A quick overview of what's in this special Security issue:
* Protecting servers with Nmap, Nessus and Metasploit.
* Managing passwords with KeePassX.
* A look at ELF viruses.
* Password cracking with GPUs.
* Using OAuth in Web apps.
Detailed Overview: My Voice Is My Passport, Verify Me
This is our security issue, and although we may not all have retinal scanners and voice-based authentication, we still need to focus on keeping our systems secure. We can all help the cause by using complex passwords and by using different passwords for every system to which we connect. In fact, Reuven M. Lerner starts us off with a possible solution to that very problem. He shows us how to use OAuth, so instead of creating a new set of credentials, we can log in to applications using an existing account. With OAuth, if you have a Yahoo, Google or Facebook account, you can log in to any Web site that allows OAuth authentication. It's pretty cool stuff.
Twitter is another service that allows OAuth authentication, and although he doesn't tackle authentication, Dave Taylor continues his series on scripting with Twitter. Can math and shell scripts determine whether someone is worth following? Read Dave's column and find out.
Mick Bauer is back this month for one final Paranoid Penguin column. We're very sad to see Mick go, but the security issue certainly seems like the perfect place for his retrospective on the past 11 years. Whether Mick's column helps you sleep better at night or keeps you awake due to paranoia about your network, his monthly columns will be missed.
Kyle Rankin starts a series in this issue that likely will make you update the passwords on all your systems. Using his fancy GPU setup, Kyle shows how to do a brute-force attack (for legitimate purposes, of course) on our systems. It's downright scary how powerful modern graphics cards are, and for tasks like password cracking, they are extremely efficient. Thankfully, Kyle can't crack the combination on my luggage, and "one, two, three, four" is still safe there.
Continuing our black-hat-themed lineup, Matthew Agle describes how to do penetration testing on our systems. Although there isn't one single tool for such things, Matthew opens his bag of tricks and lets us peek inside. Whether you are testing a Windows machine or trying to hack into your office server, Matthew explains how to do some pretty nasty stuff (for science, of course).
As if that weren't scary enough, Himanshu Arora shows how to create a virus—a Linux virus. More specifically, it's a Linux ELF-based virus that can propagate your system without you ever knowing it. This is the reason it's important to have signed packages and check the md5sum for ISO images. Himanshu starts his series this month to help you understand, and then defend against, such things. Knowledge is power, even if sometimes that knowledge is unsettling.
If one of your concerns regarding managing secure passwords is that you can never remember them all, you need a tool like KeePassX. Anthony Dean shows how to use this cross-platform password management and generation tool to keep track of secure passwords. If your password is "password", or if your idea of securing your "1234" password is to add a "5" at the end, you really don't need KeePassX. You need a psychiatrist! Seriously though, KeePassX is a great tool to help with passwords, and Anthony walks us through using it.
We haven't dedicated this entire issue to scaring you into being a paranoid penguin, however. Roderick W. Smith continues his series on using Linux with EFI systems. Last month, he explained EFI as the replacement for BIOS, and this month, he shows us how to use it to boot Linux. I also contributed an article this month, reviewing the Inspector Gadget of the editor world: SlickEdit. If you're a programmer of any level, SlickEdit can make your life easier. It even helped me, a novice programmer at best. --Shawn Powers, Editor
* Protecting servers with Nmap, Nessus and Metasploit.
* Managing passwords with KeePassX.
* A look at ELF viruses.
* Password cracking with GPUs.
* Using OAuth in Web apps.
Detailed Overview: My Voice Is My Passport, Verify Me
This is our security issue, and although we may not all have retinal scanners and voice-based authentication, we still need to focus on keeping our systems secure. We can all help the cause by using complex passwords and by using different passwords for every system to which we connect. In fact, Reuven M. Lerner starts us off with a possible solution to that very problem. He shows us how to use OAuth, so instead of creating a new set of credentials, we can log in to applications using an existing account. With OAuth, if you have a Yahoo, Google or Facebook account, you can log in to any Web site that allows OAuth authentication. It's pretty cool stuff.
Twitter is another service that allows OAuth authentication, and although he doesn't tackle authentication, Dave Taylor continues his series on scripting with Twitter. Can math and shell scripts determine whether someone is worth following? Read Dave's column and find out.
Mick Bauer is back this month for one final Paranoid Penguin column. We're very sad to see Mick go, but the security issue certainly seems like the perfect place for his retrospective on the past 11 years. Whether Mick's column helps you sleep better at night or keeps you awake due to paranoia about your network, his monthly columns will be missed.
Kyle Rankin starts a series in this issue that likely will make you update the passwords on all your systems. Using his fancy GPU setup, Kyle shows how to do a brute-force attack (for legitimate purposes, of course) on our systems. It's downright scary how powerful modern graphics cards are, and for tasks like password cracking, they are extremely efficient. Thankfully, Kyle can't crack the combination on my luggage, and "one, two, three, four" is still safe there.
Continuing our black-hat-themed lineup, Matthew Agle describes how to do penetration testing on our systems. Although there isn't one single tool for such things, Matthew opens his bag of tricks and lets us peek inside. Whether you are testing a Windows machine or trying to hack into your office server, Matthew explains how to do some pretty nasty stuff (for science, of course).
As if that weren't scary enough, Himanshu Arora shows how to create a virus—a Linux virus. More specifically, it's a Linux ELF-based virus that can propagate your system without you ever knowing it. This is the reason it's important to have signed packages and check the md5sum for ISO images. Himanshu starts his series this month to help you understand, and then defend against, such things. Knowledge is power, even if sometimes that knowledge is unsettling.
If one of your concerns regarding managing secure passwords is that you can never remember them all, you need a tool like KeePassX. Anthony Dean shows how to use this cross-platform password management and generation tool to keep track of secure passwords. If your password is "password", or if your idea of securing your "1234" password is to add a "5" at the end, you really don't need KeePassX. You need a psychiatrist! Seriously though, KeePassX is a great tool to help with passwords, and Anthony walks us through using it.
We haven't dedicated this entire issue to scaring you into being a paranoid penguin, however. Roderick W. Smith continues his series on using Linux with EFI systems. Last month, he explained EFI as the replacement for BIOS, and this month, he shows us how to use it to boot Linux. I also contributed an article this month, reviewing the Inspector Gadget of the editor world: SlickEdit. If you're a programmer of any level, SlickEdit can make your life easier. It even helped me, a novice programmer at best. --Shawn Powers, Editor