A quick overview of what's in this special Security issue:
* Configure One-Time Password Authentication with OTPW
* Provide Stronger Security with Elliptic Curve Cryptography
* Project: Build a Wi-Fi Honeypot
* Phonegap for Easy Smartphone Application Development
* How-To: Add Graphical PXE Menus to Your PXE Server
Detailed overview: Sticky Note of Doom
Years ago, I had the brilliant idea that all my users in the finance department
should have complex passwords. This made perfect sense to everyone, since dealing with millions of dollars of revenue is something that should be secured. So, the passwords were changed with complexity requirements enforced. I slept better that night knowing our paychecks were no longer secured by passwords like "mustang" or "mrwhiskers".
I came in the next day only to find very complex passwords written on sticky notes and affixed to everyone's monitors. Security software is no match for a Sharpie marker and a Post-It. It was a lesson well learned. This month is our Security issue, and although we don't have an answer to the Sticky Notes of Doom, we do have some great articles on Linux-related security.
Reuven M. Lerner starts off the issue with an interesting column on real-time
messaging over the Web. Back in the days when every user was in a terminal window, a quick wall command would send everyone a message. Reuven
describes a similar concept, but with Web users. Dave Taylor follows up not with Web programming, but with game programming. Using his talent for making learning fun, Dave shows how to write a script to play Cribbage.
Kyle Rankin returns to his PXE magic from a couple years back and explains how to leverage the network bootloader not only to install operating systems, but also to boot them directly. If you've ever been intimidated by PXE menus, or if you thought PXE was too limited, you'll want to read Kyle's column. It's a great followup to his last piece on the topic, and it showcases just how flexible PXE can be.
I joined the security bandwagon this issue and decided to talk about passwords. If you (or a "friend") use the same password for every Web site, or if you use your pet's name to secure your credit-card statements, you really need to read my column this month. Whether it's to pick up some hints on password creation or just get some pointers for convincing others to use good passwords, I hope you'll find my tips helpful.
If you're fascinated by data encryption, Joe Hendrix's article on Elliptic Curve
Cryptography is more than just an interesting read. Joe not only shows how to
implement this method, but also how to use it in real life with OpenSSH. With most encryption methods, people just keep making a bigger and bigger encryption key to improve security. Elliptic Curve Cryptography offers more security and smaller key sizes. When it comes to passwords, encryption is great, but even better is to destroy the password completely after using it. Todd A. Jacobs teaches how to configure one-time passwords on your servers. If you're working from an open Wi-Fi hotspot, a one-time password is a way to make sure you're safe even if your password is hijacked.
Speaking of Wi-Fi, Marcin Teodorczyk has a fun article on setting up a Wi-Fi
honeypot. If you want to have fun with your neighbors, or if you're just curious about what people do to an open access point, Marcin shows you what to do. If you live near a place people tend to gather, your results should astound!
We've also got lots of other goodies for you this month. Mike Diehl discusses how to create smartphone apps with Phonegap. Joey Bernard takes a great look at Gnuplot. Our New Products section features a mention of Kyle Rankin's new book, and our Upfront section has useful tips to inform and entertain. So, in honor of the Security issue, maybe take this opportunity to remove sticky notes from monitors and challenge people to change their passwords to something other
than their dogs' names. --Shawn Powers
* Configure One-Time Password Authentication with OTPW
* Provide Stronger Security with Elliptic Curve Cryptography
* Project: Build a Wi-Fi Honeypot
* Phonegap for Easy Smartphone Application Development
* How-To: Add Graphical PXE Menus to Your PXE Server
Detailed overview: Sticky Note of Doom
Years ago, I had the brilliant idea that all my users in the finance department
should have complex passwords. This made perfect sense to everyone, since dealing with millions of dollars of revenue is something that should be secured. So, the passwords were changed with complexity requirements enforced. I slept better that night knowing our paychecks were no longer secured by passwords like "mustang" or "mrwhiskers".
I came in the next day only to find very complex passwords written on sticky notes and affixed to everyone's monitors. Security software is no match for a Sharpie marker and a Post-It. It was a lesson well learned. This month is our Security issue, and although we don't have an answer to the Sticky Notes of Doom, we do have some great articles on Linux-related security.
Reuven M. Lerner starts off the issue with an interesting column on real-time
messaging over the Web. Back in the days when every user was in a terminal window, a quick wall command would send everyone a message. Reuven
describes a similar concept, but with Web users. Dave Taylor follows up not with Web programming, but with game programming. Using his talent for making learning fun, Dave shows how to write a script to play Cribbage.
Kyle Rankin returns to his PXE magic from a couple years back and explains how to leverage the network bootloader not only to install operating systems, but also to boot them directly. If you've ever been intimidated by PXE menus, or if you thought PXE was too limited, you'll want to read Kyle's column. It's a great followup to his last piece on the topic, and it showcases just how flexible PXE can be.
I joined the security bandwagon this issue and decided to talk about passwords. If you (or a "friend") use the same password for every Web site, or if you use your pet's name to secure your credit-card statements, you really need to read my column this month. Whether it's to pick up some hints on password creation or just get some pointers for convincing others to use good passwords, I hope you'll find my tips helpful.
If you're fascinated by data encryption, Joe Hendrix's article on Elliptic Curve
Cryptography is more than just an interesting read. Joe not only shows how to
implement this method, but also how to use it in real life with OpenSSH. With most encryption methods, people just keep making a bigger and bigger encryption key to improve security. Elliptic Curve Cryptography offers more security and smaller key sizes. When it comes to passwords, encryption is great, but even better is to destroy the password completely after using it. Todd A. Jacobs teaches how to configure one-time passwords on your servers. If you're working from an open Wi-Fi hotspot, a one-time password is a way to make sure you're safe even if your password is hijacked.
Speaking of Wi-Fi, Marcin Teodorczyk has a fun article on setting up a Wi-Fi
honeypot. If you want to have fun with your neighbors, or if you're just curious about what people do to an open access point, Marcin shows you what to do. If you live near a place people tend to gather, your results should astound!
We've also got lots of other goodies for you this month. Mike Diehl discusses how to create smartphone apps with Phonegap. Joey Bernard takes a great look at Gnuplot. Our New Products section features a mention of Kyle Rankin's new book, and our Upfront section has useful tips to inform and entertain. So, in honor of the Security issue, maybe take this opportunity to remove sticky notes from monitors and challenge people to change their passwords to something other
than their dogs' names. --Shawn Powers
