Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/

The link above takes you to an article talking about a cryptography library that supposedly has a vulnerability that allows people to eavesdrop on your SSL and TLS communications on websites and applications that make use of the GnuTLS library.

From the article:

“The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.”

Oops! Now this does not mean the Linux kernel is the problem, but this does go to show you that one library can bring security to its knees (that goes for any operating system, not just Linux).

This also shows that “many eyes” does not equal security! Remember that ALL software will have security problems, whether it be Windows, MacOS X, Linux, UNIX,  e-mail servers, DNS servers, forum software (phpBB, vBulletin, etc.), and even desktop word processors can have bad code that present a security risk(s) to your computer.

Worse, the open source community was warned a head of time (back in 2008 !) that GnuTLS was not safe to use (http://www.openldap.org/lists/openldap-devel/200802/msg00072.html)!   Did they not the get message?  Did they ignore the warning?  Who knows!


Posted in Computers, Internet and Servers, Operating Systems, Software

Are you ready for the future of the Internet? – Check Your IPv6

According to Wikipedia (quoted in red):

Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion.

IPv6 is intended to replace IPv4, which still carries the vast majority of Internet traffic as of 2013. As of September 2013, the percentage of users reaching Google services over IPv6 surpassed 2% for the first time.

Every device on the Internet must be assigned an IP address in order to communicate with other devices. With the ever-increasing number of new devices being connected to the Internet, the need arose for more addresses than IPv4 is able to accommodate. IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses. IPv4 allows only approximately 4.3 billion addresses. The two protocols are not designed to be interoperable, complicating the transition to IPv6.

Source (as of 12-22-2013): https://en.wikipedia.org/wiki/IPv6

I don’t think IPv6 will be used exclusively for several years. However it is wise to plan ahead and get some sort-of IPv6 setup on your home/office network.

You can check to see if you have IPv6 setup by going here: https://checkyoursix.computerlagoon.com


Posted in Computers, Internet and Servers, Operating Systems

Shared Hosting vs. VPS Hosting

Shared Hosting

Shared web-hosting is when you (as the customer) host your website(s) on a web-host’s server with possibly several other people at the same time. It is like a public fitness center. Everyone from all over come and use the fitness center’s services. You do not know who they are, and they do not know who you are. However, you all still come and use the public fitness center.

Quick Note: “AUP” is short for “Acceptable Use Policy”.

1) Disk Space

Several shared hosts give you massive amounts of disk space for your websites. However, you must be careful to read the web host’s AUP since they may prevent you from using all your disk space you are paying for.

Also, it is best to stay away from any web-hosts who claim to give you unlimited disk space. At best, you might get to use a few GB of hard drive space and possibly be limited to how many files you can put onto your web-hosting space. Please remember there is no such thing as an unlimited hard drive, and it still costs those web hosting companies lots of money to buy new ones for their servers.

2) CPU usage

Many shared hosting companies will limit your website(s) CPU usage. If your blog has several plugins that take up a lot of CPU, and you have several web visitors, you may find your account suspended for heavy CPU usage. Not a good thing if this is your company website.

3) Memory usage

Many shared hosting companies will limit your website(s) memory usage as well. If you decide to import your company’s 1,000 products into your online web store, you may find out that you cannot complete this task, since you ran out of allowed memory from the web host. Not a good thing for your company’s website.

4) Bandwidth

Many shared hosting companies will give you plenty of bandwidth for your website(s). This should not be a worry to you, unless you have large files and/or many website visitors.

It is also a good idea to stay away from any web-hosts who claim to give you unlimited bandwidth. If you use an excessive amount of bandwidth on a “unlimited bandwidth” web-host, there is a good chance your account will get suspended for “abuse”.

5) Security

On shared web-hosts, there will be several people hosting their website(s) on the same server as yours. Not all these people have good intentions. Some may even be on there just for the sake of hacking into other people’s websites.

While the shared web-host should have safe guards in-place to prevent one customer from viewing another customer’s files, this may not always be the case. If you are running a company website (especially an online e-commerce store), hosting the website on a shared web-hosting account is probably not a good idea.

6) Price

Usually shared web-hosts are not very pricey, but that is not always the case. You might even find one for $1.99 per month. Remember that the cheaper the web-host is, usually the cheaper the service is as well.

VPS Hosting

VPS web-hosting is when you (as the customer) host your website(s) on a virtual web-server on one of the web-host’s servers. The advantage to this is that you have much more control. You get your own hard drive space, memory, and control over what services to put on your web-server (as long as the web services do not go against the web-host’s AUP).

1) Disk Space

While you will not get as much disk space (as compared to shared web-hosting) without costing you a lot of money, you still can get a decent amount of hard drive space, at a not-too-high of cost.

2) CPU usage

Many VPS companies should give you some guaranteed CPU power. If your blog has several plugins that take up a lot of CPU, and you have several web visitors, the VPS host might temporarily increase your CPU power. However, always read the web-host’s AUP to see how they handle this issue.

3) Memory usage

Many VPS companies should give you some guaranteed RAM. If you decide to import your company’s 1,000 products into your online web store, and you use up all your guaranteed RAM, the VPS host might temporarily give you more RAM to complete the task. However, always read the web-host’s AUP to see how they handle this issue.

4) Bandwidth

Many VPS companies will give you plenty of bandwidth for your website(s). This should not be a worry to you, unless you have large files and/or many website visitors.

5) Security

On VPS, all virtual servers should be sand-boxed from each other (keep one VPS customer from prying into another VPS customer’s files and whatnot). If the VPS host does not sandbox the VPS accounts, do not use the VPS host. Find another one.

6) Price

VPS services are usually pricey. However, you might find one for $19.99 per month (or less). Remember that the cheaper the VPS host is, usually the cheaper the service is as well.


Posted in Internet and Servers

Everything Should be Open Source?

Have you ever heard the phrase “everything should be open source”? Do you know why you use open-source software, or do you just use open-source software because a friend recommended it to you or it is the “thing to do”?

I used to frequently look for open-source software a few years ago. My attitude on that changed. I now, for the most part, use whatever I need to get the job done – open source or not.

For example, I use WordPress. That is open-source web software. I use it because it is free and because it fits my needs. Can I use a proprietary solution? Probably, but why would I do that since WordPress fits my needs?

Ask yourself these six questions if you are frequently tempted to always choose open source. If you can answer “Yes” to at least two of these questions, then in my opinion, you are good in choosing the open-source solution over a possible free closed-sourced or paid solution.

1. Do I know anything about the programming language(s) that this open-source software is written in?
2. Do I really need to make any changes to the open-source software, or is having it open source just “the thing to do”?
3. I do not require paid technical support.
4. Does the open-source solution offer features that are even close to the features of the paid (or free closed-source) solution?
5. Does the open-source software have good documentation?
6. Does the open-source software work with the operating system you are most comfortable using (albeit Windows, Linux, FreeBSD, MacOS X, etc.)?


Posted in Computers, Internet and Servers, Operating Systems, Software

‹ Older Posts Newer Posts ›