January 2013 Issue of Linux Journal: Security
Sticky Note of Doom
Years ago, I had the brilliant idea that all my users in the finance department should have complex passwords. This made perfect sense to everyone, since dealing with millions of dollars of revenue is something that should be secured. So, the passwords were changed with complexity requirements enforced. I slept better that night knowing our paychecks were no longer secured by passwords like "mustang" or "mrwhiskers".
I came in the next day only to find very complex passwords written on sticky notes and affixed to everyone's monitors. Security software is no match for a Sharpie marker and a Post-It. It was a lesson well learned. This month is our Security issue, and although we don't have an answer to the Sticky Notes of Doom, we do have some great articles on Linux-related security.
Reuven M. Lerner starts off the issue with an interesting column on real-time messaging over the Web. Back in the days when every user was in a terminal window, a quick wall
command would send everyone a message. Reuven describes a similar concept, but with Web users. Dave Taylor follows up not with Web programming, but with game programming. Using his talent for making learning fun, Dave shows how to write a script to play Cribbage.
Kyle Rankin returns to his PXE magic from a couple years back and explains how to leverage the network bootloader not only to install operating systems, but also to boot them directly. If you've ever been intimidated by PXE menus, or if you thought PXE was too limited, you'll want to read Kyle's column. It's a great followup to his last piece on the topic, and it showcases just how flexible PXE can be.
I joined the security bandwagon this issue and decided to talk about passwords. If you (or a "friend") use the same password for every Web site, or if you use your pet's name to secure your credit-card statements, you really need to read my column this month. Whether it's to pick up some hints on password creation or just get some pointers for convincing others to use good passwords, I hope you'll find my tips helpful.
If you're fascinated by data encryption, Joe Hendrix's article on Elliptic Curve Cryptography is more than just an interesting read. Joe not only shows how to implement this method, but also how to use it in real life with OpenSSH. With most encryption methods, people just keep making a bigger and bigger encryption key to improve security. Elliptic Curve Cryptography offers more security and smaller key sizes. When it comes to passwords, encryption is great, but even better is to destroy the password completely after using it. Todd A. Jacobs teaches how to configure one-time passwords on your servers. If you're working from an open Wi-Fi hotspot, a one-time password is a way to make sure you're safe even if your password is hijacked.
Speaking of Wi-Fi, Marcin Teodorczyk has a fun article on setting up a Wi-Fi honeypot. If you want to have fun with your neighbors, or if you're just curious about what people do to an open access point, Marcin shows you what to do. If you live near a place people tend to gather, your results should astound!
We've also got lots of other goodies for you this month. Mike Diehl discusses how to create smartphone apps with Phonegap. Joey Bernard takes a great look at Gnuplot. Our New Products section features a mention of Kyle Rankin's new book, and our Upfront section has useful tips to inform and entertain. So, in honor of the Security issue, maybe take this opportunity to remove sticky notes from monitors and challenge people to change their passwords to something other than their dogs' names. This was a fun issue for us, and we hope the same will be true for you!
Available to Subscribers: January 1