SlideShare a Scribd company logo

Is Linux Really Secure

Mackenzie Morgan
Mackenzie Morgan

Mackenzie Morgan gave a presentation titled "Is Linux Secure?" at the 2010 Southeast LinuxFest. The presentation introduced common security terminology related to malware and attacks, discussed threats that still affect Linux systems such as email trojans, untrusted software sources, and browser-based attacks, and provided recommendations for improving security including using trusted software sources, being cautious of launchers from untrusted locations, using browser extensions like NoScript, and following principles of least privilege.

TechnologyNews & Politics
1 of 38
Download to read offline
Is Linux Secure? Mackenzie Morgan Southeast LinuxFest 2010 12 June 2010 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
Introduction Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
Introduction Me Mackenzie Morgan Computer Science student Ubuntu Developer Kubuntu user http://ubuntulinuxtipstricks.blogspot.com ← find slides here Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
Introduction This Talk Linux Zealot: Try Linux! It doesn’t get viruses! Average Person: No viruses? I’m invincible! Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
Vocabulary Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
Vocabulary Malware Malware (or “badware”) is an umbrella term for viruses, trojans, worms, rootkits, etc. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
Vocabulary Virus Viruses infect individual files. They spread when people share those files. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 7 / 35
Vocabulary Social Engineering Social Engineering is tricking people into doing something that is bad for security. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 8 / 35
Vocabulary Trojan Trojans are malware that get installed via social engineering. . . or, well, lying. “I’m a fun game and totally safe! but not really, I’m actually going to steal your passwords. . . ” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
Vocabulary Worm A worm infects other systems, automatically, usually over a network. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Yes, I’m from Pittsburgh. How’d you guess? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
Vocabulary Rootkit A rootkit keeps the activities of an unauthorised user hidden so that you can’t tell your system has been owned. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
Vocabulary Keylogger A keylogger tracks everything you type. Yes, including passwords. It could be hardware (see ThinkGeek), but usually software. There are legitimate(-ish) uses. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
Vocabulary Browser-based Attack A browser-based attack is any attack that takes place inside the web browser. They are usually not limited to a specific OS. Examples: Cross-site Scripting (XSS) – using Javascript on one webpage to steal data from another Tracking cookies – harvests the information stored in your browser by other websites Cookie jacking – stealing credentials for other websites from your browser’s cookies Click jacking – hiding clickable objects on a webpage on top of other objects so that you’re not clicking what you think you’re clicking Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
Vocabulary Phishing Phishing is social engineering aimed at making you believe you are interacting with someone else whom you trust Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
What can still hurt me? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
What can still hurt me? What’s still a problem? All of those Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
What can still hurt me? But what about no viruses? Windows ones usually won’t run, even in Wine Several hundred for Linux Only ∼30 in the wild ever No known viruses exploiting current vulnerabilities Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
What can still hurt me? Email Trojans “Check out this cool new game! http://example.com/foo.desktop” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
What can still hurt me? Untrusted Software .deb for “screensaver” on gnome-look.org Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
What can still hurt me? Untrusted Software .deb for “screensaver” on gnome-look.org . . . and now you’re on a botnet http://ubuntuforums.org/showthread.php?t=1349678 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
What can still hurt me? Browser-based attacks Unless only for Internet Explorer Firefox? Opera? Chrome? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
What can still hurt me? Phishing There’s no patch for gullibility Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
What can still hurt me? Rootkits If any of the previous work, you can get one Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
What protection is there? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
What protection is there? Trusted software sources Stick to your distro’s repos Otherwise, source directly from upstream Avoid non-software in .deb or .rpm format Heed your package manager’s warnings Grrr @ Arch Linux Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
What protection is there? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
What protection is there? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Could be anything Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
What protection is there? Launchers in KDE Kubuntu’s & openSUSE’s KDE: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
What protection is there? Launchers in GNOME Fedora’s & openSUSE’s GNOME: Ubuntu’s GNOME: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
What protection is there? Browser - Javascript If you use Firefox, get NoScript extension Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
What protection is there? Browser - Encryption Don’t send passwords unencrypted Look for the lock Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
What protection is there? Browser - Phishing How do you know it’s the site it claims to be? Look at everything before the first slash Check out this green thing Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
What protection is there? Minimal privileges Don’t login graphically as root! Why? Malware gets full access Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
What protection is there? Don’t need it? Don’t use it! Don’t login remotely with command line or push files to it? Uninstall your SSH and S/FTP servers Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
What protection is there? Detecting problems Find rootkits: rkhunter chkrootkit Warn of changes: tripwire You probably don’t need these Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
What protection is there? Questions? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35

Recommended

Linux Security Myth
Linux Security MythLinux Security Myth
Linux Security MythMackenzie Morgan
 
Data privacy voor marketeers kluwer
Data privacy voor marketeers kluwerData privacy voor marketeers kluwer
Data privacy voor marketeers kluwerBart Van Den Brande
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Philip Polstra
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Source Conference
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010Felipe Prado
 

Recommended

Linux Security Myth
Linux Security MythLinux Security Myth
Linux Security MythMackenzie Morgan
 
Data privacy voor marketeers kluwer
Data privacy voor marketeers kluwerData privacy voor marketeers kluwer
Data privacy voor marketeers kluwerBart Van Den Brande
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Philip Polstra
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Source Conference
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010Felipe Prado
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)Martin Děcký
 
Day1 ubuntu boot camp
Day1 ubuntu boot campDay1 ubuntu boot camp
Day1 ubuntu boot campDarlene Parker
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux MalwareMichael Boelen
 
BCI Linux Distribution - Project Proposal by Umair Iftikhar
BCI Linux Distribution - Project Proposal by Umair IftikharBCI Linux Distribution - Project Proposal by Umair Iftikhar
BCI Linux Distribution - Project Proposal by Umair IftikharUmair Iftikhar
 
BPotter-L1-05
BPotter-L1-05BPotter-L1-05
BPotter-L1-05webuploader
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

More Related Content

Similar to Is Linux Really Secure

Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)Martin Děcký
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux MalwareMichael Boelen
 
BCI Linux Distribution - Project Proposal by Umair Iftikhar
BCI Linux Distribution - Project Proposal by Umair IftikharBCI Linux Distribution - Project Proposal by Umair Iftikhar
BCI Linux Distribution - Project Proposal by Umair IftikharUmair Iftikhar
 

Similar to Is Linux Really Secure (6)

Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
 
Day1 ubuntu boot camp
Day1 ubuntu boot campDay1 ubuntu boot camp
Day1 ubuntu boot camp
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux Malware
 
BCI Linux Distribution - Project Proposal by Umair Iftikhar
BCI Linux Distribution - Project Proposal by Umair IftikharBCI Linux Distribution - Project Proposal by Umair Iftikhar
BCI Linux Distribution - Project Proposal by Umair Iftikhar
 
BPotter-L1-05
BPotter-L1-05BPotter-L1-05
BPotter-L1-05
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Is Linux Really Secure

  • 1. Is Linux Secure? Mackenzie Morgan Southeast LinuxFest 2010 12 June 2010 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
  • 2. Introduction Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
  • 3. Introduction Me Mackenzie Morgan Computer Science student Ubuntu Developer Kubuntu user http://ubuntulinuxtipstricks.blogspot.com ← find slides here Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
  • 4. Introduction This Talk Linux Zealot: Try Linux! It doesn’t get viruses! Average Person: No viruses? I’m invincible! Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
  • 5. Vocabulary Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
  • 6. Vocabulary Malware Malware (or “badware”) is an umbrella term for viruses, trojans, worms, rootkits, etc. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
  • 7. Vocabulary Virus Viruses infect individual files. They spread when people share those files. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 7 / 35
  • 8. Vocabulary Social Engineering Social Engineering is tricking people into doing something that is bad for security. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 8 / 35
  • 9. Vocabulary Trojan Trojans are malware that get installed via social engineering. . . or, well, lying. “I’m a fun game and totally safe! but not really, I’m actually going to steal your passwords. . . ” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
  • 10. Vocabulary Worm A worm infects other systems, automatically, usually over a network. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
  • 11. Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
  • 12. Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Yes, I’m from Pittsburgh. How’d you guess? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
  • 13. Vocabulary Rootkit A rootkit keeps the activities of an unauthorised user hidden so that you can’t tell your system has been owned. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
  • 14. Vocabulary Keylogger A keylogger tracks everything you type. Yes, including passwords. It could be hardware (see ThinkGeek), but usually software. There are legitimate(-ish) uses. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
  • 15. Vocabulary Browser-based Attack A browser-based attack is any attack that takes place inside the web browser. They are usually not limited to a specific OS. Examples: Cross-site Scripting (XSS) – using Javascript on one webpage to steal data from another Tracking cookies – harvests the information stored in your browser by other websites Cookie jacking – stealing credentials for other websites from your browser’s cookies Click jacking – hiding clickable objects on a webpage on top of other objects so that you’re not clicking what you think you’re clicking Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
  • 16. Vocabulary Phishing Phishing is social engineering aimed at making you believe you are interacting with someone else whom you trust Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
  • 17. What can still hurt me? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
  • 18. What can still hurt me? What’s still a problem? All of those Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
  • 19. What can still hurt me? But what about no viruses? Windows ones usually won’t run, even in Wine Several hundred for Linux Only ∼30 in the wild ever No known viruses exploiting current vulnerabilities Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
  • 20. What can still hurt me? Email Trojans “Check out this cool new game! http://example.com/foo.desktop” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
  • 21. What can still hurt me? Untrusted Software .deb for “screensaver” on gnome-look.org Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
  • 22. What can still hurt me? Untrusted Software .deb for “screensaver” on gnome-look.org . . . and now you’re on a botnet http://ubuntuforums.org/showthread.php?t=1349678 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
  • 23. What can still hurt me? Browser-based attacks Unless only for Internet Explorer Firefox? Opera? Chrome? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
  • 24. What can still hurt me? Phishing There’s no patch for gullibility Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
  • 25. What can still hurt me? Rootkits If any of the previous work, you can get one Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
  • 26. What protection is there? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
  • 27. What protection is there? Trusted software sources Stick to your distro’s repos Otherwise, source directly from upstream Avoid non-software in .deb or .rpm format Heed your package manager’s warnings Grrr @ Arch Linux Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
  • 28. What protection is there? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
  • 29. What protection is there? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Could be anything Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
  • 30. What protection is there? Launchers in KDE Kubuntu’s & openSUSE’s KDE: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
  • 31. What protection is there? Launchers in GNOME Fedora’s & openSUSE’s GNOME: Ubuntu’s GNOME: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
  • 32. What protection is there? Browser - Javascript If you use Firefox, get NoScript extension Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
  • 33. What protection is there? Browser - Encryption Don’t send passwords unencrypted Look for the lock Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
  • 34. What protection is there? Browser - Phishing How do you know it’s the site it claims to be? Look at everything before the first slash Check out this green thing Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
  • 35. What protection is there? Minimal privileges Don’t login graphically as root! Why? Malware gets full access Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
  • 36. What protection is there? Don’t need it? Don’t use it! Don’t login remotely with command line or push files to it? Uninstall your SSH and S/FTP servers Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
  • 37. What protection is there? Detecting problems Find rootkits: rkhunter chkrootkit Warn of changes: tripwire You probably don’t need these Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
  • 38. What protection is there? Questions? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35