Aggregator

February 2019, #295: The Security Issue

2 weeks 2 days ago
by Bryan Lunduke

On January 13th, 2018—at 8:07 am—an emergency alert was issued in Hawaii. The message, in its entirety: "BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL."

Although this message—which showed up on smart phones across the state—was, indeed, not a drill...it also was not a real threat. There was no missile hurtling through the atmosphere towards Hawaii. It turns out someone had simply clicked the wrong option from a very poorly designed user interface and sent out a fake (but very real-looking) emergency alert.

This is officially known as a "whoopsie daisy".

As the story spread around the globe, obviously all the news reports were going to need a picture to run along with it. As luck would have it, the Associated Press had published a picture taken inside the Hawaii Emergency Management Agency—showing computer workstations where they watch for such possible threats. This picture was spread far and wide.

On that picture, people noticed something. Something amusing. Something, for many of us, relatable.

On one of the monitors was a sticky note. With the password written on it.

(There were actually two sticky notes on the monitors in the picture. The second sticky note contained the message "SIGN OUT". Because, you know, security is important.)

While the accidental, non-real emergency alert was not caused by any sort of security breach (sticky-note-based or otherwise), this picture served as a great reminder to the entire world that we probably shouldn't write down our passwords on sticky notes. Not even a government agency tasked with Emergency Management is immune to this sort of weak security.

It reminds me of a scene from the Mel Brooks' film Spaceballs. In the film, an advanced security barrier had been constructed around a planet. The dastardly space-villains forced the king of the planet to give up the code that would open that barrier. That code? 12345. Upon learning of the code, one of the characters was shocked. "Remind me to change the code on my luggage."

Any of this sound familiar? Perhaps it's time to get rid of the sticky notes—and the passwords that are no more complex than "password123"—and get yourself a good password manager.

In this issue, Shawn Powers provides a good "Password Manager Roundup", laying out the pros and cons of various options.

Then, while you're in a security frame of mind, familiarize yourself with a good set of guidelines (based on the Linux Foundation's Security Checklist) for how to keep your system secure with Mike McCallister's "Everyday Security Tips".

Following these suggestions will make you far more secure than that Emergency Agency in Hawaii or that planet in Spaceballs, but what if you want to take things a step further? What if you want to dive into the world of encryption and hardware security keys?

Go to Full Article
Bryan Lunduke

Qt 5.12.1 Is Now Available, Tor Browser 8.0.5 and Tails 3.12 Both Released with Important Security Fixes, Virt2real Launches StereoPi and Chrome Update for Android

2 weeks 2 days ago

News briefs for February 1, 2019.

Qt 5.12.1 was released today, marking the first patch release of the Qt 5.12 LTS series. It contains nearly 300 bug fixes and other improvements. See the Change Files for all the changes. Use the online installer's maintenance tool to make the update, or for new installations, download the latest installer from the Qt Account Portal or the qt.io Download page.

Tor Browser 8.0.5 was released this week. This release includes important security updates to Firefox and also updates Tor to the first stable release in the 0.3.5 series. NoScript and HTTPS Everywhere also were updated to their latest versions. You can view the full changelog here and download from here.

Tails 3.12 was released this week. The release fixes many security vulnerabilities, but the biggest change is to the installation method: "In short, instead of downloading an ISO image (a format originally designed for CDs), you now download Tails as a USB image: an image of the data as it needs to be written to the USB stick." This release also updates Linux to 4.19, the Tor Browser to 8.0.5 and Thunderbird to 60.4.0.

Virt2real has launched a Crowd Supply campaign for its $89 "StereoPi" stereoscopic camera board designed to work with the RPi Compute Module and dual RPi cameras. According to Linux Gizmos, the StereoPi is open-spec and "supports spatial awareness, 3D depth maps, and 3D video livestreaming". In addition, "The StereoPi can capture, save, livestream, and process real-time stereoscopic video and images for robotics, AR/VR, computer vision, drone instrumentation, and panoramic video".

The Chrome team announced an update for Android this week. Chrome 72 (72.0.3626.76) is now available on Google Play, and the release includes several stability and performance improvements. In addition, Softpedia News reports that "To tackle various security and privacy issues that users have reported since previous updates, Google decided to update the built-in Incognito Mode of the Chrome web browser by making the media player controls and notifications incognito as well, which means that they're now invisible to the naked eye." See the Git log for all the changes.

News qt Tor Tails Raspberry Pi Chrome Privacy
Jill Franklin

Endless OS Functionality Controls Simplify Computing

2 weeks 2 days ago
Endless OS is an unusual Linux distro in that its user interface is more like an Android smartphone or tablet than a Linux desktop computer platform. Version 3.5.4, released on Jan. 17, brings parental controls and other refinements that make this distro a cool alternative to the Chromebook for home, educational and community use. Endless OS goes a long way to eliminating the Linux learning curve.
Jack M. Germain