Linux 220.127.116.11 has been released, which fixes two locally exploitable security issues. Another similar bug has been fixed recently by 18.104.22.168.
Every Linux box with local users should be upgraded ASAP. My laptop is already compiling away happily (although I'm the only one who has an account on it of course, but you never know)...
As some of you might have noticed, I started to sign all my emails with my GPG key a few days ago. I knew for quite a while that this is a good practice, but I just didn't get around to actually do it. Until now.
So... if you should receive any funny email from "me" somewhen and it's not signed, it's most probably not an email from me but either someone trying to fuck with me, spam, a virus, a trojan, a phishing mail or any other scum you can imagine.
Is it time to worry when security professionals consider you too paranoid?
I consider myself quite security-aware (or paranoid, as you like), too, but some of Mark Burnett's measures are really quite extreme. For example:
I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them smart cards. [...] I don't just throw out shredded documents; I spread the shredded bits into my garden to use as mulch.
However, I really agree with him on this issue: "There's no need to analyze the threat of every situation. Just practice strong security always and you should be okay". I couldn't have said this any better.
Professor Jasper Rine from the Department of Molecular & Cell Biology at the University of California at Berkeley had some interesting words for the guy who stole his laptop recently. At the end of a lecture, which was recorded and is now — thanks to Boing Boing — available in many formats (Real, Quicktime and MP3), he told the guy (who was presumely in the class and was apparently after the exam data) what consequences he is about to face.
There's a text transcript of the last part of the lecture, which (among other stuff) says:
I am tied up all this afternoon; I am out of town all of next week. You have until 11:55 to return the computer, and whatever copies you've made, to my office, because I'm the only hope you've got of staying out of deeper trouble than you or any student I've ever known has ever been in.
There's lots of discussion going on right now about this. One reader of Joe Grossberg's blog is a bit sceptic (to say the least) that all of what the prof said is true, but still, I'm sure this scared the shit out of the guy who stole the laptop...
(via Boing Boing)