UserOnline

, 2 Guests,

Archives

Print This Post Print This Post

Congratulations Linux Journal on it 200th Issue

I just wanted to say congrats on the 200th issue to Linux Journal.  I enjoy reading about Linux and things that are open source.  This mag is a great place to start.  I have every issue back to 1994.    It is reasonably priced and full of good, usable information.  Once again congrats on the 200th issue.

Print This Post Print This Post

Firefox addon, Firesheep, the novice way to sidejack?

I read several articles about Firesheep, the addon for Firefox, and the sidejacking that it performs on a computer network. The first think I would like to say is that most these articles basically encourage people to try it out, and make people think their information will be stolen while using the WiFi at the local coffee shop. For anyone who doesn’t know sidejacking has been around for a number of years and it isn’t even close to the only way you can have information taken from you while using a open network. It also doesn’t just apply to Facebook or any of the sites in the list, this is for all web traffic that uses HTTP. It is unsecure and is just fine for most of the traffic on the Internet. So this really isn’t anything new, and using common sense will help you avoid any real problems.

The first thing I would do to combat this is to not go to websites that has personal information on them while at internet cafes, book stores, or coffee shops. This eliminates any real problems with someone sidjacking, packet sniffing, or any other means of getting information from you on these open networks. So if you want to go get some coffee and while you are there you want to check the news, feel free to. But if you must check your email or Crackbook, you can use SSL or HTTPS to logon to these websites. Most website will switch back over to HTTP after you login so you will have to use an application such as Force-TLS. This is a Firefox extension allows your browser to change HTTP to HTTPS on sites that you indicate in the Firefox Add On “Preferences” menu, protecting your login information and ensuring a secure connection when you access social sites and email.

I still believe that most people should just think about what they are doing on the Internet and what they can live with if they are attacked. Can they survive having their email hijacked or someone posting garbage on their Facebook account. Otherwise just use your phone for Facebook updates or wait till you get home. I only use place like that if I am traveling and need to get access for something. You take a chance of getting into an accident everyday driving to work, using a public or open WiFi network is the same thing. So just use common sense and you should have no problems.

Print This Post Print This Post

Two vulnerabilities in Linux allow access to root account

Two new vulnerabilities affecting Linux were uncovered this week that could potentially be used by malicious hackers to gain root privileges. One vulnerability, which was reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets protocol (RDS) in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel.

Known as CVE-2010-3904, the bug could allow a local attacker to issue specially crafted socket function calls to write arbitrary values into kernel memory and thereby escalate privileges to root, giving the attacker “superuser,” administrator status.  The problem exists only in Linux installations in which the CONFIG_RDS kernel configuration option is set, and where there are no restrictions preventing unprivileged users from loading packet family modules.

GNU C Library Loader

The second vulnerability, dubbed CVE-2010-3847, derives from a flaw in the library loader of the GNU C library that can be exploited to gain root privileges under Linux and other systems. Using the hole, an attacker could reportedly gain full control of a system by escalating his or her privileges after breaking into a web server with restricted access rights.

the bug was found to exist in Red Hat Enterprise Linux (RHEL) 5 and CentOS 5, among other distributions. Patches are currently in the works, but “this is a low impact vulnerability that is only of interest to security professionals and system administrators.

One thing that is for sure  is the fact that these holes will be fixed quickly by the scores of programmers that work on these linux distributions.  It is also important to remember that security holes are found in every piece of software release, it is just a matter of how long it takes to fix it and how many machines are taken over through this vulnerability.