There's something you don't see a lot of: an openssh vulnerability. Time to patch those clients. Details can be found at: USN-566-1: OpenSSH vulnerability. The vulnerability has to do with X11 forwarding which I always disable so I assume my systems are safe but I will still upgrade promptly.

Encryption is becoming more common as users realize the dangers posed if someone were to get the data on their computers. The Ubuntu installer even prompts the user to setup an encrypted disk. While encrypting the primary disk of a desktop or laptop is desirable, I tend to use an external encrypted disk to store much of my data. To be more accurate I create a single large partition on the disk and encrypt that partition. I thought it would be useful, especially given the quality of information on the web, to share my process and some information about the options available.

So far my research has turned up a few solutions though none that I consider to be that great. I’ve also learned that both Xen and VMware seem to have this problem and it would not surprise if other virtualization solutions do as well. The root of the problem is actually that the Linux kernel relies heavily on interrupts for generating random numbers. In a virtualized environment a Linux kernel will be unable to generate random numbers due to being unable to access the hardware. The solution would probably be for the virtualization software to emulate a hardware random number generator that gets random data from the host system. That’s assuming that the Linux kernel isn’t adjusted in some way to account for this issue.

I’ve been using Xen for a little while now and while there are many aspects I like there are a few that are troubling. I’ve been wanting to write up some tutorials on using Xen but before that can happen I need to feel comfortable recommending Xen as a virtualization solution. At the moment I’m not sure I can do that, partially because of the issues I’ve encountered but mostly because those issues do not seem to be acknowledged or discussed in any meaningful way. That is perhaps the most troubling thing of all.

Encrypting the swap space on any computer makes a lot of sense for anyone interested in security. The swap area always has a chance of containing sensitive user information that could easily be recovered from the disk. Furthermore, since swap storage does not need to be preserved across reboots it is trivial to use a random key, thus greatly decreasing the odds that any information can be recovered. The only downside that I’ve found on Ubuntu and other GNU/Linux operating systems is that there are too many ways to do encryption in general and swap in particular. But here is a relatively simple way to setup an encrypted swap file.

Like most users these days I have many user accounts on various websites. Dealing with security can be quite an issue with so many passwords. A lot of accounts, say to a discussion board, are not too problematic if the credentials get compromised. For other sites, like financial or email services, compromise represents significantly more danger. It is wise not to use the same usernames and passwords on different servers for the reason that if 1 gets compromised others are put at risk. I find it’s best to use a password manager and generate passwords for various sites and keep the password file protected by a strong password or passphrase that changes regularly. I also find that it helps keep such accounts organized so I don’t lose track of them. I wanted to see if there was an application that would suit my needs using Kubuntu 7.10 (Gutsy Gibbon).

This is a simple change that can, in my opinion, greatly improve security on a server or desktop system with openssh-server installed. By simple changing the listening port from the default 22 to another value will reduce the brute-force SSH attacks on a system thereby freeing up resources and reducing the chance of the system being compromised.