Security and Privacy Forum

Write suggestions and new ideas in here
More ideas here http://community.linuxmint.com/idea/welcome
Forum rules
  • Only post ideas here that are specifically about the Linux Mint distribution or its websites.
  • So that developers and users from any distribution can discuss ideas in one place, post ideas about improving software to the collaboration website for that software instead.

Does Mint Need a "Security and Privacy" forum?

Yes
91
50%
No
4
2%
Probably Yes
13
7%
Probably Not
5
3%
This would be very useful!
40
22%
Recent News says that we really need this
28
15%
Dumb Idea
2
1%
 
Total votes: 183

ouch.e
Level 1
Level 1
Posts: 5
Joined: Thu Jan 16, 2014 7:11 pm

Privacy is a right. Ergo AdBlock & Encrypt always

Post by ouch.e » Tue Mar 08, 2016 4:46 pm

MishaSherpa wrote:I suggest that Linux Mint make a "Security and Privacy" section of the Board and pay attention to it, i.e., actively participate in answering questions.
With a sticky explaining how you forfeit privacy, while trampling the Expectation of Privacy when you allow yourself to become the commodity by using "social" media.
Xmpp Texting: the smart choice. sms texting is expensive frippery

User avatar
Chiefahol
Level 4
Level 4
Posts: 473
Joined: Thu Jun 11, 2015 12:32 am

Re: Security and Privacy Forum

Post by Chiefahol » Wed Mar 09, 2016 1:18 am

Out of 127 votes, we're now seeing only 6 votes against the idea. (So 95%+ support.)

I would say we are clear to go on this.
With a sticky explaining how you forfeit privacy, while trampling the Expectation of Privacy when you allow yourself to become the commodity by using "social" media.
Yes that can be one of the first threads, good idea.
Donate to your favourite distros!

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4123
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Security and Privacy Forum

Post by Fred Barclay » Wed Mar 09, 2016 4:19 pm

Absolutely we need this! And the sooner the better! :D
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Ark987
Level 4
Level 4
Posts: 351
Joined: Tue Apr 07, 2015 4:20 am

Re: Security and Privacy Forum

Post by Ark987 » Mon Mar 14, 2016 6:01 am

Linux Mint aims to be user friendly, it will be a great challenge to make make security user friendly.
Indeed too much security reduces usability or even stability but users needs at least needs to know where to find information.

A great topic was published in DW: http://distrowatch.com/weekly.php?issue=20160314#tips
While we have received a number of interesting technical suggestions for checking the legitimacy of ISO images (with varying degrees of practicality), the reason we are not implementing most of them is the problem the Linux community faces with regard to corrupted ISO files is not technical, but (I believe) educational.
A compilation of resources where to go and check and what needs to be checked is needed.

Because not many uses read the tech news or follow up on the forums, IRC, etc. I would even go to the next step, since Mint already have it's own update manager software and it requires an active Internet connection. Why not come up with some kind of RSS feed about related security updates related to the pending update packages, in addition to some security trends news. Maybe this can be a standalone X-app.
Image

User avatar
Dr.Flay
Level 1
Level 1
Posts: 7
Joined: Fri Jan 08, 2016 5:29 am
Contact:

Re: Security and Privacy Forum

Post by Dr.Flay » Wed Mar 16, 2016 10:28 pm

Locks and puzzles, Rule Number 1:
If man can make it, man can break it.

The Linux world needs to wake up before it is too late, just like the Mac world has to.
"Malware" is more than old fashioned viri.
My thoughts that follow are free-flowing.....

In my news feeds I regularly see Linux exploits and now more frequently malware.
Core parts of Linux itself have been found to have some serious goofs.
Linux can host something that is not bothering it and act as an instigator or plague carrier.
Cross platform solutions such as jscript, Java, and almost all Adobe products will punch great big holes though protective layers of any OS.
Some hardware based malware such as bad USBs can go straight for the BIOS and don't care about the OS.
People always assume their machine is at threat rather than them simply being used as a pawn in a bigger game.

Surely the past 2 years have shown SSL flaws effect almost all of us at the same time ?
With every OpenSSL update, I make a posting at the Trillian and Vivaldi forums so people can manually update.

1 factor I don't see that anyone has contemplated, or I have not yet seen mentioned;
The most common hand-held computers on the planet are Android devices.
Android is a cut-down Linux, and can be upgraded or replaced with a full Linux.
The new most desirable target with the lowest hanging fruit to hack and abuse is the mobile phone market.
Thankfully the Android world has shown the value of not having access to ROOT, but ways have been found to gain privileges.
Certain paranoid nations engaged in lots of hacking are very pro-Linux (understatement) and becoming much more used to digging into the guts.
More newbie hackers than ever are now getting to grips with Linux because they have to, and on that journey into peoples phones they are learning lots of handy new tricks they can use in a full Linux too.
The army of Linux powered/aware hackers is growing fast.

The choice of Linux AV needs regular re-evaluation. Clam AV often shows it has serious problems, and the lack of promoted options on offer is worrying as we march forwards.
I often see ClamAV false positives in VirusTotal, or worse that it does not recognise a bad file.
Many AV companies use a Linux Live CD with their recovery tools, and some have now started making AV for Macs.
I am confident we will start to see more Linux AV released as full installs, as it becomes more needed.

Until there is a good range of quality Linux desktop AV, I recommend that knowledgeable security devs look into making a front end for VirusTotal or http://www.herdprotect.com
We need to start caring more about the platforms we are not on, eg. a Linux PC must recognise it is storing a file that will only infect a Mac etc. or every OS becomes a hidey-hole for malware, just like any external drive. It sits and waits until it can be used.
VirusTotal and https://anubis.iseclab.org have started to include cross platform definitions, and you can be sure they will be including Linux binaries once the threats get more common (if they don't already).

Even in Linux I install all the same malware and exploit protection in the browsers.
Man in the middle attacks are just as valid against Linux, and extensions like Perspectives, Calomel, WorldIP, HTTPS Everywhere, Web of Trust are just as useful. Many AV vendors also offer standalone browser extensions.

Choosing a secure authenticating DNS with DNSSEC capability is also something Linux users should do.
HOSTS files can protect all OSs from every kind of bad site if filled with the right IPs. This includes ads and trackers so you can add a base level of protection to all browsers used (useful for protecting dumb...*ahem*.. IE and Edge users).

In short, yes I think all Linux forums should have a security and privacy section.
Pretending the problems do not exist, or are not getting worse every day helps no one but hackers, and by the time disaster strikes they will not have any experience or knowledge.
Apple owners get the heat taken from them by the protection being done by the mother company. They are having their hand held, but other OSs don't have that.

Finally, and to put it very very bluntly.
Linux Mint is now a laughing-stock, and people are being told to stay the hell away due to shoddy security of the site and included software (I just tell people get the OEM distros without the CoDecs).
The TWiT channel is not doing you any favours by constantly reinforcing this any time people ask about leaving Windows.
This site needs to make a very loud and very public focus of security and privacy issues.
Yesterday if not sooner.

*EDIT*
http://arstechnica.com/security/2015/03 ... -weakness/
http://arstechnica.com/security/2015/08 ... avascript/
And now today
http://arstechnica.com/security/2016/03 ... rowhammer/

http://www.securityweek.com/vmware-patc ... s-vrealize
http://www.theregister.co.uk/2016/03/10 ... h_updates/

http://www.databreaches.net/private-tra ... e-exploit/

User avatar
Tomgin5
Level 5
Level 5
Posts: 762
Joined: Sat Mar 19, 2016 2:37 pm
Location: Beaverton, Oregon USA

Re: Security and Privacy Forum

Post by Tomgin5 » Fri Apr 22, 2016 1:15 pm

Amen to that Dr.Flay. Many of your posts are the basis of my going to LM17.3 cinnimon64. My browsing habits are changed as well. No more Google. No Chrome, No M$.

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Security and Privacy Forum

Post by Habitual » Fri Apr 22, 2016 3:52 pm

MishaSherpa wrote:I suggest that Linux Mint make a "Security and Privacy" section of the Board and pay attention to it, i.e., actively participate in answering questions.
How is the "Security and Privacy" section going to enhance the Desktop Experience
for the average user?
Rehash all the same things we've been preaching for 15 years?
Talk about Truecrypt?

LinuxMint is not responsible for my "Security and Privacy". I am.
Can you say that?

User avatar
Chiefahol
Level 4
Level 4
Posts: 473
Joined: Thu Jun 11, 2015 12:32 am

Re: Security and Privacy Forum

Post by Chiefahol » Fri Apr 22, 2016 7:45 pm

Habitual wrote:How is the "Security and Privacy" section going to enhance the Desktop Experience
for the average user?
If a user has a question on the topic, they would have a more appropriate place to put it. That's it really, more of a forum improvement then a desktop one TBH.
Rehash all the same things we've been preaching for 15 years?
Talk about Truecrypt?

LinuxMint is not responsible for my "Security and Privacy". I am.
Can you say that?
You can say that, plenty of times, in the new 'Security and Privacy' forum that most people want. :mrgreen:
Donate to your favourite distros!

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4123
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Security and Privacy Forum

Post by Fred Barclay » Fri Apr 22, 2016 7:48 pm

Yep, I'm afraid it's "back to business as usual" here.
Have we forgotten the pain of the hack already? :roll:
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Security and Privacy Forum

Post by Habitual » Fri Apr 22, 2016 8:19 pm

Dr.Flay wrote:This site needs to make a very loud and very public focus of security and privacy issues.
Yesterday if not sooner.
Just what the Doctor ordered!

I think Fred has a point.

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Security and Privacy Forum

Post by Habitual » Fri Apr 22, 2016 8:22 pm

Chiefahol wrote:If a user has a question on the topic, they would have a more appropriate place to put it. That's it really, more of a forum improvement then a desktop one TBH.
Organized insecurity?

User avatar
Chiefahol
Level 4
Level 4
Posts: 473
Joined: Thu Jun 11, 2015 12:32 am

Re: Security and Privacy Forum

Post by Chiefahol » Sat Apr 23, 2016 12:07 am

Habitual wrote:
Chiefahol wrote:If a user has a question on the topic, they would have a more appropriate place to put it. That's it really, more of a forum improvement then a desktop one TBH.
Organized insecurity?
I'm not quite sure what you mean? :oops:
Donate to your favourite distros!

Mohr
Level 2
Level 2
Posts: 69
Joined: Thu Nov 08, 2012 4:49 am

Re: Security and Privacy Forum

Post by Mohr » Sat Mar 10, 2018 4:13 pm

Did I miss anything?
No reaction during four years of discussion and uttering this wish from The Team?

User avatar
majpooper
Level 5
Level 5
Posts: 565
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Security and Privacy Forum

Post by majpooper » Sat Mar 10, 2018 4:48 pm

Most security and privacy remedies actually have little or nothing to do with the OS. How to protect yourself from DNS spoofing or DNS leaks, VPNs etc. Since if we have no problem discussing dogs, gender, football or whatever extraneous topic comes to someone's stream of consciousness, a section devoted to security and privacy does not seem superfluous. But I suppose including security and privacy with topics such as dogs, gender, football and so on is better than nothing.

Post Reply

Return to “Suggestions & New Ideas”