Monday, September 21, 2015

Apple devices massive attack

Recently I wrote here about security for end users, comparing Apple and Linux softwares with Microsoft Windo

Unfortunately, I have just learned that a massive attack is ongoing on several Apps for Apple's mobile devices (iPhone, iPad, etc).

I have read many technical news with their "weird" jargon. And here is, in simple words, what happened:

Software developers need XCode, a software tool provided by Apple itself. Many of them downloaded a Chinese version of the tool, instead of Apple's original version. So, the softwares built with these forfeit version of XCode are all compromised. Roughly, there may be something around 400-500 softwares compromised.

What damage can they cause?
According to BBC, "[...]the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information. It added they could also read and alter information in compromised devices' clipboards, which would potentially allow them to see logins copied to and from password management tools"

What can be done?
You should remove the App if it is one of the compromised. You can read here is a list of some of them, but this list is not complete. Good news: Apple is taking car of it for you! According to CNBC, "Apple said it was cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet". Bad news: Apple has not finished it's cleaning job.

Please, just do not go on installing any Apps just because the daughter of the distant cousin of the neighbor of your friend's dentist told you "it rocks"!!! It does not matter which device you have, you might be in for it.

Friday, September 18, 2015

How safe is your computer?

Ok, now I got REALLY disappointed  with this. The very know antivirus AVG has been recording users sites to make a commercial use of it.  And as you can read, AVG themselves said it!

For most of you, this may not mean too much. But if we think about it, what else could it send to somewhere else in the world? What takes me to the question: WHY do we MUST be antivirus-dependant?

Windows Weakness
If you have MS Windows installed on your computer, you just cannot avoid it. Even worse: you need it. MS Windows by itself cannot offer enough security against malwares. Microsoft has even released it's own AntiVirus (MS Defender), starting on Windows 7. But guess what: unuseful, as you can (and you should) read here.

So, what can you do? For a few of human beings, there is no way but keep under Windows insecurity. These guys work with software that only work in Windows.

But, take a look at what you do daily with your computer: Internet, Internet, Internet. Sometimes some text and spreadsheets. Are there alternatives? Hopefully, YES!

1) Apple computers!

You can be safer with an Apple computers. They are fancy, fast and MUCH safer than Windows. Okay, they had a serious breach in their own computers in 2013. But when you read about it, it was not exactly an Apple problem, but one of the most common components you can find around: Java.

Please, do not panic. First, you have been using Java for a long time, in your DVD player, in many modern cars, in internet bank security, etc. Yes, there was a problem, but solved. one day the rain will start right when there is no place for you to hide, no umbrella and after your time and resources on that wonderful hair stylist. There are things you cannot avoid!

Take a look at some opinions on this subect:
- ZDNET, 2014: "Sorry to say that Apple platforms are still more secure"
- CNET, 2010: CNET asked many security guys: Which one is safer?

2) Linux
Well, I probably am not the most adequate person to speak about it, because I just make strong use of it, for almost 90% of my needs. But, no antivirus! simply like that. Maybe because not so many people use it, because hackers (ugh, wrong word but everybody says that!!!) are not so interested, because it is completely different to operate (in the way I do).

If you MOSTLY use internet, you should try to focus on iPad/iPhone/Android. They are very uncomfortable to type a lot (like this text), but light and safer. Many claims that you need (you MUST) have an Antivirus. I would tell you: do not install what you do not need!!!

But if you like the comfort of a keyboard, and your main use is internet, you should give Linux a chance.

Read this article: If my mother-in-law can use Ubuntu Linux, everybody can!

Wednesday, June 24, 2015

Desktop Market Share - 2015

I have just found out this interesting statistics about desktop computers. And it tells me some more interesting possibilities:

- Apple Operating System is by far better than Windows in everything, everybody know this. But according to these statistics, it is the 5th most popular OS. Well, it is not that easy to work a "hackintosh", and Apple OS is originally installed on Apple computers ONLY, wich are MUCH more expensive than PCs, like this old I5 of mine.

- Windows XP is still under that heavy use? SERIOUSLY? Unless you pay MS for it, you will not have the security updates that you really need. And most people will definitively not pay for this. But, they are still using XP for activities like ... their bank account. This is insane, almost a financial suicide. But, I think that the word "security" is still not clear enough to people in general. Until something bad really happens.

- Okay, Linux definitively is not ready for desktops, although I've been using it for almost 10 years, and I DO CONSIDER it as the most affordable and safe option. But anyway, Linux market share has overcame the old Apple OS versions. No, it is not superior to these recently old Apple OS versions (not yet, and it will take a long time to happen). Apple users update their OS more frequently than Linux and Windows users, and older versions become less used very quickly. That's why Linux has "beaten" them.

This universe of desktops, will always be so difficult to be understood...

The full statistic link can be read here.

Saturday, June 20, 2015

Installing Java 8 in Ubuntu

I have another post here about how to do this. But it is outdated, and I decided to rewrite it.

There are more simple ways to have Java installed on your Linux. But I do prefer do make it step by step, in the command line. Let's suppose that we are installing version 8.45 of Java
  1. Download Java 8 JDK from Oracle. Accept it's License Agreement, and select jdk-8u45-linux-x64.tar.gz to be downloaded, if your system is 64bits or jdk-8u45-linux-i586.tar.gz if it is 32 bits.
    If you are in doubt about your system, you may confirm with the following command:

    uname -m

    If the answer is x86_64, you have a 64 bits Ubuntu. If the answer is  i686, you have a 32 bits Ubuntu.
  2. Create a variable jv that will point to the installation directory of Java. By downloading the jdk-8u45-linux-x64.tar.gz, we will have /usr/lib/jdk1.8.0_45 as the installation directory.
    We need to create another variable ub, that will point to the the system binaries.
    We do that with the following command:

    Not only copy and paste above lines.
    Update Java version in variable jv.
  3. I usually do not use the previous versions, so I do remove them Since I always install them in /usr/lib, I will remove them with the following command:
    sudo rm -rfv /usr/lib/jdk* /usr/lib/jvm/jdk*

    It is important to repeat to the novice: The command above wil permanently delete the contents of
     /usr/lib/ e /usr/lib/jvm/ that start with jdk. Be sure you do not have in there any other files or directories that may be deleted.
    In case you are not sure whether you may delete this files or not, just do not do it.
  4. Open the file you have downloaded from Oracle in /usr/lib/:

    sudo tar xf jdk-8u45-linux-x64.tar.gz -C /usr/lib/
  5. Update alternatives system with the binaries of this version of Java:

    sudo update-alternatives --install ${ub}/java java ${jv}/bin/java 1
    sudo update-alternatives --install ${ub}/jcontrol jcontrol ${jv}/bin/jcontrol 1
    sudo update-alternatives --install ${ub}/javac javac ${jv}/bin/javac 1
    sudo update-alternatives --install ${ub}/javaws javaws ${jv}/bin/javaws 1
    sudo update-alternatives --install ${ub}/keytool keytool ${jv}/jre/bin/keytool 1
    sudo update-alternatives --install ${ub}/pack200 pack200 ${jv}/jre/bin/pack200 1
    sudo update-alternatives --install ${ub}/rmid rmid ${jv}/jre/bin/rmid 1
    sudo update-alternatives --install ${ub}/rmiregistry rmiregistry ${jv}/jre/bin/rmiregistry 1
    sudo update-alternatives --install ${ub}/unpack200 unpack200 ${jv}/jre/bin/unpack200 1
    sudo update-alternatives --install ${ub}/servertool servertool ${jv}/jre/bin/servertool 1
    sudo update-alternatives --install ${ub}/tnameserv tnameserv ${jv}/jre/bin/tnameserv 1
    sudo update-alternatives --install ${ub}/jexec jexec ${jv}/jre/lib/jexec 1

    The following command only applies to 32 bits desktop systems:

    sudo update-alternatives --install /usr/lib/mozilla/plugins/ ${jv}/jre/lib/i386/ 1

    The following command only applies to 64 bits desktop systems:

    sudo update-alternatives --install /usr/lib/mozilla/plugins/ ${jv}/jre/lib/amd64/ 1
  6. In case of having more than one Java version installed, only one will be the default version. The following command will perform this action:

    for i in keytool jcontrol pack200 rmid rmiregistry unpack200 servertool tnameserv jexec java javac javaws; do sudo update-alternatives --config ${i}; echo; done

    The above instruction will list all available versions of each binary, if they exist. Choose those listed in step 2. If not, you will obviously have nothing to choose.
After that, we should test the installation to confirm that it is all ok:
java -version
javac -version
Now, we need to set the environment variables correctly. I adapted it from WikiHow. You must edit /etc/profile, adding the following lines by the end of it:
# Environment Java Variables defined IF Java is listed in "alternatives"
if [ -h /etc/alternatives/java ]; then
     a=$(/bin/ls -l /etc/alternatives/java | cut -d \> -f2|cut -d' ' -f2)
     export JAVA_HOME=${a%/bin/java}
     export PATH=${PATH}:${JAVA_HOME}/bin
After editing /etc/profile, we need to close this user section and open it again. Finally, to check it use the following commands:
You will have /usr/lib/jdk1.8.0_45 as answer, according to the version you installed.
echo $PATH
Will give you the whole PATH, and by the end the Java directory. On mine the answer was /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/lib/jdk1.8.0_45/bin

Most of this article was written after studying Ubuntu Documentation and resolving some problems on Tomcat7 instalation at a Ubuntu Server.

If you liked it, please write a comment or click on "+1" button.

And, we are back ...

After a long time with no addings, I will restart this as my notebook. I hope it helps many with their Linux struggles.