What happens when pirates play a game development simulator and then go bankrupt because of piracy?
I really enjoyed reading this article and am passing it along for your enjoyment:
Greater Security with Two Step Authentication
We know your blog is important to you, and today we're proud to announce Two Step Authentication: an optional new feature to help you keep your WordPress.com account secure. For those of you who use Two Step Authentication with your Google account, you'll know how useful this feature is for keeping your account secure.
Two Step Authentication works like this: when you log in to your WordPress.com account, we'll prompt you to enter a secret number.
Creating temporary files securely
Creating temporary files is a common use case in virtually every program. Virtually every programming language has a simple and secure way to create temporary files. Sadly many programmers fail to use them, creating security vulnerabilities in their applications. So in alphabetical order here is a list of programming languages and how to create a temporary file securely. If I'm wrong, please let me know.
Encrypting SMS messages and phone calls on Android
Much of our daily lives are contained within our smartphones and computers. Email, text messages, and phone calls all contain bits and pieces of information that, in the wrong hands, could harm our privacy. Unfortunately many people either don’t understand how vulnerable their data is when sent across the Internet (or another commercial circuit) or just don’t care. While I don’t have much to say for the crowd in the latter category (can’t fix stupid) I do try to help people in the prior category understand that any network outside of their control is fair game for pilfering and that basic protections need to be taken to protect themselves. While I’m not going to dig into how data can be intercepted (there are plenty of articles out there on the subject) I would like to talk about how one can use tools to protect their data when using an Android smartphone.
Until recently email was the only easily-encrypted mode of communication. Most people didn’t have the means of encrypting their phone conversations and certainly not their SMS messages (unless you happen to be using a SME-PED, but those things are terrible in other ways). Now, Whisper Systems have released two open source programs that allow you to protect your communications. The first is called “RedPhone”. This program encrypts your phone conversations and allows you to converse securely. The second program is called “TextSecure” and encrypts text messages using authenticated, asymmetrical encryption.
I like the way TextSecure manages keys and allows you to verify the user’s key directly so you can establish trust. RedPhone appears to use the trust in the phone number for authentication. RedPhone also provides encryption opportunities when the distant party also has RedPhone on their device which is a nice feature that I wish TextSecure also provided. Both of these programs are very easy to use and need very little configuration.
TextSecure also provides an encrypted container for all your text messages so that your text messages are secure if the attacker has physical access to the device.
And OpenPGP is still a great option for protecting your email communications but that is a topic for later.
Port scanning /0 using insecure embedded devices
Someone sent me a link to the Port scanning /0 using insecure embedded devices article that was recently published. Describing the Carna Botnet, this project aimed to prove (or disprove) the hypothesis that there were one hundred thousand open systems on the Internet in which to make a botnet. I choose to use the word “open” and not “vulnerable” because we aren’t talking about systems that have some sort of unpatched bug that allows access. This researcher only used unsecure telnet sessions to create his botnet.
Because this was for research, no long lasting effects were created by the deployed software but that isn’t to say that other software couldn’t be introduced in a similar manner as was discovered during the experiment. It is believed that most of these open systems are appliances (printers, network devices, etc) which could yield other interesting developments if the software was malicious. This is a good read with lots of data provided inside the article. A good read for anyone interested in information security.
create-tx-configuration
Last week while publishing a new guide I ran into a problem creating the Transifex client configuration file (.tx/config). The configuration file is generally a hateful file that requires a lot of manual manipulation to add in all the POT files for translation. This file exponentially increases the hatefulness as the number of POT files increase or the complexity of where these POT files increases. In summary, I hate to create these POT files. It seems I always end up screwing it up somehow and the Transifex client isn’t real great about telling you why it failed (it just fails in a non-obvious manner).
I started putting together some bash script to write the thing for me until I realized that the script was going to become unwieldy quite quickly. Luckily I have a boss who doesn’t mind poking me into learning a new trick. This new trick came in the form of Python. Realize that the last formal programming class came in the form of a Java class nearly ten years ago. Since then I try not to touch the stuff. But now I have a purpose… a need… a problem in search of a solution… and an excuse to start to learn Python.
So my creation is called create-tx-configuration. This simple program will read the pot/ directory for .pot files and create the .tx/config file for Transifex to use. While there was a way to have the Transifex client make the config file the process wasn’t easy nor did it work in all cases.
If you have a need to create Transifex config files please checkout create-tx-configuration and, as always, I appreciate feedback.
Fedora Planet
- Paul Mellors: Fedora Wifi - Flashing LED 2013-05-25
- Paul Mellors: Fedora 18 Desktop 2013-05-25
- Mark McLoughlin: April 14th OpenStack Foundation Board Meeting 2013-05-25
- Paul Mellors: Fedora 2013-05-25
- Mathieu Bridon (bochecha): IBus Cangjie in distributions 2013-05-25
- Ankur Sinha "FranciscoD": Reminder: Fedora 20 election nominations and questionnaire close today! 2013-05-25
- Rahul Sundaram: Now GNU/Linux makes sense 2013-05-25
- Germán A. Racca: Tamaño de un repositorio de Fedora | Size of a Fedora repository 2013-05-25
- Søren Sandmann: The Radix Heap 2013-05-25
- Dave Jones: daily log May 24th 2013 2013-05-24
Red Hat Security Blog
- Outside-in Vulnerability Assessment for Secure Software Development 2013-05-22
- Battling open resolvers 2013-05-08
- Anatomy of a Red Hat Security Advisory 2013-04-24
- Detecting security flaws with FindBugs 2013-04-10
- Is chroot a security feature? 2013-03-27
- The Security Benefits of RPM Packaging 2013-03-13
- Enterprise Linux 6.3 to 6.4 risk report 2013-02-27
- Red Hat Secure Development Videos 2013-02-20
- How Red Hat uses CVSSv2 Scoring to assist in rating flaws 2013-02-13
- A minimal security response process 2013-01-30
Sparks' Linux Journal by Eric "Sparks" Christensen is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Permissions beyond the scope of this license may be available at https://sparkslinux.wordpress.com/license/.
