We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Privacy has long been seen as a basic, sacred right. But in the Web 2.0 world, where the average user is addicted to Google apps, GPS devices, their BlackBerry or iPhone, and such social networking sites as Facebook and Twitter, that right is slowly and willingly being chipped away. In fact, some security experts believe it's gone already.
Many major social networking sites are leaking information that allows third party advertising and tracking companies to associate the Web browsing habits of users with a specific person, researchers warn.
The new Apple iPhone OS 3.1 software comes with a new anti-phishing feature for the Mobile Safari browser, but researchers say the filter doesn't work.
According to WikiLeaks, this civil action "issued by the Superior Court, County of Santa Clara, as part of a 'libel tourism' action taken by non-US property developers, demands detailed information about the operators of 'tcijournal @ gmail.com.' The account is the main email address of the TCI Journal, the most influential journal covering the Turks & Caicos Islands.
An unknown Christian dating site was recently hacked and whoever responsible managed to gain access to a list of email addresses and passwords. It
After having his AT&T wireless account breached and his personal information posted on the Web, famed hacker Kevin Mitnick thought the least the cellular service provider could do was compensate him for his troubles.
I've filed this one under privacy. Bruce Schneier has always been a good source of privacy and biometrics issues, let alone crypto. This isn't good: The scientists fabricated blood and saliva samples containing DNA from a person other than the donor of the blood and saliva. They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to match that profile without obtaining any tissue from that person.
Internet denizens and urban dwellers alike need to recognize that an era of anonymity is ending. The population of the world stands at about 7 billion. So it takes only 10 digits to label each human being on the planet uniquely.
Classic article on choosing a secure password from Bruce Schneier on Wired. It's great reading, even for those of us who have been around a while.Ever since I wrote about the 34,000 MySpace passwords I analyzed, people have been asking how to choose secure passwords. My piece aside, there's been a lot written on this topic over the years -- both serious and humorous -- but most of it seems to be based on anecdotal suggestions rather than actual analytic evidence. What follows is some serious advice.
Has personal security been relegated into a simple graph that shows your risk? Fraud, and even phishing risks are real. Is this capitalizing on FUD?Like many people, I'm worried about identity fraud. Not paranoid, just generally curious what the chances are that I could be victimized by things like mail theft. Sure, I could sign up for one of the fee-based identity fraud monitoring services like LifeLock or Debix, or I can get a credit report that might give me some clue that a credit card has been taken out by someone else in my name. Now there is a Web site that offers an assessment of a person's identity fraud risk for free.
Not necessarily Linux related, but how are Linux admins dealing with social networks and the risks to their users? Spammers are no strangers to the ever-growing Twitter. From commercial Twitter spamming tools, to re-tweeting trending topics for delivering their message, a new crafty search technique can provide spammers with fresh and valid emails harvested from Twitter
Deleting a file or reformatting a disk does not destroy your sensitive data. The data can easily be undeleted. That
One of the new features in Ubuntu 8.10 is the ability to create an encrypted directory for content you do not want others to access. Oh, by the way, did you know that anyone can read your files that are in your home directory? Do you want to know how you can protect the privacy of your data on Ubuntu 8.10? Check out this article which tells you alternative ways to do this including a cryptographic filesystem package.
Whether you are online or offline, freedom matters. Like good health you never think about it or miss it until it is under threat or actually gone. If you love freedom, you probably love free software and it has given us some terrific tools with which to defend freedom. In this article I will give an overview of some of the available resources (Freenet, Wikileaks and Tor) to protect dissident opinion, facilitate whistle blowing and promote the safe and anonymous development of free software. If you want or need to keep your online surfing private there are many Linux applications to choose from. Do you use any online privacy software when surfing the next?
I am assuming that you already know how to set up an encrypted file system using cryptsetup with luks (or something else). There are several howtos. I am also assuming that you are familiar with LVM2. This tutorial deals only with how to add an extra encrypted physical volume to a volume group pool containing other encrypted physical volumes. This is typical scenario if, at first, you have set up your encryption at a physical partition level (/dev/sdaX where X is the a number of your partition), then you setup your LVM on top of the encrypted partition. If at some later time you want to add another partition in your volume group, you will also want to have it encrypted in order to maintain the same level of security. In order for your machine to boot, initramfs needs to be able to unlock both PVs in order to reconstruct the entire volume group where your root lv is lying. For those of you familiar with LVM2 and looking to securely encrypt data on your logical volumes, this article provides a great step-by-step tutorial on how to do so. This implementation requires passwords to be typed for each volume - maybe you can let us know how this would be done with a keyfile?
One of the most prized rights of any American is the right to privacy and security. It's something people in some countries would kill for. Yet now there appears to be a very frightening trend growing. Your privacy and security are being thrown out the window wholesale in favor of easier access by law enforcement. A recent example of this can be seen with the announcement that Microsoft has been providing a tool to investigators that can effectively rip your Windows security to shreds in seconds, exposing all your private data to whoever wants to look at it. A key point brought up in this article is the fact that prevention of crimes should hold higher priority over that of solving crimes. It seems that breaking security for the sake of forensics would not only make crimes easier to "solve", but also easier to commit. How do you feel about this approach to improving forensics?
Introduced in Ubuntu 7.10 was install-time encryption support where using the alternate installer one can fully encrypt their disk in an LVM using dm-crypt. Unfortunately, the Ubiquity installer in Ubuntu 8.04 continues to lack LVM and encryption support, but using Ubuntu 8.04 Alpha 6 we have looked at the performance cost of this encrypted configuration on Ubuntu Linux. Rather than looking directly at the disk read/write overhead caused by the encryption process, we have provided some benchmarks to see how the real-world performance is impacted in both gaming and other desktop tasks. One reason most users don't encrypt their private information is that it takes too long. Checkout these benchmarks of encrypting an entire hard disk, you may be surprised.
If you travel across national borders, it's time to customs-proof your laptop. Customs officials have been stepping up electronic searches of laptops at the border, where travelers enjoy little privacy and have no legal grounds to object. Laptops and other electronic devices can be seized without reason, their contents copied, and the hardware returned hours or even weeks later. Now that we're jumped ahead an hour and are seeing less snow (at least here out east), we can start moving about the world again with our trusty laptops - be sure to give a quick once over of the above article! This includes tips / tools for ALL operating systems to ensure you have properly secured your laptop - wireless hacks, encryption techniques, and general security apply.
A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what Web sites a person has visited. The problem concerns how the two browsers handle a ".BMP," or bitmap, image file, according to an advisory written by Gynvael Coldwind of Vexillium.org, who posted a video illustrating the problem. I always find it interesting when two pieces of software together can cause a security vulnerability.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
