- wlug - list.wlug.org.nz

Secure Your Linux Desktop and SSH Login Using Two Factor Google Authenticator
by Peter Reutemann 01 Oct '14

01 Oct '14

"Two factor authentication is increasingly becoming a strongly recommended way of protecting user accounts in web applications from attackers by requiring a second method of authentication in addition to the standard username and password pair. Although two factor authentication can encompass a wide range of techniques like biometrics or smart cards, the most commonly deployed technique in web applications is the one time password. If you have used applications like Gmail, you are probably familiar with the one time password generated by the Google Authenticator app that's available on iOS or Android devices. The algorithm used for the one time password in the Google Authenticator app is known as the Time-based One-Time Password (TOTP) algorithm. The TOTP algorithm is a standard algorithm approved by the IETF in (RFC 6238) totp-rfc. It is a little known fact that you can use the TOTP algorithm to secure your user accounts in Linux systems. This article will walk you through the steps necessary. While the exact commands will be for Fedora 20, the TOTP algorithm can be deployed to any Linux distro with a little modification." -- source: http://bit.ly/10lMmvM Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

Linux Foundation Announces Major Network Functions Virtualization Project
by Peter Reutemann 30 Sep '14

30 Sep '14

"The Linux Foundation this morning announced the latest addition to its family of major hosted open source initiatives: the Open Platform for NFV Project (OPNFV). Its mission is to develop and maintain a carrier-grade, integrated, open source reference platform for the telecom industry. Importantly, the thirty-eight founding members include not only cloud and service infrastructure vendors, but telecom service providers, developers and end users as well. The announcement of OPNFV highlights three of the most significant trends in IT: virtualization (the NFV part of the name refers to network function virtualization), moving software and services to the cloud, and collaboratively developing complex open source platforms in order to accelerate deployment of new business models while enabling interoperability across a wide range of products and services. The project is also significant for reflecting a growing recognition that open source projects need to incorporate open standards planning into their work programs from the beginning, rather than as an afterthought." -- source: http://linux.slashdot.org/story/14/09/30/1820245 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

Adobe Photoshop Is Coming To Linux, Through Chromebooks
by Peter Reutemann 30 Sep '14

30 Sep '14

"Adobe is bringing the king of all photo editing software, Photoshop, to Linux-based Chrome OS. Chrome OS-powered devices, such as Chromebooks and Chromeboxes, already have a decent line-up of 'applications' that can work offline and eliminate the need of a traditional desktop computer. So far it sounds like great news. The bad news is that the offering is in its beta stage and is available only to the customers of the Creative Cloud Education program residing in the U.S. I have a full subscription of Creative Cloud for Photographers, and LightRoom, but even I can't join the program at the moment." -- source: http://linux.slashdot.org/story/14/09/30/1430240 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

LibreSSL: More Than 30 Days Later
by Peter Reutemann 30 Sep '14

30 Sep '14

"Ted Unangst has posted an update on LibreSSL development. "Joel and I have been working on a replacement API for OpenSSL, appropriately entitled ressl. Reimagined SSL is how I think of it. Our goals are consistency and simplicity. In particular, we answer the question 'What would the user like to do?' and not 'What does the TLS protocol allow the user to do?'. You can make a secure connection to a server. You can host a secure server. You can read and write some data over that connection." -- source: http://www.linux.com/news/software/applications/789692 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

Improved Patch Tackles New Shellshock Bash Bug Attack Vectors
by Peter Reutemann 30 Sep '14

30 Sep '14

"System administrators who spent last week making sure their computers are patched against Shellshock, a critical vulnerability in the Bash Unix command-line interpreter, will have to install a new patch that addresses additional attack vectors." -- source: http://www.linux.com/news/enterprise/systems-management/789720 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

Ubuntu Phones to Arrive By Year's End
by Peter Reutemann 29 Sep '14

29 Sep '14

"Ubuntu Touch for phones is now at manufacturing status, a major milestone for many people who wondered if Ubuntu phones would ever become market realities. Several months ago, rumors swirled that the first Ubuntu phones were delayed and wouldn’t appear until 2015, if at all, but this week news broke that we're likely to see phones by year's end." -- source: http://ostatic.com/blog/ubuntu-phones-to-arrive-by-years-end Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

Hijacking Open Source
by Peter Reutemann 29 Sep '14

29 Sep '14

'Somewhere along the line, we’ve lost the spirit of what open source is supposed to be. Cloud computing, the rise of social networks, and data mining personal information on a massive scale has led to an explosion of interest in server side open source, but personal open source still languishes in comparison. Linux.com is running a story entitled Back to the Source: Why FOSS is More Important Than Ever questioning if freedom is still at the heart of open source, and wondering if this is what winning actually looks like. “Open Source” is more popular than ever, but it’s not because we live in an enlightened age of freedom, it’s because the term has been hijacked. ' -- source: http://ostatic.com/blog/hijacking-open-source Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

Fwd: [NZLUG] ALERT: Remote code-exec in bash (CVE-2014-6271)
by Peter Reutemann 26 Sep '14

26 Sep '14

Typo... ---------- Forwarded message ---------- From: Volker Kuhlmann <hidden(a)paradise.net.nz> Date: Thu, Sep 25, 2014 at 10:23 AM Subject: Re: [NZLUG] ALERT: Remote code-exec in bash (CVE-2014-6271) To: NZ Linux Users Group <nzlug(a)lists.nzoss.org.nz> On Thu 25 Sep 2014 08:33:37 NZST +1200, Clark Mills wrote: > [ from /. thread ] > > This is the test to see if you are vulnerable: > > env x='() {:;}; echo vulnerable' bash -c "echo this is a test" Thanks for that. http://beta.slashdot.org/comments.pl?sid=5750159&cid=47985625 However, your code here seems to have a serious copy/paste/etc error in it: > bash > env x='() {:;}; echo vulnerable' bash -c "echo this is a test" bash: x: line 0: syntax error near unexpected token `{:' bash: x: line 0: `x () {:;}; echo vulnerable' bash: error importing function definition for `x' this is a test > env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test GNU bash, version 4.2.42(1)-release (x86_64-suse-linux-gnu) Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ NZLUG mailing list NZLUG(a)lists.nzoss.org.nz http://lists.nzoss.org.nz/mailman/listinfo/nzlug -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

4 5

First Shellshock Botnet Attacking Akamai, US DoD Networks
by Peter Reutemann 26 Sep '14

26 Sep '14

'The Bash "Shellshock" bug is being used to spread malware to create a botnet, that's active and attacking Akamai and Department of Defense networks. "The 'wopbot' botnet is active and scanning the internet for vulnerable systems, including at the United States Department of Defence, chief executive of Italian security consultancy Tiger Security, Emanuele Gentili, told iTnews. 'We have found a botnet that runs on Linux servers, named “wopbot", that uses the Bash Shellshock bug to auto-infect other servers,' Gentili said."' -- source: http://it.slashdot.org/story/14/09/25/236256 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0

GNOME 3.14 Released
by Peter Reutemann 25 Sep '14

25 Sep '14

"GNOME 3.14 was released today and it includes some interesting changes such as re-worked default theme, multi-touch gestures for both the system and applications, and new animations. Information including details on all the new features, can be found here." -- source: http://tech.slashdot.org/story/14/09/24/2155241 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

1 0