Security category

Pidgin saves account passwords in plain text (check the contents of ~/.purple/accounts.xml )

Saving passwords in plain text is wrong! The Gnome keyring is a perfect replacement for this insecure method and should be used.

Right-mouse-click in nautilus should have an option to create a private secure encrypted folder (for example in your home dir or on your usb stick). All files and folders in this special folder should be automatically encrypted and still be usable like normal files (after providing a strong pass-phrase to unlock the folder).

In this way people/organizations/companies/governments who want to secure their usb sticks don't have to buy expensive usb sticks but can use average cheap usb sticks.

In Sweden, as well as in the US, as far as I understood there are now new legislation coming up that seriously compromises the privacy of the users.

In Sweden we have two very worrying laws coming up.

1. The "FRA-law" that gives the Swedish security police the right to wiretapp and datamine ALL international data traveling through Sweden.
2. The "Logging-law". Telco operators will be obliged to collect all information about their users whereabouts and keep that information for a year.

We have to work towards the aim: Security by default - and I'm not talking about the system, but to protect our datastreams from being wiretapped.

Me personally think that PKI is the solution to use here whereever possible. IF a session to/from a Ubuntu-system could be read in clear text the user/administrator should be aware of it.

Postfix is important here, Dovecot as well - all emails should be send over encrypted channels by default.

Mark Shuttleworth with his huge knowledge in Digital Certificates (He sold Thawte remember) would be of great help here.

I would like to see Mark Shuttleworth and Ubuntu leverage an infrastructure and create services to provide their community with a good, PKI-based solution.

Privacy matters

Sincerely
Niklas Andersson, Swedish TechWorld Open Source

Edit 1: I've made a proposition of a real-world-implementation of a very viable way to solve the email issue at a user-level.

[....]

I created a new Guest account, then I stripped it of all user privileges.

Then I found out, that it could access all MY private data files in MY home directory.

Please fix it so that other users cannot read the home directories of other people. This is a breech of privacy.

Warn users if they try to use a weak password. In the style of google account creation.

I originally thought that this would be good for the users login password. However, possibly this could be implemented for all passwords system wide.

There are at least 13 unpatched security vulnerabilities in the Linux kernel.
Please fix these. Some of them are many years old...

* Linux Kernel CHRP Denial of Service Security Issue
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel Various Vulnerabilities
* Linux Kernel SMP "/proc" Race Condition Denial of Service
* Linux Kernel perfmon Local Denial of Service Vulnerability
* Linux Kernel IP ID Value Increment Weakness
* Linux Kernel Socket Data Buffering Denial of Service
* Linux Kernel URB and IPv6 Flowlabel Handling Denial of Service
* Linux Kernel "syscall()" Argument Handling Denial of Service
* Linux Kernel "is_hugepage_only_range()" Denial of Service
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel Page Fault Handler Privilege Escalation
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel Binary Format Loaders Privilege Escalation
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel IGMP and "__scm_send()" Vulnerabilities
* Linux Kernel Local DoS and Memory Content Disclosure Vulnerabilities
* Linux Kernel smb Filesystem Implementation Multiple Vulnerabilities
* Linux Kernel ELF Binary Loader Setuid File Handling Vulnerabilities
* Linux Kernel ide-cd SG_IO Functionality Permission Bypass Vulnerability
* Linux Kernel NFS and ptmx Denial of Service Vulnerabilities
* Linux Kernel File Offset Pointer Handling Memory Disclosure Vulnerability
* Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vulnerabilities
* Linux Kernel IEEE 1394 Driver Integer Overflow Vulnerabilities
* Linux Kernel Framebuffer Driver Direct Userspace Access Vulnerability

See Secunia for more information:
* http://secunia.com/product/2719/?task=advisories

[....]

The "About Me" utility under System->Preferences is a nifty way to store information like your name, phone number, etc.

Do many people use it? I think not. Why? Because you have NO idea which applications read this information and what they do with it.

Either allow me to control which applications read this information so I can restrict access on a field level or get rid of the thing entirely. For example, I do not want Pigin/IRC channels to have access to my home phone number, etc.

As it is, it has that creepy, privacy-invading feel of Windows that made me move to Ubuntu in the first place. Time to fix it or lose it.

VLC to me is the best player for Movies, Videos, DVD's, and DiVX! Well its time for everyone to upgrade vlc because there is Multiple vulnerabilities found ( http://www.securityfocus.com/archive/1/489283 ) allowing for the execution of arbitrary code and Denial of Service. But ya know? Im glade I had to upgrade lol, vlc added a whole new face a ton of bug fixes and a few new features :)

Seen in: http://www.ubuntu-unleashed.com/2008/03/new-face-to-vlc-media-player-090git.htm l

When installing the server version we can select encrypted partition but when installing desktop we dont have this choice. Since Desktop version are more subject to be installed on Laptop I dont understand why this feature is not availlable.

There seems to be a growing trend of incorrect statements about Linux security being made that should be addressed. Otherwise, we will leave ourselves open to heavy attack in the future. We should also highlight ways to improve your own security.

---Some reasons why we need one?---
*I have seen linux "experts" in ideas (demeaningly) that we don't need Antivirus at all on linux because we fix the vulverabilities, which is totally false. We need it because vulverabilities dont get patched within an hour, and we can still forward viruses on. The point of AV is not to act as a barrier, but to identify when you have been compromised and fix it. People don't seem to realise, images for instance can carry payloads. I don't see any reason why a virus couldn't take over the linux world overnight.

* Highlight some of the security mechanisms in linux and explain them
* Explain risks of dodgy permissions
* Explain in detail while running in root is risky.
* Too many linux oldies see anything Microsoft is doing and say we "shouldn't follow MS", even though its done right (like a security centre). If we don't get over that, we are shooting ourselves in the food. An example is a centralised security centre to analyse everything. Without it, its very easy to overlook some security checks.
* Explain future security features being added to ubuntu (roadmap).

Without proper education, we run the risk of following oldskool Microsoft (who have fixed their ways), and we will look like idiots (thanks to the people who say linux doesn't need AV). We are only secure now because we all mostly know what we are doing, but we should make it easier to educate others, so that we are prepared.


Lets highlight how to be more secure now, to keep us all safer in the future!

I would like to be able to login to Ubuntu using a GPG cryptographic key stored on a USB flash drive.

I'm studying for the RHCE exam, so I use Red Hat besides of Ubuntu, Something that I love from Red Hat is that every time you use a Administrative tool and you get authorization to use it a icon appears in the notification area, it leaves after some time or you can just give a right click and select "forget this authorization".

It would be nice have the same in Ubuntu with gksu and that stuff

When we download updates (deb files), we are vulnerable to attacks.

Recent results published by cryptographers say:

"MD5 should no longer be used as a hash function for software integrity or code signing purposes."

http://www.win.tue.nl/hashclash/SoftIntCodeSign/
http://www.mscs.dal.ca/~selinger/md5collision/

We really don't want some malicious code installed on nice clean ubuntu systems, keylogging, spamming, ddos'ing etc. And just imagine how quick the malicious code will be spread with apt updates.

So let's not wait for this to happen. We need to find an alternative cryptographic function. SHA-1 is not perfect but harder to crack. Does anyone know anything better?

Users should be warned when they connect to a network which is obviously insecure (such as connected to a Hub instead of Switch).

Its quite easy to program. If SYN|ACK or ACK packets are received which are directed to another MAC address, we know its insecure.

There are algorithms too which can even help detect Man-in-the-middle attacks (to identify when its very likely someone is trying to intercept/change your traffic),however, this is more difficult to program.

We should be trying to provide the highest level of security possible to users.

I would like to be able to login to Ubuntu using a smart card.

Smart cards includes a crypto-chip. It is used in secure computing such as ATM.

It would be great for government agencies, military and other places that need high security.

I would appreciate it if both the brainstorm and ubuntuforums.org would be protected via SSL for login and cookie exchanges.

Virtually all other sites related to the wiki, documentation, launchpad, etc, use SSL, and I wish the same could be said about these as well.

In a recent forum discussion, some felt that there's no point to protecting those sites. But most will agree that many people use the same password for everything, and even though a compromise of a forum password may not seem like much, it could be an issue elsewhere.

Case in point, all wiki modifications show the IP address of those that make the changes. If this person uses the same password for the wiki as their forum account, not only is it a risk to the wiki, but if their personal machine is remotely accessible via SSH, etc, then that user is also at risk if the password is also the same on their computer.

Yes... people need to follow best practices... but if you have the ability to help people and it comes at virtually no cost to you, then why not?

Hope others feel the same way. Thanks for listening.

For the paranoid amongst us, and those living in countries where they risk being arrested for speaking their mind, it would be wonderful to have straightforward, wizard-type setup of signing and encryption for email and other services.

Currently this process is not easy, and it is difficult to find good advice on secure ways of generating, sharing and using private and public keys. Advice could be given with a simple (+/- advanced ) series of dialogue boxes, allowing set up of evolution/thunderbird/other encryption, key generation and publication, perhaps in combination with Seahorse.

In particular, it is annoying when Evolution sends plain text passwords after account set up BEFORE you have a chance to tell it to use SSL.

(Other brainstorm ideas recommend Tor installation and Pidgin encryption - this idea applies mainly to email, but could include these, too, and things like SSH connections.)

To solve the potential problem of malicious repositories
(repositories advertised online contain malicious packages. Users add these repositories to their source-list and get infected with the malware in these repositories/out of date repositories like the "attacks on package managers" by the university of arizona):

Add a blacklist to apt where known malicious repositories can be blocked.
The list is kept up-to-date by regular updates.
This is a fix. Not a solution.
Important: The ubuntu repositories must not be blocked (or it would lead to a update-dos)

When a login fails, have the webcam take a picture so that the culprit might be identified.

We should prompt the user as part of the Ubiquity installer and ask him/her whether they wish to enable automatic security updates or not.

Currently, Ubuntu, and Linux in general, have few real viruses in the wild.

This will change with time, as all systems, no matter how well designed, cannot be made perfect.

When problems are found and fixed in Ubuntu's security, they are signed and released into the repositories.

Currently, the default is to not update automatically. This makes sense, as we shouldn't do such things without a user's permission. However, many users are not aware of security updates, and do not know that the update process can be automated, as the option is hidden away in Sys>Admin>SoftwareSources.

Prompting would allow the user to better protect himself, and the user would be able to choose from
* No automatic
* Download and notify
* Download and install

The system will not reboot without the users permission, no matter what the user chooses.

Non-security updates should _never_ be automated, and should require user intervention (this is the current behavior).