Security

What's New in Qubes 4

Considering making the move to Qubes 4? This article describes a few of the big changes. In my recent article "The Refactor Factor", I talked about the new incarnation of Linux Journal in the context of a big software project doing a refactor:

diff -u: Adding Encryption to printk()

When is security not security? When it guards against the wrong people or against things that never happen. A useless security measure is just another batch of code that might contain an exploitable bug. So the Linux developers always want to make sure a security patch is genuinely useful before pulling it in.

For Open-Source Software, the Developers Are All of Us

"We are stronger together than on our own." This is a core principle that many people adhere to in their daily lives. Whether we are overcoming adversity, fighting the powers that be, protecting our livelihoods or advancing our business strategy, this mantra propels people and ideas to success.

Rapid, Secure Patching: Tools and Methods

Generate enterprise-grade SSH keys and load them into an agent for control of all kinds of Linux hosts. Script the agent with the Parallel Distributed Shell (pdsh) to effect rapid changes over your server farm.

Testing the Waters: How to Perform Internal Phishing Campaigns

Phishing is one of the most dangerous threats to modern computing. Phishing attacks have evolved from sloppily written mass email blasts to targeted attacks designed to fool even the most cautious users. No defense is bulletproof, and most experts agree education and common sense are the best tools to combat the problem.

The Wire

In the US, there has been recent concern over ISPs turning over logs to the government. During the past few years, the idea of people snooping on our private data (by governments and others) really has made encryption more popular than ever before. One of the problems with encryption, however, is that it's generally not user-friendly to add its protection to your conversations.

iStorage diskAshur Storage Drives

With software-free setup and operation, the new iStorage diskAshur group of ultra-secure storage drives works across all operating systems, including Linux, macOS, Android, Chrome, thin and zero clients, MS Windows and embedded systems.

Key Considerations for Software Updates for Embedded Linux and IoT

The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers.

Postmortem: What to Do After a Security Incident

Incidents happen. Vulnerabilities happen. The quality of your response can make the difference between a bad day and a disaster. What happens after the response can make the difference between endless firefighting and becoming stronger with every battle. A quality postmortem analysis is free ammunition.

All Your Accounts Are Belong to Us

Last weekend my work phone suddenly stopped working. Not the phone itself, but rather all service stopped. I first noticed (of course) due to an inability to load any web pages. Then I tried calling someone and realized my phone was disconnected. In fact, when someone tried to call me, it said the line was no longer in service.

Never Trust Yellow Fruit

You've probably heard about the WiFi Pineapple from Hak5. It's a fascinating device that allows you to do some creepy pen testing. It's the sort of tool that could be used for evil, but it's also incredibly useful for securing networks.