http://brainstorm.ubuntu.com guidelines and check if your idea has been posted already! ]]> en-us Tue, 06-Jan-2009 00:00:00 UTC Tue, 06-Jan-2009 00:00:00 UTC QAPoll module http://brainstorm.ubuntu.com/item/10065/
Saving passwords in plain text is wrong! The Gnome keyring is a perfect replacement for this insecure method and should be used.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/10065/ http://brainstorm.ubuntu.com/item/6337/
In this way people/organizations/companies/governments who want to secure their usb sticks don't have to buy expensive usb sticks but can use average cheap usb sticks.

Attachments:
Blueprint encrypted-private-directories: [Information on this blueprint will be retrieved soon]
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/6337/ http://brainstorm.ubuntu.com/item/6106/
Then I found out, that it could access all MY private data files in MY home directory.

Please fix it so that other users cannot read the home directories of other people. This is a breech of privacy.

Attachments:
Bug #209292 : [Information on this bug will be retrieved soon]
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/6106/ http://brainstorm.ubuntu.com/item/12819/
In Sweden we have two very worrying laws coming up.

1. The "FRA-law" that gives the Swedish security police the right to wiretapp and datamine ALL international data traveling through Sweden.
2. The "Logging-law". Telco operators will be obliged to collect all information about their users whereabouts and keep that information for a year.

We have to work towards the aim: Security by default - and I'm not talking about the system, but to protect our datastreams from being wiretapped.

Me personally think that PKI is the solution to use here whereever possible. IF a session to/from a Ubuntu-system could be read in clear text the user/administrator should be aware of it.

Postfix is important here, Dovecot as well - all emails should be send over encrypted channels by default.

Mark Shuttleworth with his huge knowledge in Digital Certificates (He sold Thawte remember) would be of great help here.

I would like to see Mark Shuttleworth and Ubuntu leverage an infrastructure and create services to provide their community with a good, PKI-based solution.

Privacy matters

Sincerely
Niklas Andersson, Swedish TechWorld Open Source

Edit 1: I've made a proposition of a real-world-implementation of a very viable way to solve the email issue at a user-level.

See http://brainstorm.ubuntu.com/idea/12858/

Edit 2: The issue consists of a couple of problems:
* Prevent eavesdropping/wiretapping: Solution: encryption. My proposal targets part of this and it has the advantage it can also be used for checking the authenticity of the sender/origin. (I'm a big fan of certs and CA, but the infrastructure must be easier to manage)

* Prevent logging/sociograms: Different issue where a need for a "Darknet" or "Tor-network" would be needed. I think this could be targeted without tampering with the distro - perhaps it could be made as an add-in to network-manager? Not in the network-manager itself but as an extra, installable feature? Would be possible as the new network-manager supports multiple active channels/networks.

Edit 4: Need for a system security policy framework

http://brainstorm.ubuntu.com/idea/12928/

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/12819/ http://brainstorm.ubuntu.com/item/5682/
I originally thought that this would be good for the users login password. However, possibly this could be implemented for all passwords system wide.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/5682/ http://brainstorm.ubuntu.com/item/8047/ Please fix these. Some of them are many years old...

* Linux Kernel CHRP Denial of Service Security Issue
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel Various Vulnerabilities
* Linux Kernel SMP "/proc" Race Condition Denial of Service
* Linux Kernel perfmon Local Denial of Service Vulnerability
* Linux Kernel IP ID Value Increment Weakness
* Linux Kernel Socket Data Buffering Denial of Service
* Linux Kernel URB and IPv6 Flowlabel Handling Denial of Service
* Linux Kernel "syscall()" Argument Handling Denial of Service
* Linux Kernel "is_hugepage_only_range()" Denial of Service
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel Page Fault Handler Privilege Escalation
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel Binary Format Loaders Privilege Escalation
* Linux Kernel Multiple Vulnerabilities
* Linux Kernel IGMP and "__scm_send()" Vulnerabilities
* Linux Kernel Local DoS and Memory Content Disclosure Vulnerabilities
* Linux Kernel smb Filesystem Implementation Multiple Vulnerabilities
* Linux Kernel ELF Binary Loader Setuid File Handling Vulnerabilities
* Linux Kernel ide-cd SG_IO Functionality Permission Bypass Vulnerability
* Linux Kernel NFS and ptmx Denial of Service Vulnerabilities
* Linux Kernel File Offset Pointer Handling Memory Disclosure Vulnerability
* Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vulnerabilities
* Linux Kernel IEEE 1394 Driver Integer Overflow Vulnerabilities
* Linux Kernel Framebuffer Driver Direct Userspace Access Vulnerability

See Secunia for more information:
* http://secunia.com/product/2719/?task=advisories

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/8047/ http://brainstorm.ubuntu.com/item/6364/ Preferences is a nifty way to store information like your name, phone number, etc.

Do many people use it? I think not. Why? Because you have NO idea which applications read this information and what they do with it.

Either allow me to control which applications read this information so I can restrict access on a field level or get rid of the thing entirely. For example, I do not want Pigin/IRC channels to have access to my home phone number, etc.

As it is, it has that creepy, privacy-invading feel of Windows that made me move to Ubuntu in the first place. Time to fix it or lose it.


Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/6364/ http://brainstorm.ubuntu.com/item/5550/
Seen in: http://www.ubuntu-unleashed.com/2008/03/new-face-to-vlc-media-player-090git.html

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/5550/ http://brainstorm.ubuntu.com/item/7045/


Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/7045/ http://brainstorm.ubuntu.com/item/4699/
---Some reasons why we need one?---
*I have seen linux "experts" in ideas (demeaningly) that we don't need Antivirus at all on linux because we fix the vulverabilities, which is totally false. We need it because vulverabilities dont get patched within an hour, and we can still forward viruses on. The point of AV is not to act as a barrier, but to identify when you have been compromised and fix it. People don't seem to realise, images for instance can carry payloads. I don't see any reason why a virus couldn't take over the linux world overnight.

* Highlight some of the security mechanisms in linux and explain them
* Explain risks of dodgy permissions
* Explain in detail while running in root is risky.
* Too many linux oldies see anything Microsoft is doing and say we "shouldn't follow MS", even though its done right (like a security centre). If we don't get over that, we are shooting ourselves in the food. An example is a centralised security centre to analyse everything. Without it, its very easy to overlook some security checks.
* Explain future security features being added to ubuntu (roadmap).

Without proper education, we run the risk of following oldskool Microsoft (who have fixed their ways), and we will look like idiots (thanks to the people who say linux doesn't need AV). We are only secure now because we all mostly know what we are doing, but we should make it easier to educate others, so that we are prepared.


Lets highlight how to be more secure now, to keep us all safer in the future!

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/4699/ http://brainstorm.ubuntu.com/item/5590/
Attachments:
Bug #206928 : [Information on this bug will be retrieved soon]
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/5590/ http://brainstorm.ubuntu.com/item/12696/
It would be nice have the same in Ubuntu with gksu and that stuff

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/12696/ http://brainstorm.ubuntu.com/item/7875/
Recent results published by cryptographers say:

"MD5 should no longer be used as a hash function for software integrity or code signing purposes."

http://www.win.tue.nl/hashclash/SoftIntCodeSign/
http://www.mscs.dal.ca/~selinger/md5collision/

We really don't want some malicious code installed on nice clean ubuntu systems, keylogging, spamming, ddos'ing etc. And just imagine how quick the malicious code will be spread with apt updates.

So let's not wait for this to happen. We need to find an alternative cryptographic function. SHA-1 is not perfect but harder to crack. Does anyone know anything better?


Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/7875/ http://brainstorm.ubuntu.com/item/16232/

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16232/ http://brainstorm.ubuntu.com/item/12974/
Its quite easy to program. If SYN|ACK or ACK packets are received which are directed to another MAC address, we know its insecure.

There are algorithms too which can even help detect Man-in-the-middle attacks (to identify when its very likely someone is trying to intercept/change your traffic),however, this is more difficult to program.

We should be trying to provide the highest level of security possible to users.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/12974/ http://brainstorm.ubuntu.com/item/16022/
Provide an easy plugin for Nautilus to encrypt USB external hard drives and pen-drives, in a similar way as Private folder does.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16022/ http://brainstorm.ubuntu.com/item/5684/
Smart cards includes a crypto-chip. It is used in secure computing such as ATM.

It would be great for government agencies, military and other places that need high security.

Attachments:
Bug #206929 : [Information on this bug will be retrieved soon]
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/5684/ http://brainstorm.ubuntu.com/item/10816/
Virtually all other sites related to the wiki, documentation, launchpad, etc, use SSL, and I wish the same could be said about these as well.

In a recent forum discussion, some felt that there's no point to protecting those sites. But most will agree that many people use the same password for everything, and even though a compromise of a forum password may not seem like much, it could be an issue elsewhere.

Case in point, all wiki modifications show the IP address of those that make the changes. If this person uses the same password for the wiki as their forum account, not only is it a risk to the wiki, but if their personal machine is remotely accessible via SSH, etc, then that user is also at risk if the password is also the same on their computer.

Yes... people need to follow best practices... but if you have the ability to help people and it comes at virtually no cost to you, then why not?

Hope others feel the same way. Thanks for listening.

Attachments:
Ubuntuforums.org thread #831267
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/10816/ http://brainstorm.ubuntu.com/item/16023/
My proposition: Allow encryption of any folder in ~/ clicking with left button in Nautilus. If user doesn't have the packages, he would be asked for his/her permission to install them.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16023/ http://brainstorm.ubuntu.com/item/7356/
Currently this process is not easy, and it is difficult to find good advice on secure ways of generating, sharing and using private and public keys. Advice could be given with a simple (+/- advanced ) series of dialogue boxes, allowing set up of evolution/thunderbird/other encryption, key generation and publication, perhaps in combination with Seahorse.

In particular, it is annoying when Evolution sends plain text passwords after account set up BEFORE you have a chance to tell it to use SSL.

(Other brainstorm ideas recommend Tor installation and Pidgin encryption - this idea applies mainly to email, but could include these, too, and things like SSH connections.)

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/7356/