Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Please don’t make me choose a username

    I hate username fields in registration forms. The usernames I want are, of course, already taken. Many services won’t let you change your username later, so you might get stuck with it. Who wants to settle for a name they don’t like? Just please don’t make me choose a username.

    Personal identity is hard. It molds and changes over time. Online identity is harder, but can often be more permanent. Many services won’t let you change your username without deleting the account and making another one. You’ll lose all your data with the service in the process. (Assuming you’re allowed to delete your account and set your email address free.)

    Many services make do with just your email address. Your email address isn’t truly yours, but just a rented identity. However, everyone still needs a unique name for services where you interact with other members.

  • Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux

    CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

    CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.

    The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

    It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades - they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.

  • Many Computer Users Never Run Updates

    A large percentage of computer users never update their operating systems. This is true of desktop Linux users as well, which may be surprising to some since Linux users are supposed to be a bit more tech-savvy than Windows and Mac users. R

  • Linux Mint users are surprisingly irresponsible regarding updates

    Linux users are more knowledgeable regarding computer maintenance than Windows users, right? Maybe. That is certainty up for debate. With that said, Linux user may not be very responsible computer users. Well, Linux Mint users, at least.

    You see, in a stunning development, it turns out Linux Mint users are often very behind in installing both operating system and application updates. In other words, Linux Mint users are often running outdated software, which could be no longer supported, or even worse, it could contain exploitable vulnerabilities. For example, a surprisingly high number of these users are running Linux Mint 17.x, which is unsupported since 2019!

Linux Mint want to remind you to run updates

  • Linux Mint want to remind you to run updates

    In a fresh blog post, Linux Mint's leader Clem Lefebvre has written about some statistics on people running out of date software and warned people to ensure they're running updates.

    While Linux users often claim they know what they're doing, they're smarter than Windows users and more (I've seen a lot of claims over the years…) plenty still seem to delay or just not run updates it seems. When you hear about new security problems all the time, it's never been more important to stay up to date. Especially your web browser, the last thing you want is to have that and your entire online life compromised!

    In the post Lefebvre mentions that only around 30% of users updated their web browser in less than a week, although perhaps much more alarming is that between "5% and 30% of users run Linux Mint 17.x" which has not seen security updates for two years since it reached EOL (end of life).

Microsoft boosters cover this

A Tale of Two Updates

  • A Tale of Two Updates

    Helping your users stay up to date on their workstation is something I believe OS vendors should endeavour to do, to the best of their ability. Some users aren’t able to find time to install updates, or are irritated by update dialogs. Others are skeptical of their contents, some even block updates completely.
    No OS vendor wants to be “That Guy” featuring in the news as millions of their customers are found to be vulnerable on their watch. Equally, respecting the user, given it’s their computing device, is vital too. It’s a difficult balance to strike. Somewhere in between “That Linux distro which nags me constantly to do updates” and “That distro which is outdated and insecure” erring towards the former, is probably the sweet spot.
    So when I read today in typical El Reg fashion that “Linux Mint users in hot water for being slow with security updates, running old versions” I was reminded of an issue we had in Ubuntu a few years back. I’m going to muddy things a little to save engineer embarrassment, but you’ll get the gist.
    First though, a small backstory.

  • Linux Mint users in hot water for being slow with security updates, running old versions [Ed: By Microsoft Tim]

    Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.

    Lefebvre used Firefox as an example. Mozilla's browser is frequently updated and has fixes for security vulnerabilities described by the firm as critical, which it defined as "can be used to run attacker code and install software, requiring no user interaction beyond normal browsing." The latest such update is dated 5 February 2021 (though it is a Windows-only problem).

Apply Security Updates Now

  • Apply Security Updates Now

    Nonetheless, many users fail to apply updates or perform upgrades in a timely fashion. For example, he notes that between 5% and 30% of users run Linux Mint 17.x, which no longer receives security updates. “If you are still using Linux Mint 17.x you need to back up your data and reinstall a modern version ASAP,” he says.

    The blog post provides simple steps for finding out which version of Linux Mint you’re running and applying all necessary updates to your machine.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

GNOME’s Very Own “GNOME OS” is Not a Linux Distro for Everyone [Review]

Whenever a major release for GNOME arrives, it is always tempting to try it out as soon as possible. But, to get your hands on it first to test it, you had to mostly rely on Fedora Rawhide (development branch). However, a development branch isn’t always hassle-free. So, it wasn’t the most convenient solution to try the latest GNOME. Now, by testing, I don’t mean just for users but also being able to test design changes for the developers as well. Read more

GNOME’s Very Own “GNOME OS” is Not a Linux Distro for Everyone

Few people know that GNOME has its very own Linux distribution aptly named GNOME OS. Curious? Here’s an overview of this distribution. Read more

Android Leftovers

Top 14 Terminal Emulators for Linux (With Extra Features or Amazing Looks)

By default, all Linux distributions already come pre-installed with a terminal application or terminal emulator (correct technical term). Of course, depending on the desktop environment, it will look and feel different. Here’s the thing about Linux. You are not restricted to what your distribution provides. You can opt for an alternative application of your choice. Terminal is no different. There are several impressive terminal emulators that offer unique features for a better user experience or for better looks. Here, I will be compiling a list of such interesting terminal applications that you can try on your Linux distribution. Read more