New and very dangerous cyberattack vectors

Computer World has just published an article that links NSA style cyberspying techniques to a new breed of attack vectors. The ComputerWorld article is located here:

The article stops short of accusing the NSA of being behind all this by calling the perpetrators “The Equation Group,” but the authors make it clear that they believe that is the case. The article itself is based on a report recently released by Kaspersky Labs, “EQUATION GROUP: QUESTIONS AND ANSWERS.”

Rather than relate the entire contents of this article, I will merely cover the highlights. You should most definitely read the articles listed in this post and, for more details, the Kaspersky Labs white paper.

The bottom line is that “The Equation Group” is infecting computers using NSA techniques and a number of different methods, some of which are relatively newly discovered. The attacks appear to be directed at specific national organizations such as Russia, Iran, Pakistan, Afghanistan, India and China, among others.

The attacks use some tried and true vectors, such as worms, viruses, compromised emails, and infected web sites. These tried-and-true vectors are great when used against computers that are connected to the Internet. You should just assume that if a Windows computer is connected to the Internet it is infected.

There are some scary new vectors as well, that enable “The Equation Group” to infect computers not connected to the Internet. One method for introducing malware into computers that are never connected to the Internet is to intercept them in transit, and to infect them before they are installed at their final location.

The primary target is to infect the hard drive firmware. The malware being introduced to these computers is not installed using the old methods of trying to hide it among existing files on the hard drive itself. These new forms are infecting the code that actually runs the hard drive and makes it work. By attacking this firmware, the malware can create hidden space on the hard drive itself in which to store the spyware package that does the actual work of spying on the activities of the computer and its users.

The original malware which introduced and protects the spyware, and the spyware itself cannot be detected by any means in use today. No amount of anti-virus or anti-malware software will ever detect the spyware installed in this manner. It is just not possible. Even a complete wipe of the hard drive cannot expunge this spyware.

One way I can be a bit more secure is that I use Linux. The Kaspersky white paper is clear that this spyware is targeted at Windows computers. Perhaps that only means that the Linux versions have not yet been discovered, but I am reasonably certain that Kaspersky Labs would have announced this also, had it been the case.

It is also important to note that Kaspersky Labs is a Russian security company and that Russia is allegedly one of the targets of these NSA attacks. Russia and Kaspersky have a vested interest in detecting these types of spyware and making them public.

Related articles also appear in the New York Times at and Huffington post at

You can download the original Kaspersky white paper from here:

Posted in Linux, News, Security | Comments Off on New and very dangerous cyberattack vectors

Maintenance outages today, January 08, 2014

I will be performing some emergency maintenance today, to replace a couple old and failing UPS units. The batteries are OK, but the units themselves are failing after several years.

There will be a few short outages of the email and web sites during this maintenance.

Thanks for your patience.

David Both


Posted in News, Site outage | Comments Off on Maintenance outages today, January 08, 2014

The impact of the Linux philosophy

Last week I posted an article on that generated quite a bit of buzz.  It turned out to be the top article of the week.

Read it here: and enjoy.

Posted in Linux | Comments Off on The impact of the Linux philosophy

Review: edX Introduction to Linux class

I recently completed the newly released “Introduction to Linux” class, LFS101x, online at edX. It was a very interesting and rewarding experience. I have reviewed it in some detail and I hope that the review helps you decide whether to take the class.


Posted in Review, Training | Comments Off on Review: edX Introduction to Linux class

Mysteries of problem solving revealed

In my July 8 post, It helps to know how things work, I discussed one of the most important aspects of problem solving, that of, as the title says, knowing how things work. But that is really only one of the factors that enter into solving problems of any type, and especially problems relating to computer software and/or hardware.

When I first started at IBM in 1974 I spent almost six months in school. Yup, six entire months. Nobody does that any more. But while I was there we spent a good deal of time learning about the process of solving problems.

Having worked as service manager of a now defunct audio store in Toledo, Ohio, I did have a process — I just did not realize it.

In fact, I learned my process, or more probably developed it, as a kid playing with my model railroad. I used to wire and rewire it constantly. Because I used cheap wire scrounged from local discards, it was quite a challenge to keep everything working properly. So I learned a lot about electricity and problem solving in general.

But it was at IBM that the understanding of my process was revealed to me.


IBM taught me about KnOWDAT, the indispensable ingredients of problem solving. As with everything relating to computers, this is an acronym.

  • Knowledge – It all starts with knowledge. As discussed in the article, It helps to know how things work, knowledge of the inner workings of whatever it is you are trying to fix is truly essential.
  • Observation – You cannot even know where to begin solving a problem without observing the symptoms. What works? What does not work? The best problem solvers are those who never take anything for granted. Never assume that the information you have is 100% accurate or complete. When the information you have seems to contradict itself or the symptoms, start over from the beginning as if you have no information at all.
  • Deduction – This is the process of deducing what might be causing the problem. This extends from your observations of the problem and your knowledge and past experience. It is also where art, religion and magic mix with science to produce inspiration, intuition, or some other mystical mental process that provides some clue to the root cause of the problem.
  • Action – Perform the appropriate repair action. In most cases, by this time, you should have a good idea where the root cause of the problem lies. Make only one change at a time so you know which action resolved the problem.
  • Test – Test the results of the action you took to resolve the problem. If the action taken does not resolve the problem go back as far as necessary in this process and start again. You may know, for example, of two or three things that might cause the problem, so for each of those you would go back to the Action step and take the next action and then test the results. If you run out of possible actions, you might then go back to observing the problem to see whether some new information becomes known.

This process works for fixing computers, whether hardware or software is the source of the problem, as well as for just about anything else that might need to be fixed or even something that represents a general non-technical problem to be solved.

Most can be taught

Although all of the steps outlined above are crucial, deduction is the one step upon which all the rest hinges. Most of the steps in KnOWDAT can be taught. Knowledge is obtainable in various ways. One can learn the techniques of observation and how to perform actions to resolve a problem such as upgrading to a new software version or replacing a defective hard drive or case fan.

The most frequent reason that I find some people cannot solve problems is that they have no idea about how to perform even rudimentary deductive reasoning. And my more than 40 years of experience in both the audio and computer industries have led me to conclude that deductive reasoning cannot be taught. At least not so that someone can learn to reason deductively.

I think people can be taught about deductive reasoning, and that it can be understood on an intellectual level by almost anyone. But not everyone can actually do it.

I have seen many people who posses huge troves of knowledge but who are completely unable to apply that knowledge to solve the simplest of problems. As an interviewer during some hiring interviews for various technical positions over the years, I have seen people who could not even begin to solve the simplest of problems.

I firmly believe that many people will never be able to actually reason deductively and, therefore, will be unable to solve problems. Perhaps this is a problem with our educational system or perhaps it is an innate quality that is a result of how some people’s brains are wired.

Wikipedia has a modest article on deductive reasoning and the final paragraph is telling:

“Deductive reasoning is generally thought of as a skill that develops without any formal teaching or training. As a result of this belief, deductive reasoning skills are not taught in secondary schools, where students are expected to use reasoning more often and at a higher level.[4] It is in high school, for example, that students have an abrupt introduction to mathematical proofs – which rely heavily on deductive reasoning.[4]”

The preceding quote tends to indicate that this is a problem with our educational system. I would say a very big problem.

In any event, I did have some excellent teachers who taught their classes deductive reasoning, perhaps intentionally, or perhaps we learned it as a side effect  of teaching us how to solve the problems specific to their classes.  Either way, good teachers are key to being able to effectively solve problems.

Posted in Commentary, Linux, Opinion | Comments Off on Mysteries of problem solving revealed

It helps to know how things work

It really helps to know how things work when it becomes necessary to fix them.

This was true when I was fixing audio equipment in the early ’70s, and supporting computers and software for IBM, MCI, Interpath, and MCI over the years, and teaching Linux for Red Hat and my own company, Millennium Technology Consulting LLC. The intimate knowledge of how Linux works has also been invaluable since I started working with it in about 1996.

Unless you know how things really work, there is a tendency to use a shotgun approach to problem solving. That wastes time and, if replacing parts is involved or purchasing new software, can be quite expensive.

After all, would you be willing to pay for the auto mechanic to replace several perfectly good parts while trying to find the one part actually causing the problem – and to pay him for time and materials as well? Of course not.

I submit for your approval a problem I just fixed this morning – with my DataBook® web site.

It was not a problem that affected the external operation of the DataBook web site, but I could no longer use any editor from within WordPress to edit pages and posts such as this one.

Because I know several important things about WordPress I was able to think about the problem and correct it on the first try. I know the following about WordPress:

  • The data for WordPress web sites is stored separately in a MySQL database. Separation of data and code is always a good thing to do.
  • There is one and only one, small site configuration file for each WordPress web site, wp-config.php.
  • All WordPress plugins, themes, and uploaded graphics also have their own directories.
  • The Apache web configuration is separate from the WordPress site configuration.

So it was a simple matter to simply delete the entire directory in which the WordPress instance was installed for that web site. Everything.

I then copied the entire directory structure from a known working web site to replace the one I deleted. I then copied the original wp-config.php to the appropriate location in the newly copied WordPress directory structure and my web site was up and running again. It was then trivial to copy from backups the rest of the plugins and graphics to complete the process. All in all it took less than 5 minutes.

Not having the understanding I do of how WordPress, MySQL and Apache work together to produce a web site, I would have been tempted to simply delete everything in the WordPress directory (/var/www) for that web site and start over by reinstalling WordPress and configuring it from scratch. As easy as that is for WordPress, it would still have taken much longer than it did for me to actually fix the problem.

If I had understood more about the PHP coding of WordPress itself, I probably could have simply repaired the offending file that was likely corrupted for some reason. But that would probably taken much longer in any event.

If you are interested in learning how Linux works so that you can identify, understand and fix problems in the most effective ways, try the Linux classes I offer at Millennium Technology Consulting LLC.

Posted in Information, Linux, Training | Comments Off on It helps to know how things work

CentOS 7 released

CentOS 7 was released today, July 7.

CentOS is identical to Red Hat Enterprise Linux (RHEL) with the only exception being the branding text and graphics. CentOS is a fully supported Community ENTerprise Operating System that provides free upgrades and support.

CentOS 7 incorporates several major changes and enhancements. These includes things like systemd and GNOME 3. In addition, the XFS file system is now the default.

Many of the new features in CentOS, such as systemd, have been around for a couple years, most notably in the Fedora distribution. Fedora is the upstream feeder to RHEL and many new RHEL features are first introduced in Fedora.

See for more details anout CentOS 7.

Posted in Information, Linux, News | Comments Off on CentOS 7 released

Chinese cyberattacks target your business

If you have not heard about the cyberattacks being carried out against American businesses, you should get your head out of your duffle bag. This is all over the news and it is hard to imagine missing it.

Even if you have heard about it, you may have assumed that the Chinese military is not after your business as it is too small or insignificant and does not deal with the government or the military.


Your business most definitely is a target.

How do I know? Read on.

Static approach to firewall

In the past I have simply scoured the LogWatch emails I get daily from each system I manage for the IP addresses from which repeated attempts to login using SSH have been launched. I then statically blocked those entire ranges by manually adding rules to IPTables, my firewall of choice. I also usually block the full class A,B and C ranges rather than individual IP Addresses. This is OK, but does not respond to threats quickly and is a shotgun approach that may block legitimate users.  This approach is also very labor intensive.

I have also tried using a specific pair of lines in the IPTables firewall that provide the ability to detect attacks by determining a specified number of failed attempts from a specific IP address and then blocking that IP for a specified period of time. The default block is usually for 5 or 10 minutes. This blocks the immediate cracking attempt but does not block the rest of an IP address range so that email and web access to the servers will not be affected from the rest of the IP range. This does not notify me that anything has occurred until I get the daily email from LogWatch. Again, it is a labor intensive task to search the LogWatch emails from many systems for IP ranges that should be blocked more permanently.

Improving security with a dynamic firewall

I recently started experimenting with Fail2Ban, an Open Source product that dynamically blocks the IP address from which a cracking attempt originates by adding a rule to the IPTables firewall. The rules generated this way are deleted after a specified configurable amount of time. I can set up “jails” for any incoming port so that we can be very granular about what is blocked from each address, and for how long. So if an SSH script-kiddie attack occurs and SSH is blocked for that address, email is not blocked. But we could also set up a jail for email so that repeated attempts to send email – the hallmark of spammers – will also result in a block.

The Fail2Ban software also sends an email to me every time a new blocking rule is added to IPTables. The email specifies the source IP address of the attack and information about that source including the name if the ISP and the country of origin.

This email enables me to quickly see from where the attacks have originated and led me to an interesting discovery.


My unscientific findings are that 98% of all the failed login attempts are from mainland China. The rest are from Russia, eastern Europe and the U.S.

The vast majority of the attempts to break into my systems from China are directed at the business related computers. The personal ones and the church computers are very seldom targets for these attacks from China.


We are at war with China – a cyberwar. You should take this cyberattack seriously. It will affect you sooner or later.

It is not hard to deduce what the Chinese are after.

They want account and personal information possibly for identity theft and for use as leverage in recruiting willing and unwilling agents. China wants information about your customers and suppliers so they can locate other vulnerable businesses and infiltrate them. The Chinese military is after trade secrets so China can manufacture its own products using your business’ hard-earned intellectual property. They also want to infiltrate military contractors so that they can develop weapons to counter ones that we are developing and they want access to our military strategies.

But make no mistake, this is an economic war. China wants to defeat the U.S. economically. They are well on the way to doing so.

Posted in Commentary, Linux, News, Opinion | Comments Off on Chinese cyberattacks target your business

The Joy of Good Backups

It is a joy to have good backups.

This past Friday evening, while trying to open a web site with my primary workstation, Firefox started throwing errors that it could not open files.  The reason is that the 1.5TB hard drive containing my home directory had started failing and Linux, as it is designed to do, remounted the home directory filesystem as read-only to prevent any further potential data corruption.  This meant that the new temporary cache files used by FireFox could not be created and stored in my home directory thus causing the errors.

I did a bit of simple testing to verify that the /home filesystem could no longer be remounted as read/write.  I shut down the system.

Fortunately I had a spare drive. Without going into the gory details, I installed the replacement hard drive and powered up. I logged into a Virtual Console as root and started a  screen session.  I created a Physical Volume, and then a Volume Group encompassing the entire hard drive. I then created a new home Logical Volume, formatted it as EXT4 and mounted it on /home.

My primary on-site backup – which is mainly used to recover from my own accidents such as deleting the wrong file, or when hardware fails, is an  rsync copy of files to an archive for each of the last 25 days.  The archive uses the rsync link option to prevent copying files that have not changed from one day to the next, it simply creates a hard link to the unchanged file from the previous day, but in the directory for the current day archive.

At that point I mounted my backup drive on /media and simply copied the backed up files from the most current backup into my /home directory. After restoring my own home directory I logged in as myself, opened a Konsole session, su’ed to root and reattached the already running screen session to my konsole session.

I then did the same for the other two filesystems that had been on the original drive.

Using the USB3 connection on my Mediasonic HF2-SU3S2 ProBox 4 bay JBOD hard drive enclosure, it took only about 55 minutes to restore the very large amount of data I have in my /home directory and the other two filesystems. We are talking a total of over 300GB of data.

For you Linux geeks, this is why I put the OS on one hard drive and my home directory and other non-OS filesystems on a different hard drive. Makes recovery so much easier.

Later testing of the defective hard drive showed that Linux would not even recognize it. It would not even initialize and the heads kept seeking as it tried to perform its startup routines. The dmesg command showed that the kernel could not even see the hard drive, probably because it had not been able to perform its own power-on initialization.

Posted in Information, Linux | Comments Off on The Joy of Good Backups

David Both to present “SystemV Startup vs systemd” at TriLUG on May 8

I will be giving a presentation, “SystemV Startup vs systemd” at the TrilUG meeting on Thursday, May 8.

Topic: SystemD
Presenter: David Both
When: Thursday, 8th May 2014, 7pm (pizza from 6.45pm)
Where: NC State Engineering Building II Room 1021, Centennial Campus
Parking: The parking decks and Oval Drive street parking are free after 5pm

The new systemd daemon replaces the init process for some distributions already and is coming to many more. systemd provides service management and much more as well as startup for services designated to run on startup. It is designed to increase startup speeds as well as to conserve system resources by using a new startup strategy in which services are not started until they are actually required. This presentation will briefly review the Linux boot process and the old SystemV startup process. It will then discuss in more detail the startup process using systemd, and the reasons for creating the new systemd daemon and some of the advantages it provides. We will also discuss configuration files and some of the more common commands required to cause systemd to do our bidding. Backward compatibility will also be covered.

I hope to see you there.

Posted in Announcements, Linux, News | Comments Off on David Both to present “SystemV Startup vs systemd” at TriLUG on May 8

Dealing with the HeartBleed bug

It has been a very hectic couple days since I woke up Tuesday morning to the news about the so-called HeartBleed bug. I spent a good bit of time Tuesday exploring the available information and then creating a program that would do much of the work required to actually fix the problem, and then testing my program. I spent a good deal of Wednesday fixing the problem on the computers for which I have some responsibility.

I have taken a bit of a breather after all that and here is my assessment.

HeartBleed is the most serious bug ever

HeartBleed is a bug that is both dangerous and insidious. If you have a computer that is on the Internet, you must assume that your data has been stolen. Even worse, you have no way to know who has been stealing your data or for how long; this bug opens up your data in such a way that no trace of the crime is left behind.

There is even a web site dedicated to HeartBleed, that provides the gory details about this bug and its effects that is strictly factual and contains none of the hype required by alleged news organizations that are primarily entertainment and not information – infotainment.  Unfortunately, in this case, most of the hype seems to be deserved.

What it does

The HeartBleed bug does nothing by itself. It simply provides an open door to crackers (black hat hackers) who use that door to steal personal data. HeartBleed affects the OpenSSL library of security programs that are used by most computer systems. The bug allows access to the memory of the affected server.

When your computer connects to a web site that uses encryption, such as your bank, the OpenSSL code is used for communicating between your computer and the bank’s computer. When there is no activity for a period of time, OpenSSL produces a heartbeat, a simple transmission of a packet of data that says “I am still here” to the server that prevents the server from closing the connection before you are finished with your business and the server responds with a simple acknowledgement of that “ping.”

The crackers can use this by faking a heartbeat signal from your computer. The acknowledgement is sent back to the cracker’s computer and the cracker can then request data from the memory of the server. The memory leaked to the cracker can contain any or all of your personal data stored on that site.

The affected computers are the servers that run most of the websites in the world and that contain your medical, personal and financial data including your social security numbers, banking information and everything else you don’t want the bad guys to have access to.

The worst part is that you do not have to do anything to have your data stolen except to visit a web site you already trust like your bank.


Almost every version of the OpenSSL library has been fixed. And most of the large organizations that have servers, such as banks and other financial institutions, eCommerce websites like, hopefully, Amazon, Google and so on, have already patched their web sites.

The first thing you should do is install the latest updates to your own computer(s) regardless of which operating system you use. If your operating system is too old for new updates, such as Windows 95 or XP, or Fedora Linux 18 or earlier, upgrade your operating system and install all of the current updates. If you need to upgrade your computer in order to upgrade your operating system, then do so.

Second, change all of the passwords you use on web sites. ALL OF THEM!  All of your passwords have been compromised. If you continue to use them your data will be stolen.

The real problem is in knowing whether the web sites you use and which have some of your sensitive data have been fixed. By this morning, Thursday, April 10, many have some sort of notice on their login page. In most cases the ones I see seem to say that they never had a problem.  But you cannot count on that. Many are ignoring it entirely. Just do the best you can. Change all of your passwords anyway. If you learn later that the web site did not fix the vulnerability until after you had changed your password, change it again.

A few password guidelines:

  • Never use the same password on multiple web sites. Thus if one site is compromised, you won’t have to change all of your passwords.
  • Use long passwords that are at least 8 characters in length. This makes it much more difficult to guess or crack your password.
  • Passwords should contain a combination of lower and upper case letters, numbers, and special characters. This makes it much more difficult to guess or crack your password.
  • Never use the same password twice. An old password that was hacked, if used over, can still be used to attack your account.
  • Do not use birth dates, Social Security Numbers, pet, friend or spouse names, or dictionary words for your passwords. This will make it much more difficult to social engineer your passwords.
  • Change your passwords frequently. At least every 90 days, but once a month is even better. This will limit the time of your vulnerability if a site is compromised.
  • Never write down your passwords. Ever.

Good security is hard work

Yes, good security is hard work. That is why companies hire a lot of expensive people to handle it for them. For end users, it also takes time and some creativity to come up with reasonable passwords that are safe but which can also be remembered. It will be frustrating.

Bad security is an even bigger hassle. It can cost you your identity, lots of money and a great deal of time and frustration – far more than good security will cost.

Posted in Critical Notifications, News, Security | Comments Off on Dealing with the HeartBleed bug

Windows XP is dead – Long live Windows XP!

Windows XP will reach the end of life on April 8, 2014. This means that Microsoft will no longer provide security updates to ward off hordes of virii, Trojan horses, worms, spyware, bots, spamware, and any of the other forms of malware targeted at what has been the most ubiquitous operating system on the planet.

Microsoft has been trying to bribe, cajole and coerce users of XP — there is still a huge number of them — into upgrading to a more recent version of Windows.  But they are just concerned about the revenue stream and not about the safety and security of your computer systems.

Some users of XP are upgrading to newer versions of Windows but some are switching to Linux, in part because Linux is more secure and less expensive than any Windows operating system. However the vast majority of XP users are not doing anything because of huge masses of organizational inertia and lack of funding.

Many users, especially home users, are just going to stick with what they have because they have never worried about updates and have no clue that support is expiring, and would not care anyway if they did know.

My guess is that Windows XP will be around for many years, whether supported or not.

Another Y2K?

Security specialists around the world have been predicting the Winpocalypse in which every Windows XP system will become immediately infected and begin sending spam and malware to all of the other already infected XP systems. Some of the more alarmist predictions theorize the collapse of the Internet due to the mass attacks envisioned as a worst case scenario.

I am pretty certain that the worst of these Internet doomsday predictions are highly improbable. But that does not mean that there won’t be an impact. The Internet will be burdened with the effects of large amounts of traffic but, let’s face it, Windows XP is already a hotbed of infection. And not just XP; virtually every version of Windows out there, including Windows 7 and 8 are fairly easy targets for malware. Perhaps they are a bit less susceptible than XP, but that is simply saying that Windows 7 and 8 are better than XP because it takes a little more work to crack into them. It seems to me that lots of people get paid a lot of money to remove malware from those computers running more recent versions of Windows than XP.

Some media is covering this extensively, and the hyperbole is astounding. It might as well be Y2K again. Oh, wait! … that did not happen did it. Well, perhaps it did not happen because all of the programmers responsible for correcting that little issue before it did become a problem actually did a great job of it.

However there are no little programming tweaks that can be made to fix this issue. It is going to require a complete installation of a new operating system and most of the applications people are using will have to be upgraded with new versions as well. That will require new hardware in almost every case. So new Windows operating system, new applications and new hardware to run it all. It will all be very expensive.

And the old hardware will probably be given away, infestations and all, to people too poor or too ignorant about computers to do anything about replacing Windows XP, even if they had heard that there is a problem with it, or they will simply be scrapped and sent to third-world “recycling” centers in which the workers and the environment are slowly — or not so slowly — poisoned.

Option: Linux

Those of us who use Linux or Unix are not particularly worried about the safety or functionality of the systems for which we are responsible so long as we install security updates as they are made available. We are a bit concerned about the effect on the Internet as a functioning utility, and very seriously concerned about the people and ecosystems affected by tossing all those perfectly good computers into one trash heap or another even if the recyclable components are extracted and reused.

It is especially difficult to see really good computers being tossed when organizations are convinced by their support organizations, whether internal or especially external, that perfectly good computers need replacing and the old ones should be trashed. I see organizations discarding computers with really decent specifications that could be refurbished simply by installation of a decent operating system like Linux.

Sometimes, not frequently but sometimes, the “older” computers are given to schools and other non-profits and are used by children in schools too poor to purchase new computers for a bit of computer learning. Of course that does not make these computers free, because the Windows license does not transfer and they should not be using XP anyway. So schools have computers dumped on them in some cases with an old, unsupported OS that they cannot use, so they must — to be legal at least — purchase a newer version of Windows, and quite probably a memory upgrade to allow it to work reasonably well and get booted before class is over.

Here again, installing Linux on those computers will usually negate the need to purchase more memory and still save the cost of paying for an OS.

If you have some old Windows computers that you are considering replacements for, think first about upgrading them with Linux. You will very likely be amazed at the speed difference that Linux will make, and it will be free in the bargain. And that is a real bargain.

Posted in Commentary, News, Opinion, Rant, Security | Comments Off on Windows XP is dead – Long live Windows XP!

More Linux Malware

In the last few days there have been a number of news stories about a couple new instances of malware designed for Linux.

First there was the story about the Linux Botnet. This particular Botnet consists of thousands of Linux servers that are being used to infect tens and hundreds of thousands of Windows desktops. The infected Linux web sites are used to infect the Windows desktops of visitors to the web sites. The Windows desktops are the ultimate targets here and are used in the standard ways to steal user information in order to empty their bank accounts.

There are more Linux servers on the Internet than all other types combined. In fact, Linux servers account for more than 65% of all servers on the Internet so they do make an attractive target.

Then there is also the article about “Linux worm Darlloz targets Intel architecture to mine digital currency” which has a target of routers and set-top boxes such as your DVR and wireless routers, most of which run Linux. This worm mines currencies other than Bitcoin but is still used to make money of some form for the hackers. It targets systems with an old Linux kernel.

This is an interesting bit of news as it indicates a higher awareness of Linux and a greater Linux presence making it a more interesting – and rewarding – target for the bad guys. These days the black hat hackers, officially known among the computer literati as “crackers,”  is all about “show me the money.”

Both of these bits of malware together have infected significantly fewer than 75,000 systems. Typical windows malware can infect millions of computers.

Easy Prevention

The most important part of this story is that neither  of these bits of malware can act alone. They both require the help of inept Linux administrators, although I hesitate to call anyone that stupid an administrator.

These bits of malware can only infect a Linux system that has not been properly kept up to date with security patches. For the routers and set-top boxes it is more about the simple task of changing the factory set administrator ID and password. It is amazing how many wireless routers are only protected by the default ID and password.

Prevention is simple. Set new administrative passwords for routers and set-top boxes, and keep your Linux computers up to date at least with security patches.

You can also check to see whether your Linux computers are infected by running a quick and easy command line program as described in the articles linked above.


If your computer is infected, recovery is to completely reinstall your operating system from a known good source and restore your data from backups. You do back up don’t you? That is much easier and less time-consuming than attempting to recover by locating and fixing the infection itself.

Posted in Commentary, Linux malware, News, Security | Comments Off on More Linux Malware

Free “Introduction to Linux” course from the Linux Foundation, edX, MIT and Harvard

Free classes are always cool, especially in times when companies do not have big training budgets. And it seems like one of the best training opportunities in years is here.

Linux is hot as a job skill. The Linux Foundation’s 2014 Linux Jobs Report found that 90 percent of hiring managers are looking to hire Linux professionals in the next half-year. But demand is greater than supply. Not only is Linux hiring hot, but Linux professionals are also getting larger and more frequent pay raises.

The Linux Foundation along with edX and major educational institutions Harvard and MIT have combined to provide a Massive Open Online Course (MOOC), Introduction to Linux. This course is free of charge and you can take it to earn a certificate or you can audit the course if you cannot make the full time commitment.

The course will be available some time in the 3rd quarter of 2014. The folks at VentureBeat have a short writeup about this which sounds quite interesting. You can read about the course and register here. It is estimated that the time commitment if you take this course is 40 to 60 hours.

Now you might ask why, as a Linux trainer, I would suggest you take this course rather than mine? Well, free is free, right?

I do plan to take this class myself as there is always more to learn. I enjoy teaching my own two-day “Introduction to Linux” course, and I do get paid for it. So, again, why? Because I cannot imagine that anything done by the Linux Foundation and the combination of organizations that have put this course together would not be really, really good.

Opportunities like this do not come along frequently. Take advantage of it.

Posted in Linux, News, Training | Comments Off on Free “Introduction to Linux” course from the Linux Foundation, edX, MIT and Harvard

Linux Security Bug – Update

The security bug is identified as CVE-2014-0092 now has fixes available for the following distributions of which I am certain.

  • CentOS
  • Debian
  • Fedora
  • Red Hat

Check your own distribution to verify the availability of the fix. Note that not all releases of these distros have a fix available yet. If your release does not have a fix for this bug you should seriously consider upgrading to a release that does.

Posted in News, Security | Comments Off on Linux Security Bug – Update
« Older