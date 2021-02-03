Security Leftovers
How often should I rotate my ssh keys?
My story for today is about ssh and how even public keys, while much better than simple passwords, are still not a perfect solution.
The danger is credential theft, which is a fancy way of saying “someone stole your private keys.” Back in the 1990s, that problem was pretty far from our minds; Windows 98 didn’t even have the concept of a separate administrator account, never mind the idea of app sandboxing or the inkling that someone might intentionally want to load malware onto your computer and encrypt all your files for ransomware. Those were the days when some people thought ActiveX controls (essentially loading .exe files from web sites) might be a good idea. Actually, maybe even a great idea as long as there was an “are you sure?” dialog box first.
4 of the Best LastPass Alternatives
LastPass has recently changed its free account usage policy to be only available on one device, and a lot of its users are not happy about it. If you are a LastPass Free user and are looking to switch, here are four great LastPass alternatives you should check out. These services reserve their pricing tiers for more advanced, business-oriented users while still leaving free users with a powerful set of features to safeguard their online accounts data.
Security updates for Thursday
Security updates have been issued by Arch Linux (ansible-base, keycloak, mumble, and postgresql), Debian (firefox-esr and nodejs), Fedora (dotnet3.1, dotnet5.0, keylime, php-horde-Horde-Text-Filter, radare2, scap-security-guide, and wireshark), openSUSE (postgresql, postgresql13 and python-djangorestframework), Red Hat (Ansible, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (php7, postgresql-jdbc, python-cryptography, rpmlint, and webkit2gtk3), and Ubuntu (dnsmasq, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-oem-5.10, linux-oem-5.6, screen, and xterm).
Biden signs executive order calling for semiconductor supply chain review
President Biden signed an executive order Wednesday addressing growing concern over a global semiconductor shortage hampering the production of goods like automobiles and smartphones.
The White House’s executive order directs the federal government to conduct 100-day reviews of supply chains in four sets of products, including computer chips and large capacity batteries, like those used in electric vehicles, according to administration officials.
Biden Orders Review to Shore Up Supply Chain Resiliency
On top of the 100-day review of the four key industries, Biden’s order will also direct yearlong reviews for six sectors: defense, public health, information technology, transportation, energy and food production.
Biden said his administration will implement the recommendations as soon as they are available. “We're not going to wait for the review to be completed before we start closing the existing gaps,” he said.
Technology Executives Say All Evidence Points To Russia In Major Hack Of Computer Networks
Smith told the committee that the true scope of the intrusions is still unknown because most victims are not legally required to disclose attacks unless they involve sensitive information about individuals.
Finnish IT Giant Hit with Ransomware Cyberattack [iophk: Windows TO]
Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a communications director at the company. Remman acknowledged technical problems with several services that TietoEVRY provides to 25 customers, which are “due to a ransom attack,” according to the report.
Remman told E24 that the company considers the attack “a serious criminal act.” TietoEVRY turned off the unspecified services and infrastructure affected “as a preventative measure” until it can recover relevant data, and restart systems “in a controlled manner,” he said.
Open Hardware/Modding: Arduino, RPi CM4 and Pico
Red Hat/Fedora Leftovers
The Innovation Lab: A Space for Creative Learning
The reason why we use System76 to power all the computers in the space is because I’m a big supporter of Linux in general, and System76 has been really consistent and helpful. I think the openness of System76 definitely gives the students the ability to experiment and the freedom to break stuff in a creative environment, without being too constrained by proprietary software. Also: Activate Linux on Your Chromebook
