Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 20 Sep 2017, 23:36
All times are UTC - 4
 Forum index » Off-Topic Area » Security
The State of Linux Security & Linux Security Myths
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 913
Location: Canada

PostPosted: Fri 18 Aug 2017, 14:05    Post subject:  The State of Linux Security & Linux Security Myths
Subject description: 2016-2017
 

https://linux-audit.com/the-state-of-linux-security/

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-security-a-closer-look-at-the-latest-linux-threats

http://www.morphick.com/resources/news/mikey-linux-keylogger

Linux security myths :
https://linux-audit.com/linux-security-myths/

Linux security tips

Now that we discussed some of these myths, let’s look at some of the options to improve the security defenses of Linux systems.

Only install what you really need
Software patch management
Implement a firewall
Perform regular security scans


Some tools to enhance security :
https://www.maketecheasier.com/scan-linux-for-viruses-and-rootkits/

A reader's list about security :
Consumers Gain More Power to Seek Data Breach Damages
http://www.ecommercetimes.com/story/84747.html
In addition having to fix information technology systems, companies suffering breaches may be increasingly vulnerable to legal action taken by customers whose personal data was affected. A federal appeals court decision handed down earlier this month underscores the potential legal leverage available to consumers whose electronic records are hacked.

Last edited by labbe5 on Wed 23 Aug 2017, 14:09; edited 2 times in total
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2091

PostPosted: Fri 18 Aug 2017, 17:14    Post subject:  

Thanks. OK on the first three, 4th ... pretty infrequent (rootkit scans, debsums to validate all installed programs match the Debian repositories). Installed lynis (that previously I was unaware of) and after running ... zero warnings, 39 suggestions - many of which are irrelevant when you're both admin and user (protect me from myself and I ! ).
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 913
Location: Canada

PostPosted: Mon 28 Aug 2017, 10:34    Post subject: detecting spearphishing attacks
Subject description: targeted scam
 

https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-ho.pdf

Nature of the threat :
Unlike exploits that target technical vulnerabilities in
software and protocols, spearphishing is a type of social
engineering attack where the attacker sends a targeted,
deceptive email that tricks the recipient into performing
some kind of dangerous action for the adversary. From
an attacker’s perspective, spearphishing requires little
technical sophistication, does not rely upon any specific
vulnerability, eludes technical defenses, and often suc-
ceeds. From a defender’s perspective, spearphishing is
difficult to counter due to email’s susceptibility to spoof-
ing and because attackers thoughtfully handcraft their at-
tack emails to appear legitimate.


History of a growing threat :
Over the past several years, a litany of high-profile
breaches has highlighted the growing prevalence and po-
tency of spearphishing attacks. Leveraging these attacks,
adversaries have successfully compromised a wide range
of government systems (e.g., the US State Department
and the White House [1]), prominent companies (e.g.,
Google and RSA [3]), and recently, political figures and
organizations (e.g., John Podesta and the DNC [21]).


On a personal note :
I don't have a Facebook account, but i keep receiving emails about messages received from Facebook friends or for some other reason linked to my Facebook account. This is the nature of the threat to appear legitimate. If i had a Facebook account, i would be tempted to click on these fake messages, and click some links that would install either malware or ransomware, a risk mitigated by the fact i use Linux. And even though i block them, they come back in my inbox, again and again, a proof i am victim of a spearphishing campaign by hackers.
The reason i don't have a Facebook account is i am against sharing anything about me in the open. Such fake messages would appear all the more legitimate if hackers had access to my public posts (if i had any).
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0278s ][ Queries: 12 (0.0036s) ][ GZIP on ]