|
|
The number of articles lately concerning the overwhelming amount of Linux distributions available is quite interesting; why now? Perhaps because Linux on the desktop is becoming a little more mainstream. Or perhaps because of the miriad number of embedded devices that use Linux ( think home automation, signage boards, NAS storage, netbooks, phones, radios, media players, industrial devices, etc. ) and that are more visible. Whatever the reason, I think it’s always been a positive thing, with the competitive nature of open source driving improvement and maturation. And open source does not need proprietary offerings as competition ( as another journalist has recently inferred ). FOSS in itself is its own competition.
Just because there are numerous distros available ( distrowatch.com keeps track of the Top100 ) doesn’t mean Joe Blogs needs to become a guru on all or most of these. Many are specialist distros catering for recovery, security, audio, media or other areas and for the most part, one can keep your eye on the top 20 for something to use within mainstream server or desktop areas.
For desktop use, Ubuntu, Mandrake, Mint, Fedora, Puppy and openSuse come to mind. On the server side Centos, RedHat, SLES, Debian and Slackware are the main choices. For Business server use ( ala Windows Server SBS ) you can look at ebox and ClearOS.
So overall, that is not an overwhelming set of choices – just enough to give you something you are comfortable with. Read reviews on each, do a test run in a virtual machine ( care of VirtualBox ) and make the switch.
Here follows a quick matrix showing the main distros in each area.
| Desktop |
Ubuntu, Mandriva, Mint, Fedora, Puppy, openSuse |
| Server |
Red Hat Enterprise, Centos, SLES, Debian, Slackware, Scientific |
| SBS |
ebox, ClearOS |
| Security |
Backtrack, Nexenta, |
| Recovery |
Knoppix, SystemRescueCD, CloneZilla, |
| AV |
Mythbuntu, 64Studio , Musix |
| Storage |
FreeNAS, OpenFiler |
Only a day after the last patch was released for IE that fixed problems relating to the Google ( and other ) attacks from December, a number of new vulnerabilities have been found in IE ( no version details yet ) which when combined, can lead to remote execution on a Windows PC. Core Security Technologies in the US outlined how this set of vulnerabilities can be strung together to form the exploit ( however on their own these problems do not appear to constitute an exploit ). Microsoft is determining the level of exposure so as to work out when to release a fix.
Any Windows users still making use of Internet Explorer, should make sure they have Automatic Updates switched on as well as upgrade to IE 8. A better solutions is to use an alternate browser. While other browsers are not certainly not immune to security issues, experience shows that they are an order less prone to attacks, have security fixes released quicker than Microsoft and due to the fact that they are not entangled in the OS ( like IE is ), the attack surface is far lower than IE.
We take a lot of what happens on the Internet for granted but the numbers that make up the Internet are staggering to say the least. Here’s a small subset from 2009 of what goes on out there:
247 billion emails per day
81% of email is spam ( that’s 200 billion per day )
1.73 billion Internet users worldwide
27.3 million Twitter tweets per day
350 million people on Facebook
2.5 billion photos uploaded to Facebook each month
1 billion videos served by YouTube per day
148,000 new zombie computers created per day ( the bulk of these are Windows PCs )
For some more staggering numbers, take a look at pingdom’s article.
The first widespread attack to leverage a recently patched flaw in Microsoft’s Internet Explorer browser has surfaced. Starting late Wednesday, researchers began spotting dozens of Web sites that contain the Internet Explorer attack, which works reliably on the IE 6 browser, running on Windows XP. The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec. Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a U.S.-based, free e-mail service.
On Thursday, Websense published some sample e-mails used in targeted attacks that exploit the IE bug. A typical subject line is “Helping You Serve Your Customers.” The e-mail reads, “I just heard the news: Helping you serve your customers” and includes a link to the malicious Web site.
The Mozilla Foundation is releasing the latest and greatest version of its Web browser, Firefox 3.6.
I sometimes feel as if I’m picking on Microsoft for its crappy security ( there’s always some new hole to talk about ) but then I sit back and realise that their products really do have poor security and I don’t need to feel ashamed for reporting on it. For example, a Google engineer recently found a hole in Windows that has been carried forward since Windows NT.
Tavis Ormandy found that way back in 1993 in Windows NT that Windows included a ‘feature’ to support BIOS service routines in legacy Windows 16bit applications. Think about that for a moment: this ‘feature’ was put in to support software that was already out of date in 1993. Guess what? It’s been in every version of Windows since then up to, and including, Windows 7. Honestly, is there anyone on Earth who’s running Windows 3.1 applications on Windows 7? Or, Vista? Or, XP… you get the idea. Be that as it may, the code’s still in there. An attacker can trigger the vulnerability through a variety of means. The end-result is, surprise, another Windows machine that’s totally owned by the attacker. Once in charge, they can vacuum down your files, install malware, and all the other usual tricks.
And it’s probably not a known issue by Microsoft because their platform is so patched and hacked at this point that they would agree that even they are not sure of what’s actually in there!
A simple remedy ( sorry it’s a registry hack ) is to switch off the MSDOS ( CMDLINE ) and WOWEXEC ( WOWCMDLINE ) services and you should be fine.
Microsoft on Thursday issued a cumulative critical patch for Internet Explorer that fixes eight vulnerabilities, including a hole targeted in the China-based attacks on Google and other U.S. companies.
The security update is rated critical for all supported releases of IE 5, 6, 7, and 8, according to the advisory. The more severe vulnerabilities could allow remote code execution if a user views a malicious Web page using IE, it said.
What’s more interesting though is that Microsoft has known about the issue relating specifically to the Google attacks a week ago, since September last year – so that is 4 months with no action on an issue which has been a factor in attacks on 30+ large corporates. This from a company that touts it’s security awareness – I’m glad I don’t have to deal with any of this crap every day.
IE6 ( the only version supposedly targeted with exploit code at the moment ) still has the highest market sure of all IE versions – this is obviously a big security issue and perhaps Microsoft is a victim of its own success here as it deviated away from internet standards with early IE versions leading web developers to select a single platform to code for; in this case IE was easier seeing as it held greater market share due to being bundled with the OS.
Websense reported on its blog that targeted attacks like those that hit Google and using the IE hole appear to have started during the week of December 20 and are ongoing to government, defence, energy and sectors, and other organizations in the U.S. and the United Kingdom. Victims are receiving targeted e-mails with malware that appears to be a data-stealing Trojan, according to Websense.
Moral of the story? Use an alternate browser, a complete platform or at least make sure you are patched to the hilt. You’ve got no excuse seeing as Firefox 3.6 has just been released and there are other good browsers out there.
It seems it wasn’t only the Germans who thought it necessary to suggest the use of a browser alternative to IE – the French Certa agency ( which looks after cyber threats in France ) have now weighed in on the matter and suggested the same. And they’ve included all versions of IE in this statement.
Even Microsoft themselves are telling users not to browse with IE 6 and upgrade to IE 7 or 8 – the problem is these 2 versions have the same vulnerability as IE 6; and even though there is no exploit code for the later versions, it’s only a matter of time. There are a number of workarounds to prevent issues but it requires setting security in the browser to ‘high’ which basically cripples the browser to such an extent that you’ll be unlikely to browse anything on the internet in a normal proper fashion.
In addition, Microsoft’s inclusion of XP Mode in Windows 7 is just propagating the legacy platform and all it’s faults. It’s time for Microsoft to either step up and secure their apps or drop compatibility – because it’s killing the internet! SJVN says: “Windows has been, is now, and always will be insecure . It’s baked into its single-user, stand-alone computer design that was never designed to handle a networked universe with attackers always one network connection away.”
As if Microsoft hasn’t got it’s hands full enough with security breaches in it’s software aiding the Chinese in attacks on US companies, it has now been implicated in DoS attacks on the Perl CPAN testers’ system of sites, databases and mirrors. The problem appears to be that Microsoft’s bots do not adhere to the robots.txt files on servers which indicated what can ( and can’t ) be scanned. I can attest to these issues as my own stats indicate very heavy bot activity from Microsoft compared to Google and other companies.
A drama of world-wide proportions ( that wouldn’t out of place in a Hollywood blockbuster ) has been playing out over the last week concerning Google’s operations in China. It all started with denial of service attacks against Google’s Gmail service in late December last year ( and attacks against about about 30 other US companies ). VeriSign’s iDefense security lab published a report with technical details about the recent cyberattack which iDefense unambiguously says originated from China.
iDefense says malicious PDFs were crafted to deploy the malware that was used in the attack. Adobe disputed that claim and issued a statement saying that they have found no evidence that their technology was used as an attack vector. This is supported by independent research conducted by security firm McAfee, which has found evidence that a vulnerability in Internet Explorer—but not Acrobat Reader—was exploited in the attack. iDefense later retracted its claim about PDFs, but stands behind the rest of its report.
In a stunning move on last Thursday, Microsoft officials acknowledged that the widely publicized attacks on Google and perhaps another 20 or more corporations were helped by a previously unknown zero-day vulnerability in most versions of its popular browser. Affected systems include IE 6, 7, and 8 running on Windows 2000 SP4 through XP, Windows Server, Vista, and Windows 7. It also includes both 32 and 64-bit releases of those operating systems.
The United States said on Friday that it will issue a formal diplomatic note to China expressing concern about cyber attacks that hit Google and dozens of other companies, and that researchers say originated in that country. The attack on Google targeted its intellectual property and the Gmail accounts of human rights activists protesting Chinese policies which have always been questionable from a humanitarian and political point of view.
Google have, as a result of the issues of operating in China, indicated the possibility of ceasing their operations in that country. Considering that they do not derive a large proportion of income in China, this will not necessarily hurt them however it will be a big blow against personal rights, and freedom of speech.
In an unprecedented move, the German government has warned against using Internet Explorer. The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google’s systems.
A(nother) vulnerability in Acrobat Reader 9.2 has forced Adobe to fix it with an update to 9.3. This problem has been assigned CVE-2009-4324 and there are exploits out in the wild. So upgrade asap.
Y2K was an interesting time with the prophets of doom out in full force. And yes while there were some issues, it wasn’t quite the end of the world as we knew it. 2010 however came up on us very quietly from a date problem p.o.v. but there have been some fairly major issues worldwide and not much has been heard about it.
There have been problems with Cisco CSM modules, Juniper’s router OS and Symantec’s End Point Protection.
Germany likely experienced the greatest date-related problem because software in a security microchip used in 30 million German bank cards was unable to recognize the date 2010. Hmmm, I wouldn’t be happy if I couldn’t use my bank card …
In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales.
Palm resolved a 2010 issue Jan. 1 when many of its users reported that their Palm Pre phones wouldn’t sync and their calendar applications wouldn’t work at all. Palm issued an OS version 1.3.5.1 that fixes the problem.
Another wide ranging problem was a bug in one of the rules of the ubiquitous anti-spam solution SpamAssassin. A fix was quickly forthcoming and for those using sa_update, this would have been applied automatically. However, the daemon still needed to be restarted.
Also of concern to businesses, SAP found a 2010 issue with the date that is used to help identify individual spool requests. Left unpatched, SAP software enters the data 2100, which effectively leaves active all requests made since 2010 started.
|
