Vigilante. The word itself conjures up images of a man in a mask,
leaping across rooftops as he chases wrongdoers, dancing with the devil
in the pale moonlight. In films and on TV, the vigilante is usually
the character we support. But would you welcome a vigilante into your
home in real life?
Lunar, one of the lead developers on the Debian ReproducibleBuilds project, has recently outlined a serious security hole that could impact all open-source software, including most Linux distributions. It potentially exposes users to unwanted scrutiny from third parties, including security agencies. His project is designed to close this hole.
Most of you probably have heard of Wireshark, a very popular and capable
network protocol analyzer. What you may not know is that there exists a
console version of Wireshark called tshark. The two main advantages of
tshark are that it can be used in scripts and on a remote computer through
an SSH connection. more>>
With many open-source projects built on top of others, a security
weakness in a common piece of infrastructure can have far-reaching consequences.
As OpenSSL's Heartbleed security hole demonstrated, these vulnerabilities can
appear in even the most trusted packages.
Through the years, Firefox has enjoyed a reputation as one of the
most secure Web browsers on any platform, and it's the default browser for many
Linux distros. However, a security exploit appeared this week that has shown
users they can't afford to be complacent about security. more>>
In my last article, I started a series on some of the challenges related to spawning
secure servers on Amazon EC2. In that column, I discussed some of the overall
challenges EC2 presents for security compared to a traditional infrastructure
and elaborated on how I configure security groups and manage secrets. more>>
Through the years, I have settled on maintaining my sensitive data in
files that I then encrypt asymmetrically. Although I take care to harden my
system and encrypt partitions with LUKS wherever possible, I want to secure my
most important data using higher-level tools, thereby lessening dependence on
the underlying system configuration. more>>
I was chatting with Fred Richards on IRC the other day (flrichar on
freenode) about sneaking around hotel firewalls. Occasionally, hotels will
block things like the SSH port, hoping people don't abuse their network.
Although I can respect their rationale, blocking an SSH port for a Linux user
is like taking a mouse away from a Windows user! more>>
Would you change what you said on the phone, if you knew someone malicious was listening?
Whether or not you view the NSA as malicious, I imagine that after reading the NSA coverage on
Linux Journal, some of you found yourselves modifying your behavior. The same thing
happened to me when I started deploying servers into a public cloud (EC2 in my case).
With Hiera, you can externalize your systems' configuration data and
easily understand how those values are assigned to your servers. With
that data separated from your Puppet code, you then can encrypt sensitive
values, such as passwords and keys.
Linux has a well deserved reputation as being one of the most secure platforms
for individuals and businesses. This is largely due to the way
security is integrated into the system, but there is a great risk in
being too complacent. Recent events serve to remind us that there is no
such thing as an uncrackable system.
Drupal is a very widely used open-source content management system.
It initially was released in 2001, and recent statistics show Drupal
as the third-most popular content management system, with just less than
800,000 Web sites utilizing Drupal as a content management system.
Large enterprises and nuclear laboratories aren't the only organizations
that need an Internet access policy and a means of enforcing it. My
household has an Internet access policy, and the technique I've used to
enforce it is applicable to almost any organization. In our case, I'm not
too concerned about outside security threats. more>>