Linux Remains Unbeaten in pwn2own Hacking Contest

Posted on in Categories Linux, Linux desktop, News, OS X, Security, windows vista last updated March 31, 2008

As reported earlier CanSecWest conference was designed to test zero day vulnerability against three leading desktop operating systems. The result is out:

[1] The MacBook Air went first

[2] Windows Vista was cracked (hacked) on the last day of the contest

[3] Linux remained undefeated

Although several attendees tried to crack the Linux laptop, nobody could pull it off, said Terri Forslof, a manager of security response with TippingPoint. “I was surprised that it didn’t go,” she said.

=> More information available at official web site (Via Yahoo news)

How To Build Secure and Portable Linux Based System

Posted on in Categories Hardware, Howto, Linux, Linux desktop, Linux distribution, Security last updated March 18, 2008

Interesting idea that explains how to build awesome secure and portable system using Linux. From the article:

I designed this system with both security and portability in mind. My system uses a Linux kernel and the entire thing, applications, personal data, etc, takes up 1GB of space. It is split up into two parts, the operating system, and my personal data. The operating system is a 700MB live-CD, GRML, that generates a completely fresh install every single time I boot up the computer. Doing this means that if my system is ever hacked into, a simple restart of my computer fixes the problem. This also means that any configuration changes made or private information stored by any application, restarting reverts everything to a clean slate.

The personal data is encrypted using an AES-256 algorithm. The password I type in actually unlocks a special encrypted file which unlocks the real encryption information, meaning that my actual password is never stored in RAM (more specifically, DRAM). To prevent highly sensitive information from being discovered by remote hackers, which this layer of encryption would not protect against, an extra layer of encryption using either GPG or AES-256 provides two layers of encryption for highly sensitive data.

=> My Awesome Secure and Portable System

Legal Issues Associated with Open Source and Free Software Projects

Posted on in Categories Business, Download of the day, GNU/Open source, Howto, Linux, UNIX last updated February 20, 2008

This is a must read if you or your organization associated with open source software project. If you are interested in a basic understanding of the legal issues that impact FOSS development and distribution, this primer is for you. The guide, written for developers, has sections on copyrights, trademarks, patents, organizational structure and other legal issues:

First, we provide creative, productive hackers insight on how to interact with the legal system—insofar as it affects the projects they work on—with a minimum of cost, fuss and risk. Second, we present a starting point for lawyers and risk managers for thinking about the particular, at times counter-intuitive, logic of software freedom. While these are the primary audiences we intend to reach, we hope others will benefit from this Primer as well, and we have purposefully given it a non-lawyer style of communication (for example, by intentionally omitting dense citation of judicial or other legal authority that is the hallmark of lawyers writing for lawyers).

While FOSS development can raise many legal issues, a few topics predominate in our work; these are the issues most integral to FOSS projects. This Primer provides a baseline of knowledge about those areas of the law, intending to support productive conversations between clients and lawyers about specific legal needs. We aim to improve the conversation between lawyer and client, but not to make it unnecessary, because law, like most things in life, very rarely has clear cut answers. Solutions for legal problems must be crafted in light of the particulars of each client’s situation. What is best for one client in one situation, may very well not be best for another client in the same situation, or even the same client in the same situation at a later date or in a different place. Law cannot yield attainable certainty because it is dynamic, inconsistent, and incapable of mastery by pure rote memorization

Download Primer

The Legal Issues Primer for Open Source and Free Software Projects is available in following formats:

  1. Online HTML version
  2. PDF version [318K]
  3. Postscript version [1.2M]

Video: History of GNU, Linux and Free Software Movements

Posted on in Categories GNU/Open source, Links, Linux, Linux Video, UNIX, Windows last updated January 10, 2008

This is an interesting documentary video which traces the history of GNU, Linux, and the open source and free software movements. It features several interviews with prominent hackers and entrepreneurs (and hackers-cum-entrepreneurs), including Richard Stallman, Michael Tiemann, Linus Torvalds, Larry Augustin, Eric S. Raymond, Bruce Perens, Frank Hecker and Brian Behlendorf.

The film begins in medias res with an IPO, and then sets the historical stage by showing the beginnings of software development back in the day when software was shared on paper tape for the price of the paper itself. It then segues to Bill Gates’s Open Letter to Hobbyists in which he asks Computer Hobbyists to not share, but to buy software. (This letter was written by Gates when Microsoft was still based in Arizona and spelled “Micro-Soft”.) Richard Stallman then explains how and why he left the MIT Lab for Artificial Intelligence in order to devote his life to the development of free software, as well as how he started with the GNU project.

(Note: There is a video embedded within this post, please visit the site to view the video – Time: 1 hr 25 min 9 sec)

Linus Torvalds is interviewed on his development of the Linux kernel as well as on the GNU/Linux naming controversy and Linux’s further evolution, including its commercialization.

Richard Stallman remarks on some of the ideological aspects of open source vis-á-vis Communism and capitalism and well as on several aspects of the development of GNU/Linux.

Michael Tiemann (interviewed in a desert) tells how he met Stallman and got an early version of Stallman’s GCC and founded Cygnus Solutions.

Larry Augustin tells how he combined the resulting GNU software and a normal PC to create a UNIX-like Workstation which cost one third the price of a workstation by Sun Microsystems even though it was three times as powerful. His narrative includes his early dealings with venture capitalists, the eventual capitalization and commodification of Linux for his own company, VA Linux, and ends with its IPO.

Frank Hecker of Netscape tells how Netscape executives released the source code for Netscape’s browser, one of the signal events which made Open Source a force to be reckoned with by business executives, the mainstream media, and the public at large.

PS: You can download video from Google Video for Apple iPOD here.

Quick tip: Perl One Liners

Posted on in Categories Links, Linux, Perl, UNIX last updated September 18, 2013

Practical Extraction and Report Language is hackers and sys admin’s # 1 choice language :)

This site offers examples – perl one liners for command line use, a summary of important perl command line arguments, and how to convert between 1-liners and full Perl scripts. This page assumes the reader has a reasonable amount of Perl experience.

Perl One Liners

Howto: Verify integrity of the tar balls or source code

Posted on in Categories Linux, Security, Tips, UNIX last updated July 26, 2007

Verifying integrity of the tar balls or source code is an essential step, which makes sure that you are going to use guanine software (also know as checksum). Every Linux or UNIX admin should be aware of this test. However, what is a checksum? A checksum is a form of a very simple measure for protecting the integrity of data from both hackers (read as crackers) and data transmission error over network i.e. make sure no one has tampered with a source file (see checksum @ wikipedia) For file verification, use any one of the following command:

  1. sha1sum – check SHA1 (160-bit) checksums
  2. md5sum – check MD5 (128-bit) checksums
  3. gpg – Use to validate a GPG certificate

Therefore, whenever you visit source-code download site, you will come across md5sum, sha1sum, or gpg signature keys listed. Following is general syntax to verify keys with different commands:

  • sha1sum {source-code-file-name}
  • md5sum {source-code-file-name}
  • gpg –verify {source-code-file-name.sig} {source-code-file-name}

Examples ~ sure, without examples no one able to grasp the idea: