We’ve been encrypting our Ubuntu laptops for a while now, but there hasn’t been a good whole disk encryption option for the Mac until today. RSA is a little behind schedule in the release, but it’s out today.
Installation was a snap. Encrypting the boot drive was easy as well. 5 mins of your time and the takes care of the business in the background while you work. Reboot when it’s done (about 90 mins later for me) and your drive is secure.
Sweet.
Ubuntu pushed patches for the aforementioned Ruby vulnerabilities last night. apt-get to get them in a snap. Thanks for the quick response Ubuntu team!
Nate Clark is right. The risk of the recently announced Ruby vulnerabilities may or may not be high, but let’s not take any chances.
He’s done a quick and good how to on upgrading Ubuntu servers. Check it out. Nate Rules.
Bleh, there are some nasty ruby vulnerabilities out in the wild right now. Details are here. We’ll post an update as Linux distributions get patches to let you know who needs to take action to get fixes.
We’re compiling ruby from source for the time being on production machines until updates appear.
If you need help, it’s support@imapenguin.com
You’ve got port 3306 (MySQL) firewalled off and you want to use a MySQL GUI every once in a while (or maybe a bunch).
This is a snap with ssh.
On your local Linux/BSD/Mac/Unix machine (works in cygwin too) edit your .ssh/config file and add:
Host somemysqlserver Hostname server.mydomain.com #your mySQL server FQDN or IP User bob #replace with your valid ssh server username LocalForward *:13306 localhost:3306
Now do:
ssh -f -N somemysqlserver
You can now connect to your localhost port 13306 and it will forward to your MySQL server’s port 3306.
Plus, it’s free and probably already installed on your systems.
Need help? support@imapenguin.com
]]>
We’re going to apply to put “componentable” in the dictionary.
Just what is “componenetable” you ask?
We’ve been looking at a score of “Unified threat” solutions for the last few months. On a VERY broad scope there are a few major components of a security architecture that need to be addressed:
In this example we assume things like firewall/vpn/network based external attacks to the network are covered somewhere.
There are two basic solution groups to solving the above problem areas:
but:
but:
In PART 2, we’ll talk about some ways to select solutions that have some advantages of both approaches, then later in the series we’ll talk about how to develop your apps to do a hybrid of both approaches.
]]>
In Ars Technica’s article today called Firefox JavaScript security ‘a complete mess’? More like a hoax they site Mischa Spiegelmock as saying
“I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code,”
and that there wasn’t any new exploit that was discovered. The editor notes that the story link is where they will update the details as they come in.
This is considerably less worrisome than a remote control exploit as this was originally reported as.
Stay tuned, er, browsed, whatever.
]]>
“We’re still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here’s Rails 1.1.5!
This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
The issue is in fact of such a criticality that we’re not going to dig into the specifics. No need to arm would-be assalients.
So upgrade today, not tomorrow. We’ve made sure that Rails 1.1.5 is fully drop-in compatible with 1.1.4. It only includes a handful of bug fixes and no new features.
For the third time: This is not like ‘sure, I should be flossing my teeth’. This is ‘yes, I will wear my helmet as I try to go 100mph on a motorcycle through downtown in rush hour’. It’s not a suggestion, it’s a prescription. So get to it!
As always, the trick is to do ‘gem install rails’ and then either changing config/environment.rb, if you’re bound to gems, or do ‘rake rails:freeze:gems’ if you’re freezing gems in vendor.
UPDATE: This problem affects 0.13, 0.14, 1.0, and 1.1.x. So here’s a happy opportunity to upgrade if you still haven’t.
P.S.: If you run a major Rails site and for some reason are completely unable to upgrade to 1.1.5, get in touch with the core team and we’ll try to work with you on a solution.
“
(Via Riding Rails.)
]]>
Root Password Readable in Clear Text with Ubuntu: “BBitmaster writes ‘An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away.’“
(Via Slashdot.)
]]>
Security Flaw Discovered in GPG: “WeLikeRoy writes ‘A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2.’“
(Via Slashdot.)
]]>