Linux exploit gives any user full access in five seconds

If you need another reason to be paranoid about network security, a serious exploit that attacks a nine-year-old Linux kernel flaw is now in the wild. The researcher who found it, Phil Oester, told V3 that the attack is "trivial to execute, never fails and has probably been around for years." Because of its complexity, he was only able to detect it because he had been "capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox," Oester said.

The kernel flaw (CVE-2016-5195) is an 11-year-old bug that Linus Tovalds himself tried to patch once. His work, unfortunately, was undone by another fix several years later, so Oester figures it's been around since 2007. The problem is that the Linux kernel's memory system can break during certain memory operations, according to Red Hat. "An unprivileged local user could use this flaw to gain write access ... and thus increase their privileges on the system."

In other words, it can be used to get root server access, which is a terrible thing for the internet. Though it's primarily an attack for users that already have an account on a server, it could potentially be exploited on a Linux machine that lets you execute a file -- something that's common for online servers.

Read more: Click Here

5 tips to improve your Linux desktop security

1. CHOOSE FULL DISK ENCRYPTION (FDE)

No matter which operating system you are using, we recommend that you encrypt your entire hard disk.

If your laptop is lost or stolen, using a simple login password won’t protect your data: a thief can just boot into Linux from a USB key and read all your data off without a password.

By encrypting your hard drive, you ensure your data remains secure, because the thief won’t be able to read anything without the FDE password.

The advantage of FDE over encrypting just your home folder and the files in it is that you no longer have to worry about temporary files, swap files or other directories where important files might end up without you realising it.

On any fairly recent computer, you’re unlikely to notice, or even to be able to measure, a slowdown in day-to-day use due to encrypting everything.

On Ubuntu and Fedora, as in many other Linux distributions (distros for short), full disk encryption is available right at install time.

You can easily enable it during the installation by selecting Encrypt the new Ubuntu installation for security:

And, of course, remember to pick a proper password!

2. KEEP YOUR SOFTWARE UP-TO-DATE

Again, no matter which operating system you are using, you should always keep both your operating system and your applications, such as web browsers, PDF readers and video players, up to date.

Most Linux distros make this easy.

On Ubuntu, by default, security updates are installed automatically.

You can double-check this at System Settings | Software & Updates | Updates.

Make sure the Important security updates option is turned on:

3. LEARN HOW TO USE LINUX’S FIREWALL

The Linux kernel includes a firewall component called iptables, which gives you a powerful way to manage network traffic and keep out many sorts of cyberattack.

On Ubuntu you will also have an application called Uncomplicated Firewall (UFW), a frontend program that simplifies setting up iptables.

By default UFW is disabled, but you can turn it on from a command prompt by doing:

   $ sudo ufw enable
   Password: 
   
   Firewall is active and enabled on system startup
   $

To learn more about iptables and what it can do, you might also want to try a graphical configuration tool such as GUFW or UFW Frontends.

On Fedora you will find FirewallD, an alternative firewall management toolkit that is enabled by default.

A graphical user interface for FirewallD, called firewall-config, is available; you can install it from a command prompt with:

   $ yum install firewall-config

4. TIGHTEN UP SECURITY IN YOUR BROWSER

The browser is the way in for many current cyberthreats, whether you use Mozilla Firefox, Google Chrome, Opera or another browser.

Many free extensions are available to improve the security of your browser, and your privacy as well. Among others, you may want to consider the following:

• HTTPS-Everywhere
• Adblock Plus
• NoScript
• Ghostery
• Disconnect

5. USE ANTI-VIRUS SOFTWARE

We saved this one until last because it has long been a bone of contention with a vocal minority of Linux faithful.

Some people will tell you that it’s pointless installing an anti-virus software on a Linux-based operating system.

Half of the argument is that most of the malware you will detect on a Linux computer will be for Windows, and why should you be responsible for that?

The obvious answer is, “Why not? What if you pass an infected file onto someone else and thus make yourself part of the problem rather than the solution?”

The other half of the argument is that malware on Linux desktops is rare enough that you might as well pretend it doesn’t exist at all.


source:nakedsecurity.sophos.com

Tired of Windows? Switching to Linux Will Be Easy If You Know This

The process of installing Linux is rather simple. But actually using Linux is a bit different. There are many incentives for migrating from Windows to Linux. For instance, Linux variants often use less RAM or offer a lightweight environment.

Overall, there’s simply more choice. If you’re tired of Windows, switching to Linux will be pretty easy if you know these things.

Windows vs. Linux

Let’s start by looking at the differences in Linux and Windows. Windows has nine main variants with various flavors such as Home and 32- vs. 64-bit iterations. Linux is vastly more complicated. Although the Linux Kernel is the backbone of all Linux distros, the open-source nature means anyone can alter the kernel. Thus, there are loads of varying Linux distros available.

Installing an Operating System

Depending on your hardware, installing Linux is often easier than loading Windows. Linux distros usually feature live boot options to try an operating system before installing. As opposed to Windows, Linux distributions typically come with open-source drivers. This alleviates the need to mess with drivers on a fresh install. However, as is often the case with Linux, you may need to perform some post-install tweaking. After loading Ubuntu on an HP m6 x360, I discovered that the wrong Wi-Fi driver loaded. Blacklisting the improper driver was fairly easy, but did require poking around in forums.

Windows, on the other hand, features a relatively minimal install from a user perspective.

Security

System admins are notorious for adoring Linux. Sysadmins also tend to value security. Therefore it’s no surprise that Linux is pretty heavy on the security front. By default, no Linux user accounts have full administrator (root) access. However, Windows does. So on a Linux system, there’s an extra level of protection because of restricting default users to non-root access.

Sounds great, right? Well, there are certainly situations when these security measures might seem a hassle. Early on in my Linux days, I managed to move a folder with root-only access to my Trash bin. Because this folder was owned by root, I had insufficient privileges to delete it. Eventually I managed to purge it from my Trash, but the process involved launching Nautilus and navigating folders.

Windows lends the user much more control — but as they say, “With great power comes great responsibility.” You can easily delete the wrong file and muck up your entire computer. Additionally, viruses and malware are usually written for Windows. That doesn’t mean you shouldn’t use security software on Linux. On the contrary, you absolutely should. But fewer viruses for Linux, as well as limited root access, help contain the damage viruses and malware may wreak on Linux.

Installing Apps

Installing new apps and games on Linux is straightforward, if a little different to Windows.

DEB

Installing apps on Linux differs from Windows as well. With operating systems like Mac and Windows, programs arrive as EXE (Windows) or DMG (Mac) files. DEB files on Linux are close in that they too are package managers. However, you’ll often find yourself installing via the command line, or using a TAR file.

apt-get

The command line is crucial to most Linux distros. Some such as Elementary OS eschew the command line in favor of a gentle learning curve. Using the command line, installs typically work by entering the apt-get install command. This command runs a package management command line program that uses the Advanced Packaging Tool). Using apt-get downloads new packages from the repositories. Depending on what you are installing, you may need to add sudo to install with superuser (administrator) permissions. As further reading, refer to this beginner’s guide to installing software in Ubuntu with APT.

Permissions and File Systems

On Windows, the default user is an administrator. Linux user accounts though are not. As previously mentioned, this really enhances security. Directories and files feature three main groups:

1. Owner — Owner permissions apply to the file or directory owner, and have no effect on other user actions.
2. Group — These permissions remain only applicable to the group assigned to the directory or file.
3. All Users — All User permissions are applicable to every user.

Then there are the permission types:

• Read
• Write
• Execute

Even file structure differs in Linux than on Windows. Whereas Windows features different drives, commonly C: and D:, Linux includes simply a main file tree. All of your drives are within that tree. Similarly, unlike Windows, Linux lacks a registry. Essentially, the Windows registry is a central database of computer settings. The Windows registry houses user passwords and app information. Linux eschews the registry. Instead, programs store their individual settings.

source: makeuseof.com

4 Websites to Learn Cool Linux Command Line Tricks

Want to show off your command line prowess to your geeky friends but don’t know any cool tricks?  Well you are in luck. The following websites will give you plenty of tricks and tips to satiate your hunger:

shell-fu

“Fu” is defined as possessing superior skills related to an art. Aptly named “Shell fu” houses user-submitted command line goodies, tips and tricks. You can vote entries up if you like them and vote them down if you find they are harmful or do not work as advertised.

If you have some tricks of your own you can even submit them and they will be added to the site after the moderators have a look at them.

command-line-fu

Shell fu and Command-line fu are almost identical in concept. Command-line fu allows users to share their CLI wisdom with others and also vote up and down on submitted snippets.

Both shell-fu and command-line fu allow you to follow snippets through RSS and Twitter although I did find command-line fu offers a bit of extra control on RSS feeds.

snipt

Snipt is the “long term memory for coders”.  Snipt is a collection of frequently used commands and code snippets. You can share these snippets with your co-workers or make them public. Public snippets are viewable to everyone and for our specific case, we are interested in the bash section. However feel free to browse other sections as well.

good coders code, great reuse

While all the other resources mentioned utilize the power of the crowds to build up content, this one is different. It is Peteris Krumins blog about programming, software and hacking.

What’s so special about it? The famous sed, awk one liners, vim tips, plugins and cheat sheets that Peteris has fabricated over time. The occasional musical geek friday is fun as well.

While it may not be updated as often as the others, but more often than not the content is worth the wait.

source:.makeuseof.com

Top Linux Distributions To look Forward To In 2017

1. VeltOS

I like to attribute Linux with the saying by the community, for the community! You don’t necessarily have to agree with me but technically, it is what it is.

VeltOS by Velt technologies is an operating system that is birth to take a rather unusual approach to Linux – particularly in the sense that it’s going to an entirely driven community project. The devs will pretty much let you decide what and what not you will like to see or rather not see in the operating system.

This I like to call clean politics (if you may) or rather, pure FOSS. VeltOS is giving power to its users to shape up the operating to what they want it to be, the feature base and everything else is entirely community dependent.

You will pretty much decide what the operating system will look, act, and feel like in a voting platform. You can pretty much create a new poll requesting a feature or asking one to be removed. Whatever Velt shapes up to be is entirely in your hands.

However, it’s important to know that VeltOS is still very young and they had only released TP1 (technical preview one) three months ago and unsurprisingly, it gained the attention of the industry. In the light of the fact that you might argue that what they bring to the table isn’t entirely new (as quite a few distros sometimes take suggestions from their users essentially to help better the system) VOS is entirely meant to be built by you in the spirit of open source.

VOS is different in the sense that you the user are the visionair and along with other users in the community, you campaign for what else it is you might want to see in the next iteration of the operating system.

VOS is based off Arch Linux especially because of its lightweight and rolling release nature and it is particularly known for its versatility, simplicity and cutting edge software. Arch provides its own software via the Pacman Package Manager and due to its rolling release model, you will always get the latest security updates and software packages.

Don’t Miss: Arch Linux Installation and Configuration Guide

Technical preview one is essentially a test release to see where the community will take it from there. TP1 comes bundled with a tweaked version of the Budgie DE from the Solus Project with Light display manager for user sessions and greeter (login screen) – and Numix theming for aesthetics.

Fast forward to December 2015 and the VOS devs have received numerous feedback from their user base in regard what features TP2 should come bundled with.

The team is currently hard at work and will be writing an entirely new DE al’a VDE (Velt desktop environment) from scratch in Vala and C.

The Co-founder Stefan Kwiecinski in response to an inquiry said, “We will not be forking Budgie, there was a miscommunication on that. Technical Preview One ships a tweaked version of Budgie. As for Technical Preview Two, we are hard at work building an entirely new desktop environment written in Vala and C. We are doing this because votes from the voting platform doesn’t agree with much of existing/future versions of Budgie”.

VDE will be built with google’s material design principles in mind – essentially with Google’s Material GUI – and will debut with the technical preview 2 of VOS. We got in touch with Stefan and according to him, “If all goes well, we are on track for the 25th of March for TP2”.

Does not necessarily mean that it is certain that we’ll see TP2 in March next year, it could be earlier or later as the VOS development team is quite small.

In the meantime, if you’d like to give VeltOS a spin in its current state (TP1 with Budgie DE), you may go ahead and download the image but be sure to only try it in a virtual environment. We recommend use VirtualBox to give a try.

2. PapyrOS

Formerly QuartzOS then QuantumOS, – the whole idea behind PapyrOS completely revolves around a Material designed operating system with an Arch base.

Michael Spencer who is the lead developer of the project originally births the idea sometime early last year after which development took off in November 2014.

PapyrOS lingers around the idea of an operating system suited for the “normal human” and those in FOSS world alike.

Don’t Miss: 3 Best Arch-based User Friendly Distributions of 2015

The project is currently in a pre-alpha stage and it has a progress bar on the Papyros website to keep track of development and even an Android app that will equally update on the progress of the project.

PapyrOS is pretty much simplified, eye candy material designed desktop environment with an Arch base that aims to take user-friendliness to another level in Linux land. With Arch’s rolling release nature, Papyros will support atomic upgrades and rollbacks – in case something breaks – and this is made possible with OsTree.

Furthermore, PapyrOS will support integration with all your usual web services which includes Gmail, Inbox, and Evernote to better your desktop experience.
Aside the aforementioned features, the operating system will also come with its own cross-platform application development framework that will be based off QtQuick.

Papyros’s desktop shell – that can currently be tried on an Arch-based Linux machine (code below) – is been developed in Qt 5 and QML (on top of the QtCompositor API in order to use XWayland) for highly polished and dynamic interfaces for the Material GUI that they’ve been working on implementing all through the operating system and stock apps.

Download Papyros Shell on Arch

First, add the following lines to your /etc/pacman.conf file, above the default repositories:

[papyros]
SigLevel = Never
Server = http://dash.papyros.io/repos/$repo/$arch

Then, run

# pacman -Syu
# pacman -S papyros-shell

You can test the shell by running it in a new window on top of your desktop:

papyros-session

The progress bar is currently at 89% and it may drop or rise depending on new or old cases that may include bug discovery or a request for a new feature.
Most importantly, the project is making progress are by the time it hits a 100%, the first alpha will be ready – at version 0.1.

Their code is completely open source and currently available on GitHub.

PapyrOS promises so much more than just a material themed user interface. The operating system like VeltOS will also be targeting typical computing users – to provide an optimal Linux experience with an Arch base.

You can find Papyros at http://papyros.io.

3. Korora

Korora is an already established distro that was originally based off Gentoo Linux in 2005 after which the project was reborn in the year 2010 to be based off Fedora – essentially as a remix with tweaks and other nifty additions – to make for a direct usability without the need of post configuration after system installation – essentially to have your system working outside the box.

Korora Cinnamon Desktop

Korora is based off Fedora and it’s essentially different in the sense that it offers third party repositories so that you can easily get the applications you wouldn’t normally get on fedora without some post configuration after installing the system.

Korora still shares a strong tie with Fedora as it’s using the default repositories of the latter for its core system update. The operating system’s main is goal is to significantly increase the user base of Fedora while still offering great technology – which has been working for them.

Just recently they proposed to merge their project with that of OzonOS (also based on Fedora) – that is no more in active development (essentially due to insufficient funding and a small dev team) – in an effort to better the aesthetics of the Korora operating system – which will of course attract more users – especially gamers – according to the about page of the now old OzonOS webpage.

We are curious on how the Korora dev team intend to merge OzonOS with theirs. There’s no implementation as of yet but if I am right, 2016 should start seeing some changes take place with Korora.

Korora is currently available in five different flavors namely: Gnome, KDE, XFCE, and Mate – they pretty much share the same base as it is with every other distro that come in multiple variants.

It is also worth noting that Korora will come with third party driver support for all ye Nvidia and AMD graphic card owners.

As you might have expected, the project is open source and you can find out more on their official website at https://kororaproject.org and on their GitHub account.

4. SolusOS

We certainly know of Debian, Arch, Ubuntu, Gentoo, and their respective derivatives that altogether ring out at over 300 different distributions – most of which are suited for a particular audience – with quite a handful standing out of the majority.

Chances are your current distro is based off the aforementioned parent bases, but then how about something entirely new and different?.

The Solus project originally started as SolusOS and was based on Debian after which the devs scratched it out and started a second SolusOS (Solus OS 2) – that is apparently the forerunner to all current work (up to the all new SOS) – that was being built from scratch after which the project was shut down.

Fast-forward to February 2014 and EvolveOS is born – pretty much sharing the same code base and Vision as the second iteration of SolusOS (that was shut down).

EvolveOS saw early Alpha builds up to Beta releases after which the project encountered some issue with its name and was rebranded as Solus Operating System – essentially as the the very first releases except that the SOS – if you may – is under the entirety of the Solus Project “to encompass all the work owned/maintained by the project (And thus mitigate legal concerns)” said Ikey – for lack of a better way to put it.

On to the gory details! Ikey Doherty ( who is the project founder/manager) started off SOS with the main goal of building an operating system from scratch.

SOS features an entirely new DE – Budgie that is based off Gnome 3 shell and not – essentially, the desktop environment leverages Gnome 3 stack underneath the hood while offering a custom window manager – Budgie-wm and a panel with the moniker Budgie-panel that showcases a new sidebar and other mouth watering and much appreciable additions to the user interface.

The desktop has been re-rewitten according to Ikey Doherty and you can see a video of a few nifty features that it will come bundled with on Christmas day.

OS utilizes the PiSi package manager and eopkg in the CLI which of course, is unlike the apt-get and pacman commands that you’re typically used to. However, you find equivalents between apt-get and pisi as posted by the lead developer – Ikey Doherty.

To lay emphasis on that, – we reached out to the lead developer, Ikey – and according to him, “The package format is .eopkg, and the package manager was forked around 3 years ago from the Pardus Linux “PiSi” package manager (*not* the Pisi Linux Project, who forked Pardus in it’s entirety.)”.

source: techmint.com