Security sub forum?

Interesting link Peter, I will add that to the thread!. :smiley:

Safe computing or security basically amount to the same thing but I understand what you mean!. :smiley:

1 Like

I’ll attempt to find Spanish and Portuguese sites similar to us-cert.gov also … maybe there’s a German site similar also.

Jawohl!:

https://www.bsi-fuer-buerger.de/BSIFB/DE/Home/home_node.html

1 Like

We will have to get @lah7 to make it a Wiki so you can edit and add things too!. :smiley:

1 Like

This is also a great step in addressing multi language / culture

1 Like

Now a wiki post to contribute edits:

3 Likes

Having a security section would certainly keep things “neat” on the forum so this information isn’t scattered about in uncategorized.

2 Likes

Is it?, are the computer viruses in your country more cultured Peter?. :smiley:

1 Like

To conclude, I did ask @Wimpy and have been informed:

Security issues should be communicated via private Launchpad issues. I have access to the Canonical security team, and Launchpad is the responsible way to report issues. I’ve handled several security issues via LP already.

I like your intentions @pfeiffep and can understand your focus on educating users to be more secure, but I agree with @wolfman and @alpinejohn on this one that a dedicated category isn’t required.

Instead, you may wish to consider creating topics in the Tutorials & Guides section and clearly label the start as [Security] so this is apparent in topic listings.

Examples:

  • [Security] Which ports should you open in the Firewall?
  • [Security] How to encrypt your home folder.
  • [Security] How to pick a strong password.

For the last one, I have a command great for generating random strong passwords, just add this to ~/.bash_aliases and type genpwd the next time you open a terminal:

genpwd(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;}

What we also wouldn’t want to is new users thinking they should report or share unresolved security issues in the wild.

3 Likes

I think this is a super solution to identifying and posting timely pertinent information wrt security and safe computing.

So what is to become of the “wiki” suggested by @wolfman? Will it be available for me to edit - ie add information such as links to Spanish language similar to US-CERT.gov? Or possibly you’d rather not co-mingle the multi language effort?

I totally agree that sharing unresolved vulnerabilities is not a good idea and as a matter of fact should be prohibited. Of course such vulnerabilities should be reported to US-CERT and the software “owner”.

For passwords I use LastPass which provided an automated method for generating secure passwords with the additional benefit that one doesn’t have to remember or type them in :wink:

I don’t know, but I do like Quark !

1 Like

A wiki post means that any other member (with trust level 1) is permitted to edit the post. :pencil:

If you find any security websites for other regions, you can add them if you wish. It should still be primarily English until we have dedicated multilingual categories (depending on feedback!) which would be better for localized topics about security.

2 Likes

I think there is a misunderstanding as we all seem to have different concepts in mind when talking about security. I agree with @lah7 and @Wimpy on this:

These kind of security-related issues are indeed very technical and do not need a separate category in the forum. What I believe, however, @pfeiffep had in mind is a category that deals specifically with questions that are not necessarily related to identifying and fixing security issues with Ubuntu MATE, but more practical kind of advice any new user of this distribution will sooner or later come across. I would even extend his proposal to start an entirely new category named Security & Privacy or better Internet Literacy & Safe Computing. A list of questions that would fit in:

  1. How to install an anti-virus program on Ubuntu MATE?

  2. What is the difference between privacy and anonymity and what tools can I use to decrease my data track on the web?

  3. How to properly configure the Tor Browser bundle in areas affected by censorship?

  4. How to configure a VPN on Ubuntu MATE and why is that necessary when using public Wifi hotspots? What are the problems related to VPNs and how to choose a commercial one that you trust?

  5. How to encrypt and decrypt a PDF file for someone who is not familiar with encrypted communication?

  6. What e-mail providers do you consider privacy-friendly and safe to use? How to encrypt your e-mails?

  7. How to encrypt your chat and video communications and what programs to use?

  8. What webhost do you recommend that is secure and privacy-conscious?

  9. How to switch your website from http to https?

  10. In what sense is security related to free software and what are the problems with proprietary software?

Many of these questions may not necessarily be related to Ubuntu MATE (they are when it comes to configuring programs or installing them) but I believe are part of a general internet literacy. If you find Security to be too narrow or specific, I propose to extend it to Security, Privacy, Anonymity or better even Internet Literacy & Safe Computing to pick up the last suggestion from @pfeiffep. I believe this would again distinguish this already outstanding forum and help increase Ubuntu MATE user adoption.

2 Likes

I agree. I find this topic to be too important to neglect it or even sub-categorize it.

Internet Literacy and Safe Computing as its own category would work for this. I wonder why it shouldn’t all be considered its own category, instead of being an unfettered mess that’ll sprawl across various categories here.

The long and short of it is; security is a continually ongoing issue: New scams, vulns and cautionary tales of stupidity crop up on a daily basis, and it makes no sense why this topic should be marginalized to We don’t need that.

I could see a lot of topics about VM configurations to counter and research Linux malware, improving security with encrypted remote sessions and cool things you can do with firejail and iptables appearing in such a category. I barely have any experience in it, though just showing we have security discussion of some description would certainly be telling of Ubuntu MATE as a “Grown-up” community not under the precept of We’re Linux, so we have nothing to worry about when the looming spectre of Linux malware is always overlooking us, waiting for a way in.

3 Likes

Recently, both Linux Mint and Manjaro Linux had security issues to deal with. And while this can happen to any distro, it is interesting how their communities react (see here and here) and it seems to me that security issues are timeless, no matter whether they are related to the distro itself, the website, the forum or about acquiring basic internet literacy and safe computing skills. I believe the time is right to start this. Such a category would also provide an additional place for Ubuntu MATE users to ask these kind of questions when in doubt. What do you think @Glenn and @wolfman?

Hi @maro,

firstly, inspired by @pfeiffep, I drafted this guide:

Having read through the links you posted above, I came across this extensive article (guide) which is also worth including in any security guide:

As for having a standalone section for security, well that is up to the forum administrators, I am sure that if they deem it necessary; they will include such a section!.

Be alert and trust no one and you will live longer!. :smiley:

Perhaps the security forum idea on this site can be satiated by Ubuntu’s Security Forum

@Glenn points out … “influx of new Linux users posting on UM’s forums”
@alpinejohn states … “Lets think about the subject and the audience.”
@wolfman thinks … “wise to have a security advisory guide” & “I don’t think it warrants its own section”
@tiox states … "Having a security section would certainly keep things “neat” "
@maro thinks … “I find this topic to be too important to neglect it or even sub-categorize it”

Quite possibly the name itself needs refinement - perhaps Safe Computing for MATE as a general heading.

My idea is to educate … it’s much better to be proactive than reactive. To quote a famous clothier, Sy Syms, who coined this as the company slogan

“An Educated Consumer is our Best Customer”.

I suggest we adopt this sentiment!

1 Like

Hallo

The problems are mainly:

  • unpatched systems (check for updates daily)
  • USB flash drives (never trust a USB-drive that isn’t yours)
  • fishing and spear-fishing targeted attacks via email (these are becoming more and more refined)
  • drive-by attacks from websites that have had malware placed on them
  • the user
  • using the same password for more than one login (always use different passwords!)

Advice to users without technical knowledge or interest - the internet is not a toy, think of it as a narrow alley in a large city. During the day it’s a nice place to be full of friendly people, pick-pockets, stalls selling all sorts of things etc. At night, when the nice people have gone home, you would have to think twice before turning off the well lit main street and venturing down that dimly lit alley. Please don’t “just click on anything”, before you cross the road you look to see if it is safe to do so - before you click on something on a website think about what you’re doing - just for a moment - before you do it.

  • If you’re using a notebook please remember to change the firewall settings when you leave your home and go to a public “wifi-hotspot”.

This is not meant to be rude, ask any IT security professional, the points I’ve covered above are the “big” ones. If we all got those right, security would be better than it is now. A little paranoia is appropriate. :sunglasses:

2 Likes

I think such a category should not only be limited to showing users how to make their system more secure but to raise awareness that security is very often a political buzzword at the expense of something even more fundamental: privacy.

It is not only important that software and distributions such as Ubuntu MATE are easy to use (because if they aren’t they are not adopted at all or users stay vulnerable because they lack safe computing skills to manually tweak their system and software) but that they favour privacy by design (Ubuntu in general has lost a lot of credibility here). A new Privacy & Security category could further help to restore it.

Another tentative name for such a category: Digital Literacy for Privacy & Security or simply Digital Literacy with sub-categories security, privacy, anonymity, encryption, etc.

I can also see that adding a new category like this to the forum is a potentially big step and as such it is perhaps related to whether the Ubuntu MATE leaders and developers want to add a distinctive privacy & security focus to the distro profile? I think it will further increase user adoption because many new users (such as myself) migrating from Windows and Mac OS systems are looking for precisely that: increased privacy and security.

1 Like