Top 5 iPod Alternatives for Linux Users Learning Ubuntu: "Why support a company that doesn't support what you use?
The iPod is a great MP3 player, but there are several other MP3 players which are better then the iPod, and support all of the major operating systems as well." (Nov 15, 2009)
Linux Today Features
Linux Today Sticky Page On this page we'll maintain links to important articles and documents that pertain to Free Software, Linux, and the tech industry. Please submit your suggestions to editors@linuxtoday.com. Thank you! (Jun 15, 2009)
Small Features
Editor's Note: Cloud is Just Another Word for "Sucker"
We might warn about privacy, security, and reliability problems in cloud computing, but it's coming and we can't stop it. So do we join the cloud party? Heck no. Nov 14, 2009
Zero-Day Vulnerabilities in Firefox Extensions Discovered (Nov 20, 2009, 18:33 UTC) (846 reads)
(0 talkbacks)
(feedback) Help Net Security: "One of the reasons behind Firefox's popularity is the availability of a vast library of extensions. Users use them to modify the browser to their liking and make their browsing experience easier and more pleasant. The problem is, unbeknown to them, these extensions are exposing them to risk."
New Microsoft patent may put Linux security components at risk (Nov 13, 2009, 12:34 UTC) (3040 reads)
(5 talkbacks)
(feedback) The H Open: "Microsoft has been granted a patent on a privilege escalation system which appears to cover the functionality of PolicyKit, which is used for fine grain authorisation on Ubuntu, Fedora, openSUSE and other Linux systems."
Serious Adobe Flash Vulnerability (Nov 12, 2009, 22:03 UTC) (1754 reads)
(0 talkbacks)
(feedback) HelpNetSecurity: "Foreground Security discovered a critical vulnerability in Adobe Flash. This vulnerability allows the same-origin policy of Adobe Flash to be exploited to allow nearly any site that allows user generated content to be attacked."
A strangely compromised Linux box (Nov 6, 2009, 12:43 UTC) (4867 reads)
(1 talkbacks)
(feedback) A.P. Lawrence: "A customer reported that a Linux machine used for ssh access (to in turn give telnet access to an ancient SCO machine) was refusing logins. I asked him to try logging in as root at the console; he was unable to do so."
Vulnerability in SSL/TLS protocol (Nov 6, 2009, 01:47 UTC) (3677 reads)
(0 talkbacks)
(feedback) The H Open: "According to reports, vulnerabilities in the SSL/TLS protocol can be exploited by attackers to insert content into secure connections. If this is correct, it would affect HTTPS and all other protocols which use TLS for security, including IMAP."
GNOME Cleartext Passwords: Bug or Feature? (Nov 3, 2009, 00:02 UTC) (2189 reads)
(2 talkbacks)
(feedback) Ubuntu User: "The current discussion in the Ubuntu forums is about a possible security hole in GNOME, specifically about GNOME registered users having their passwords appear as cleartext on the keyring. Not a bug, say its defenders, but the security concept behind the GNOME keyring."
Computer Aided Investigative Environment 1.0 released (Nov 2, 2009, 15:34 UTC) (1278 reads)
(0 talkbacks)
(feedback) The H Open: "CAINE and NetBookCAINE (NBCAINE) provide a complete digital forensic environment that's organised to integrate existing software tools as software modules and to provide a simple graphical user interface"
SECURITY: 20 Linux Server Hardening Security Tips (Oct 30, 2009, 14:21 UTC) (4069 reads)
(0 talkbacks)
(feedback) nixCraft: "Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system."
SECURITY: GNU/Linux Security: Linux House vs Microsoft House (Oct 28, 2009, 09:13 UTC) (3381 reads)
(1 talkbacks)
(feedback) ERACC Web Log: "This is the second article in my series about GNU/Linux security for the GNU/Linux curious and new GNU/Linux user. There are many attempts to explain the differences between GNU/Linux and Microsoft products when it comes to security. In this article I am going to make yet another attempt."
Vuurmuur 0.8 Beta 2 Released (Oct 27, 2009, 14:21 UTC) (1555 reads)
(0 talkbacks)
(feedback) It Runs on Linux: "Vuurmuur (Dutch for Firewall) is a powerful Firewall Manager built on top of the Linux Iptables."
SECURITY: Now Linux Can Get Viruses Via Wine (Oct 26, 2009, 18:47 UTC) (3652 reads)
(0 talkbacks)
(feedback) Using Coconuts: "I forget who, but some wiseguy stuck a link to site (not linkified so Google doesn't mark me as evil) on his Facebook wall, which reminded me of one reason I love Firefox (and Linux): security."
Linux and Security: Mission Impossible? (Oct 26, 2009, 14:18 UTC) (2648 reads)
(1 talkbacks)
(feedback) Embedded.com: "The use of Linux in systems requiring high levels of security has been a frequent topic of controversy. Supporters have claimed that Linux's open source approach improves security due to exposure to an enormous, worldwide community of developers and users."
Linux Security Notes - AIDE File Integrity (Oct 22, 2009, 02:03 UTC) (1697 reads)
(0 talkbacks)
(feedback) Howtoforge: "AIDE (Advanced Intrusion Detection Enviornment) is a tool to check the file integrity. It is an opensource substitute for TRIPWIRE."
More Linux Remote Networking Tips and Tricks (part 2) (Oct 21, 2009, 20:03 UTC) (2313 reads)
(1 talkbacks)
(feedback) LinuxPlanet: "In part 1 we learned some neat tricks using OpenSSH and SSHFS for fast remote logins and file sharing. Today in Part 2 we learn how easy it is to configure OpenSSH to use secure public key authentication instead of a password login."
Spam filtering with Kmail (Oct 18, 2009, 08:04 UTC) (1876 reads)
(0 talkbacks)
(feedback) Ghacks: "SPAM. It’s a dreadful word that causes many a computer user to yank out their hair and wish their service provider would do a better job of keeping SPAM out of your inbox"
Windows 7: Unimproved Security (Oct 12, 2009, 18:33 UTC) (4599 reads)
(6 talkbacks)
(feedback) Sure, It's Secure!: "Windows 7 is much better than Vista, but when it comes to security, it's just more of the same old, same old as the first security patches make their appearance."
ClamAV 0.94.x end of life - with prejudice (Oct 7, 2009, 19:02 UTC) (2506 reads)
(0 talkbacks)
(feedback) LWN.net: "Starting from 15 April 2010 our CVD will contain a special signature
which disables all clamd installations older than 0.95 - that is to say
older than 1 year."
A Third Time, Uncharmed
(Oct 5, 2009, 17:03 UTC) (1924 reads)
(0 talkbacks)
(feedback) That grumpy BSD guy: "In our efforts to entice the suits into the wonderful new world of free software, we likely oversold the security part."
SSL trick certificate published (Oct 1, 2009, 17:02 UTC) (4078 reads)
(0 talkbacks)
(feedback) The H Open: "Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers – which would only be detectable by subjecting the certificate to closer scrutiny."
Microsoft Adds Support for StartCom Certificates (Sep 25, 2009, 01:34 UTC) (2246 reads)
(0 talkbacks)
(feedback) Startcom Press release: StartCom is proud to announce that digital certificates issued by the StartCom Certification Authority are now fully trusted and legitimate in Microsoft applications such as Internet Explorer and Office/Outlook. Microsoft recently enabled this support by adding StartCom to its Root Certificate Program in an updated list of trusted root certificates distributed worldwide to users of Microsoft applications.
SECURITY: The First Linux Botnet? (Sep 13, 2009, 19:07 UTC) (6361 reads)
(4 talkbacks)
(feedback) IT World: "Has Linux security been breeched? Are Linux systems in danger of being transformed into botnet zombies the way millions of Windows PCs have been? In a word: Nah."
Protect Your Network With an Open-Source Firewall (Sep 11, 2009, 17:19 UTC) (3600 reads)
(0 talkbacks)
(feedback) NetworkWorld: "SmoothWall Express 3.0 is an open source GNU/Linux firewall which is security-hardened and freely downloadable. By design, it has minimal hardware requirements and a small footprint."
Five messages to never trust in your e-mail box (Aug 31, 2009, 20:03 UTC) (3742 reads)
(2 talkbacks)
(feedback) Sure, it's Secure!: "I love Dr. Gregory House. As a journalist, I can really appreciate his view that "Everybody lies." That may be too cynical for most people, but when it comes to dealing with your e-mail I'm not sure it's possible to be cynical enough."
Besieged by attacks, AT&T dumps celebrity hacker (Aug 21, 2009, 16:34 UTC) (4203 reads)
(7 talkbacks)
(feedback) The Register: "The reason: his status as a celebrity hacker makes his accounts too hard to defend against the legions of script kiddies who regularly attack them."
On Bugs, Viruses, Malware and Linux (Aug 19, 2009, 09:02 UTC) (4326 reads)
(2 talkbacks)
(feedback) Linux Blog Safari: ""If the anti-malware industry has anything to offer GNU/Linux," challenges blogger Robert Pogson, "let them step up.""
Linux NULL pointer dereference due to incorrect proto_ops initializations (Aug 14, 2009, 12:03 UTC) (4300 reads)
(1 talkbacks)
(feedback) cr0 blog: "Tavis Ormandy and myself have recently found and investigated a Linux kernel vulnerability. It affects all 2.4 and 2.6 kernels since 2001 on all architectures. We believe this is the public vulnerability affecting the greatest number of kernel versions."
Consider Linux for Secure Online Banking (Aug 12, 2009, 14:32 UTC) (4386 reads)
(2 talkbacks)
(feedback) eSecurity Planet: "Do you make online financial transactions from a Windows computer? If so, you may want to re-visit that decision."
How To Log Emails Sent With PHP's mail() Function To Detect Form Spam (Aug 11, 2009, 01:33 UTC) (4055 reads)
(2 talkbacks)
(feedback) Howtoforge: "If you are running a webserver you might have faced the problem already: somewhere on your server is a vulnerable contact form or CMS system written in PHP that gets abused by spammers to send emails trough your server."
It's time to get rid of Windows (Aug 8, 2009, 09:02 UTC) (9600 reads)
(16 talkbacks)
(feedback) Cyber Cynic: "I was wrong. Hundreds of millions of Internet users were annoyed because of Windows botnet-based DDoS aimed at one (1) person."
Researchers find insecure BIOS 'rootkit' pre-loaded in laptops (Aug 6, 2009, 10:34 UTC) (4068 reads)
(0 talkbacks)
(feedback) ZDNet: "A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers."
Fake ATM doesn't last long at hacker meet (Aug 3, 2009, 12:01 UTC) (5677 reads)
(1 talkbacks)
(feedback) Computerworld: "Criminals running an ATM card-skimming scam made a big mistake this week: They tried to hit the Defcon hacker conference in Las Vegas."
Fun with NULL pointers, part 2 (Jul 31, 2009, 09:02 UTC) (4528 reads)
(1 talkbacks)
(feedback) LWN.net: "But this exploit suggests that there could be a whole class of related problems in the kernel; there is a definite chance that similar vulnerabilities could be discovered - if, indeed, they have not already been found."
Microsoft Forges 3 New Security Tools (Jul 30, 2009, 18:34 UTC) (3412 reads)
(5 talkbacks)
(feedback) LinuxInsider: "Microsoft offered some details on three new security projects at the Black Hat security conference. It also unveiled the progress it's made with some of the projects it announced at last year's event."
Top 20 OpenSSH Server Best Security Practices (Jul 26, 2009, 15:03 UTC) (6817 reads)
(1 talkbacks)
(feedback) nixCraft: "From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security."
