The latest version of Pidgin (used to be gaim) was released. I haven’t found any nice rpm’s for Fedora Core 6 yet (that would install) so I went ahead and made my own. No warranty whatsoever on anything about them. They work on my FC6 box, and that’s about all I know.

The rpm files are here.

UPDATE: Ok as many are well aware of Fedora Core has now switched over to Pidgin and the pidgin group now has a YUM repo setup and working for Fedora. So my rpm’s aren’t needed, just go to pidgin.im and use their YUM repo.

Here is a good article on what SELinux in RHEL 5 has brought to the table. Some cool new features and a lot more protection:

http://www.redhatmagazine.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/

There is also some interesting points in the comment section. Basically, a reminder that NO security mechanism is 100% safe, but it’s better than nothing and should always be considered when looking at what you need for your deployment.

— @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>

Ok, been a busy busy couple of months, two conferences down, two scheduled.

In February, I helped with the new LinuxWorld/OpenSolutions World Summit in NY. The show did pretty well, but the weather really messed it up (warning to others, don’t schedule a conference during a massive snow/ice storm, really messes things up LOL). I missed most of the first day when my 4 hour drive turned into around 8 hours, and I didn’t get to leave until 4 hours later than planned. The show’s presentation are are being pod casted here:

http://www.linuxworld.com/events/

Next on the list was the FOSE 2007 show where I helped organize the Tux.org non-profit booth. We handed out over 1,000 issues of Linux Journal with an intro to Linux flier, over 1000 CD/DVD Linux Distros, a couple dozen live FreeBSD CDs, and numerous other giveaways. We had some generally interested people talk to us and it’s nice to see more and more people actually know what Linux is and what OpenSource really means. Here’s some information on what we were doing:

http://www.cyberigor.com/fose/

Well, that takes care of what’s been happening, Now coming up this week is the ShmooCon conference:

www.shmoocon.org

I love this conference, has some great speakers, Bruce Potter and the rest of the Shmoo Group do an amazing job with it. Starts in about 3 hours, going to be a fun weekend!

Finally LinuxWorld/OpenSolutions World San Francisco 2007 is starting up. Hoping to get some real good speakers lined up for the Security track (which I’m track chair for). Anyways, not much to see, but here’s the site for that:

http://www.linuxworldexpo.com/live/12/events/12SFO07A

Well, I just got back from LinuxWorld and have to say I had a great time. This was a much better show than Boston was. Actually, after attending this show I realized how much the Boston show lacked for attendance and things happening. I still think part of what killed the Boston show was the move out of New York to Boston, but now that that the Boston show has been dropped and the LinuxWorld Summit in New York set as a replacement, hopefully it will get back on track.

Anyways, had a lot of fun at a couple of the booths, notable were the Fedora guys, who willingly let me hose the FC6 test 2 box in the name of experimentation, the USENIX booth for some good information, and the Trolltech booth with their cool developer phone coming out soon. Outside of the actual show, I had a good time hanging out with Joshua Abraham (pbnj developer) and Jon “maddog” Hall. Both of them were very cool, and introduced me to several other very cool people. Unfortunately, I’m terrible with names, and besides Pixel (aka “Bob”), can’t remember who I had the pleasure of having dinner and hanging out with Wednesday evening. Here is a rather bad picture taken with my Treo at dinner of some of the folks:

LinuxWorld group at dinner in SanFrancisco

Ok, here is the actual interview that I had with Network World.  I really like how it came out, I think Phil Hochmuth did an excellent job taking what I had said and presenting it to the reader.  This is also the interview where they had taken the quote from for the previous article.   Well here it is if you are interested:

LinuxWorld experts: Securing Web-based application on Linux

A pretty good article about the upcoming LinuxWorld/OpenSolutions World Conference and expo came out in the online magazine Network World today. I was even quoted in it at the bottom of the second page. It was an interesting interview, and I believe I rambled on for way too long, but they managed to get my main point, that is, Security is about finding the right compromises, and there are good tools now and in the near future to help us get there.

Now there is one small issue, and I’m posting this as a correction. I am not currently working on development of SELinux technology. I am working on some policy stuff, but I am not active in the community development of the technology currently. I have worked on it in the recent past, and plan to continue in the near future (though I am thinking of helping out indirectly via SEDarwin). I just wanted to make that clear. I support SELinux, I’m trying to help promote and improve SELinux, but I’m not a core developer of the technology. There are others such as the NSA, Trusted Computer Solutions, IBM, Tresys Technology and several other groups and companies that are putting in the hard work to make this technology a reality in the production world.

Here is the article for those interested.

Interesting article, and I would love to see this presentation at the BlackHat conference. Jon Ellch and David Myanor will be showing off how they can hijack a MacBook laptop in about 60 seconds using vulnerabilities in the wireless card driver. There are a couple of things that make this interesting:

1. All that has to happen is that your wireless card be turned on. You don’t have to be connected to a network. If you wireless card is on, you are a target, period.

2. In theory, there is nothing to say that BlueTooth is safe from this either. I would imagine that similer vulnerabilities could be found in Bluetooth drivers as well.

3. This is not Mac OS specific! Though they used a Mac for the demo, they have also discovered vulnerabilities in Windows. And I see no reason that it couldn’t affect Linux/*BSD as well.

4. Firewalls and anti-virus programs won’t and can’t protect you from this. This is a much lower level attack and will always bypass this. The only way to protect against it is either through better device driver security or not using wireless. SELinux/SEBSD/SEDarwin may help this somewhat, but again drivers are usually in the OS kernel and once you’re in the kernel it’s hard to stop attacks. I’ll have to look into the SE* solutions and see if they might be used to help mitigate this attack (though I’m doubtful).

Currently, there isn’t much you can do to protect yourself. Just turn off wireless when you don’t need it. Apple’s patches just came out, but there was no mention of a fix for this. The researchers are talking to Apple, Microsoft, and others to get this fixed. Also, they are not showing how they did it, just that they did it, so no current “in the wild” exploits are known of at this point.

Well, I finally got around to posting up my instructions for installing FC5 on a sharp MM20 laptop. This is definitely one of the best versions yet to run on this laptop. It’s not perfect yet, as suspend modes aren’t 100% consistent, but it is getting very close. Anyway, you can read about it here:

Fedora Core 5 Linux install on a Sharp MM20 Laptopt.

Well, it was a pretty good show, it wasn’t glitzy and glamorous, but there was some good info to be had, and good people to meet. Oh, and had a lot of fun at after show parties! :-). Anyway, here are a couple of photos looking down at the show floor from above. I should have taken more pictures, but I was too busy running around doing things. Looking forward to August for San Fran, if things go well, I’ll have some very interesting sessions for the security track!

These photos were early morning on the last day, that’s the only time it wasn’t crowded and busy (and I wasn’t flying around trying to be somewhere I wasn’t yet…)

LinuxWorld Left Expo HallLinuxWorld Right Expo Hall

Well, I’m getting ready for LinuxWorld/OpenSolutionsWorld next week. Not to much to do, most things I’m responsible for, I’ve taken care of. Looking forward to it. I hope people enjoy the Security Track I’ve put together. Guess I’ll know soon.

In related news, I’ve been asked back to do be on the Program Committee for San Francisco as well! I’ll also be doing the Security Track again, hopefully I can make it even better.

Going to be fun!

« Previous PageNext Page »

Copyright © 2015 · All Rights Reserved · Cafaro's Ramblings