Laser Blog

Articles tagged "security"

113 The Tech Lab: Bruce Schneier

Saturday 21st March, 2009

A cautionary viewpoint concerning the unintended consequences of the current Information Age from Bruce Schneier. I think it's worth reading.

Data is the pollution of the information age. It's a natural by-product of every computer-mediated interaction. It stays around forever, unless it's disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after-effects are toxic.
Cardinal Richelieu famously said: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all your words and actions can be saved for later examination, different rules have to apply.


105 Safari imposition

Thursday 27th March, 2008

There's been a little flurry of news regarding Apple's "Safari" web browser.

The first thing which caught my attention recently was Apple's bundling of Safari by default into iTunes and Quicktime updates on Windows PCs. So unless you're on the ball (but aren't all Internet users on the ball?) and deselect the "Safari" checkbox, you get Safari downloaded and installed on your Windows PC. Well of course you wanted it!

In this update, Apple claims that "Safari for Windows is the fastest and easiest-to-use web browser for the PC", a claim which is countered by many sources. I guess these things are perceptual to some people, rather than quantitative!

This has now been followed up with a fascinating paradox in the EULA which comes with Safari for Windows, which states that you are permitted to install said software (unwittingly downloaded or not) onto no more than "a single Apple-labeled computer at a time." Which means that if you're installing Safari for Windows (which you may have been tricked into downloading and installing in the first place) onto a Windows PC, you're violating the terms of the license.

Added March 28, 2008

Slashdot has a couple of articles related to this, one discussing the points above as well mentioning that Safari seems to be suffering some security vulnerabilities. The second article follows up on the vulnerability theme; at the CanSecWest hacking contest, a MacBook Air was compromised within two minutes due to a Safari-based vulnerability.


102 Linux security tips from the pros

Sunday 27th January, 2008

I'm always interested in security tips for Linux. This article is short and sweet and contains brief snippets of advice from the likes of Ted Ts'o, Andrew Morton, Linus Torvalds, and Fyodor (yes, he of Nmap fame) on how they secure their Linux desktops and networks.


101 Bruce Schneier interview at 2008

Wednesday 9th January, 2008

Bruce Schneier is a security advisor for whom I have a lot of respect. He is one of the keynote speakers at 2008, and he is being interviewed here prior to that event.

When this guy speaks, if you're interested in security, then it's well worth listening. You don't have to be technically minded. What's important is if you can be open to Bruce Schneier's mindset, it will change the way you think about security. He just comes at it from a completely different angle.

One other site of interest for the security-conscious is Bruce Schneier's blog, Schneier on Security.


100 Malicious commands

Wednesday 28th November, 2007

There's an alarming post on the Ubuntu forums warning of a recent trend whereby new Ubuntu Linux users are being tricked into running dangerous commands which will delete home directories, or overwrite the system disk, or the like.

One of the great strengths of Linux in particular and Open Source software in general has been the approachability and helpfulness of the community, and it seems some dweebs think its funny to exploit this openness and trick a new user to trash their system.

It's made me think. A significant part (**) of the security of a system lies in the users. Linux and Unix have always been professional operating systems, written by professionals, for use by professionals. When you use the command line to ask a *nix system to do something, the assumption is that you know what you're doing. That system won't ask you if you're sure you want to do what you've typed. It'll just do it. I don't think that should change. For me it's part of the attraction.

I've only used Ubuntu once. I was impressed, but not that much that I would leave the distro I currently use :) . It seemed to me that the Ubuntu people have made it possible to do pretty much anything you might want to do using the GUI, and this is the attraction that has brought in many (welcome!) newcomers to Linux. However the command line is far more powerful and flexible than any GUI, and as people slowly come to realise this and naturally start experimenting, I feel more issues of a similar nature may arise.

If you want your PC (running Linux or Windows) to remain safe and secure, you need to have a particular mindset. "Wary" probably describes it. "Keeping it simple" and experience definitely helps.

(** This is not to say that all systems are equal. Not by a long shot.)