thereby lessening dependence on
the underlying system configuration. more>>
I was chatting with Fred Richards on IRC the other day (flrichar on
freenode) about sneaking around hotel firewalls. Occasionally, hotels will
block things like the SSH port, hoping people don't abuse their network.
Although I can respect their rationale, blocking an SSH port for a Linux user
is like taking a mouse away from a Windows user! more>>
Would you change what you said on the phone, if you knew someone malicious was listening?
Whether or not you view the NSA as malicious, I imagine that after reading the NSA coverage on
Linux Journal, some of you found yourselves modifying your behavior. The same thing
happened to me when I started deploying servers into a public cloud (EC2 in my case).