Mackenzie Morgan gave a presentation titled "Is Linux Secure?" at the 2010 Southeast LinuxFest. The presentation introduced common security terminology related to malware and attacks, discussed threats that still affect Linux systems such as email trojans, untrusted software sources, and browser-based attacks, and provided recommendations for improving security including using trusted software sources, being cautious of launchers from untrusted locations, using browser extensions like NoScript, and following principles of least privilege.
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)Martin Děcký
Some developers of both microkernel and monolithic operating systems view the design of their system as absolutely superior to the other design. This black-white thinking and "holy war" attitude, while understandable to a certain degree, makes it hard to to acknowledge that one size does not necessarily fit all. Rather than striving for an unreachable goal of creating the best operating system design for all possible use cases it is vital to understand and reflect the trade-offs of the use cases at hand. This talk focuses on a few features and properties of the current monolithic operating systems that could be an inspiration for the current microkernel operating systems and vice versa. The talk should also initiate a discussion about some "non-goals" of microkernel operating systems that are nevertheless sometimes presented as goals of microkernel operating systems, to the detriment of its own cause.
Ubuntu Boot Camp which Darlene facilitated at Costech (Commission for Science & Technology) in Dar Es Salaam Tanzania. We had a full house of enthusiastic users looking for hands on knowledge of Ubuntu & Open Source
We often hear that viruses do not affect Linux systems. If it was only true... To understand why there is malware in the first place, we look at the reasons for evildoers to create harmful software. When that is clear, we move on by defining several types of malware, to finally focus on a very particular one, the rootkit. A quick course into the cleverness of rootkits follows, with the related challenges it offers for detection. We close the session by giving tips on detection and prevention.
BCI Linux Distribution - Project Proposal by Umair IftikharUmair Iftikhar
Brain Computer Interface Operating System using EEG Device. This is a BCI Operating System Proposal for University. This project developed by the students of the uni.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)Martin Děcký
Some developers of both microkernel and monolithic operating systems view the design of their system as absolutely superior to the other design. This black-white thinking and "holy war" attitude, while understandable to a certain degree, makes it hard to to acknowledge that one size does not necessarily fit all. Rather than striving for an unreachable goal of creating the best operating system design for all possible use cases it is vital to understand and reflect the trade-offs of the use cases at hand. This talk focuses on a few features and properties of the current monolithic operating systems that could be an inspiration for the current microkernel operating systems and vice versa. The talk should also initiate a discussion about some "non-goals" of microkernel operating systems that are nevertheless sometimes presented as goals of microkernel operating systems, to the detriment of its own cause.
Ubuntu Boot Camp which Darlene facilitated at Costech (Commission for Science & Technology) in Dar Es Salaam Tanzania. We had a full house of enthusiastic users looking for hands on knowledge of Ubuntu & Open Source
We often hear that viruses do not affect Linux systems. If it was only true... To understand why there is malware in the first place, we look at the reasons for evildoers to create harmful software. When that is clear, we move on by defining several types of malware, to finally focus on a very particular one, the rootkit. A quick course into the cleverness of rootkits follows, with the related challenges it offers for detection. We close the session by giving tips on detection and prevention.
BCI Linux Distribution - Project Proposal by Umair IftikharUmair Iftikhar
Brain Computer Interface Operating System using EEG Device. This is a BCI Operating System Proposal for University. This project developed by the students of the uni.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Is Linux Secure?
1. Is Linux Secure?
Mackenzie Morgan
Southeast LinuxFest 2010
12 June 2010
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
2. Introduction
Outline
1 Introduction
2 Vocabulary
3 What can still hurt me?
4 What protection is there?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
3. Introduction
Me
Mackenzie Morgan
Computer Science student
Ubuntu Developer
Kubuntu user
http://ubuntulinuxtipstricks.blogspot.com ← find slides here
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
4. Introduction
This Talk
Linux Zealot: Try Linux! It doesn’t get viruses!
Average Person: No viruses? I’m invincible!
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
5. Vocabulary
Outline
1 Introduction
2 Vocabulary
3 What can still hurt me?
4 What protection is there?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
6. Vocabulary
Malware
Malware (or “badware”) is an umbrella term for viruses, trojans, worms,
rootkits, etc.
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
9. Vocabulary
Trojan
Trojans are malware that get installed via social engineering. . . or, well,
lying.
“I’m a fun game and totally safe! but not really, I’m actually going to steal your
passwords. . . ”
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
10. Vocabulary
Worm
A worm infects other systems, automatically, usually over a network.
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
11. Vocabulary
Botnet
A botnet is a group of systems infected by malware which operate as a
collective and are controlled by a erm. . . jagoff.
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
12. Vocabulary
Botnet
A botnet is a group of systems infected by malware which operate as a
collective and are controlled by a erm. . . jagoff.
Yes, I’m from Pittsburgh. How’d you guess?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
13. Vocabulary
Rootkit
A rootkit keeps the activities of an unauthorised user hidden so that you
can’t tell your system has been owned.
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
14. Vocabulary
Keylogger
A keylogger tracks everything you type. Yes, including passwords.
It could be hardware (see ThinkGeek), but usually software. There are
legitimate(-ish) uses.
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
15. Vocabulary
Browser-based Attack
A browser-based attack is any attack that takes place inside the web
browser. They are usually not limited to a specific OS.
Examples:
Cross-site Scripting (XSS) – using Javascript on one webpage to steal
data from another
Tracking cookies – harvests the information stored in your browser by
other websites
Cookie jacking – stealing credentials for other websites from your
browser’s cookies
Click jacking – hiding clickable objects on a webpage on top of other
objects so that you’re not clicking what you think you’re clicking
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
16. Vocabulary
Phishing
Phishing is social engineering aimed at making you believe you are
interacting with someone else whom you trust
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
17. What can still hurt me?
Outline
1 Introduction
2 Vocabulary
3 What can still hurt me?
4 What protection is there?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
18. What can still hurt me?
What’s still a problem?
All of those
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
19. What can still hurt me?
But what about no viruses?
Windows ones usually won’t run, even in Wine
Several hundred for Linux
Only ∼30 in the wild ever
No known viruses exploiting current vulnerabilities
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
20. What can still hurt me?
Email Trojans
“Check out this cool new game! http://example.com/foo.desktop”
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
21. What can still hurt me?
Untrusted Software
.deb for “screensaver” on gnome-look.org
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
22. What can still hurt me?
Untrusted Software
.deb for “screensaver” on gnome-look.org
. . . and now you’re on a botnet
http://ubuntuforums.org/showthread.php?t=1349678
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
23. What can still hurt me?
Browser-based attacks
Unless only for Internet Explorer
Firefox? Opera? Chrome?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
24. What can still hurt me?
Phishing
There’s no patch for gullibility
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
25. What can still hurt me?
Rootkits
If any of the previous work, you can get one
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
26. What protection is there?
Outline
1 Introduction
2 Vocabulary
3 What can still hurt me?
4 What protection is there?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
27. What protection is there?
Trusted software sources
Stick to your distro’s repos
Otherwise, source directly from upstream
Avoid non-software in .deb or .rpm format
Heed your package manager’s warnings
Grrr @ Arch Linux
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
28. What protection is there?
Launchers
You get a .desktop from web/email. . .
Do you know what it’ll run?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
29. What protection is there?
Launchers
You get a .desktop from web/email. . .
Do you know what it’ll run?
Could be anything
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
30. What protection is there?
Launchers in KDE
Kubuntu’s & openSUSE’s KDE:
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
31. What protection is there?
Launchers in GNOME
Fedora’s & openSUSE’s GNOME:
Ubuntu’s GNOME:
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
32. What protection is there?
Browser - Javascript
If you use Firefox, get NoScript extension
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
33. What protection is there?
Browser - Encryption
Don’t send passwords unencrypted
Look for the lock
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
34. What protection is there?
Browser - Phishing
How do you know it’s the site it claims to be?
Look at everything before the first slash
Check out this green thing
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
35. What protection is there?
Minimal privileges
Don’t login graphically as root!
Why?
Malware gets full access
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
36. What protection is there?
Don’t need it? Don’t use it!
Don’t login remotely with command line or push files to it?
Uninstall your SSH and S/FTP servers
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
37. What protection is there?
Detecting problems
Find rootkits:
rkhunter
chkrootkit
Warn of changes:
tripwire
You probably don’t need these
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
38. What protection is there?
Questions?
Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35