Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Re: Old USB Sticks - don't throw them away yet! (James Womack)
2. Re: Old USB Sticks - don't throw them away yet! (Sebastian)
3. Re: Old USB Sticks - don't throw them away yet!
(Roger Hill-Cottingham)
4. Re: Old USB Sticks - don't throw them away yet! (Sebastian)
5. This Saturday (Chris Simmons)
6. (no subject) (Chris Simmons)
----------------------------------------------------------------------
Message: 1
Date: Tue, 20 Aug 2013 17:25:11 +0100
From: James Womack <5inowsy1maiq@gmail.com>
To: "d.hockinbt" <d.hockin@btinternet.com>, Bristol and Bath Linux
User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] Old USB Sticks - don't throw them away yet!
Message-ID: <52139867.8040003@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 20/08/13 16:52, d.hockinbt wrote:
>
> Having 3 ISPs and multiple email aliases and happily using Outlook
> Express, I don't know of a linux email prog that can cope with that -
> can anyone advise, please?
>
Thunderbird should be more than capable of this. I have had, in the
past, up to 5 separate e-mail accounts, accessed through IMAP, all
running flawlessly on Thunderbird. I also have several aliases on my
Gmail account, which has never been an issue.
------------------------------
Message: 2
Date: Tue, 20 Aug 2013 17:27:37 +0100
From: Sebastian <sebsebseb_mageia@gmx.com>
To: "d.hockinbt" <d.hockin@btinternet.com>, Bristol and Bath Linux
User Group <bristol@mailman.lug.org.uk>, sebastian
<sebsebseb_mageia@gmx.com>
Subject: Re: [bristol] Old USB Sticks - don't throw them away yet!
Message-ID: <521398F9.4000804@gmx.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
On 20/08/13 16:52, d.hockinbt wrote:
> Why not persade more to install linux and dual boot NOW from LXF disks
> BEFORE XP is no longer supported, thus giving people a chance of
> getting accustomed to Linux early?
Yes that's a good idea :), but how are we going to get in contact with
interested people, who are willing to have help with this?
>
> My 3 current PCs all dual boot XP/XPro and Suse 10 or12.x . Once XP
> stops being supported, I'll just unplug the net connection whenever I
> want to use Photoshop CS4 on my desktop, or v.6 on the laptop and my
> late wife's desktop.
Yes indeed at that, if unplugging/disconnecting the Internet/network
connection Windows will be secure, except from malicious physical
computer access for example. Hence why for example sometimes I may
virtual machine XP still, even after it's gone end of life.
> As long as the viruscheck , firewall and malware progs still work, the
> lack of MS updates won't matter,
I disagree, and they don't all detect the same stuff. Plus anti virus
programs may not even remove viruses/rootkits etc properly, or if at all
in certain cases/situations. In fact really the only way to make sure a
OS is 100% clean that's been infected by something generally is to clean
install it. Or maybe someone has clean snapshots of the OS install for
example that they can go back to. Altough I suppose if the BIOS has been
infected by something as well, then things may change a bit. Also I know
how complicated it really is to make a stable enough to use Linux
distribution that is also kept secure enough, since getting involved
more properly with Mageia :), and so with Windows it's probably much
more complicated. I mean OS's are really complex things to try and keep
secure in general.
> and once those progs are no longer supported, then I'll just unplug
> the broadband plug if necessary!
>
> Having 3 ISPs
Three ISP's what really, why?
> and multiple email aliases and happily using Outlook Express,
Yes you really do use Outlook Express according to a Mozilla Thunderbird
add on that I use.
If you would like to help Windows users go to Linux, we are all open to
your suggestions :). If you would also like to help volunteer with an
install fest if we do one, your help would be appreciated as well :).
I think you bring up a good point, why wait until XP goes end of life,
why not do something now instead, indeed at that, but as I put earlier
got to get interested people some how, and that are willing for
something to be done with their computer.
Personally and it's got nothing to do with being a Mageia contributor
here and there as such, but rather the dates of things, I think we
should wait until the Mageia 4 release in February, and then arrange for
some kind of install fest or something properly hopefully, for before
the XP end of life in say March or the end of February. Ideally want to
switch many people over before the end of life of XP I think, and not
after. However more people going Linux after XP's end of life is good to
in my opinion :).
> I don't know of a linux email prog that can cope with that - can
> anyone advise, please?
>
> Dave, Posset.
Sebastian
> ----- Original Message ----- From: "Sebastian" <sebsebseb_mageia@gmx.com>
> To: "Bristol and Bath Linux User Group" <bristol@mailman.lug.org.uk>;
> "Sebastian" <sebsebseb_mageia@gmx.com>
> Sent: Tuesday, August 20, 2013 3:05 PM
> Subject: Re: [bristol] Old USB Sticks - don't throw them away yet!
>
>
>> On 20/08/13 13:57, Peter Hemmings wrote:
>>> Hi,
>>>
>>> In case we have some form of "Install Fest" next year, can I suggest
>>> that you keep any old sticks that could possibly be used.
>>>
>>> We have about 200 members, if only one in four has a spare would be
>>> enough for a reasonable event.
>>>
>>> With the absence of anything specific I thought we (or me) could at
>>> least just copy live OS's to 2 or 4 GB sticks, find a venue and
>>> advertise the event when support for XP finishes.
>>>
>>> I thought it would be a good time to think about a supply of sticks
>>> even for just a basic event!
>>>
>>> Regards
>>>
>> Yes sounds good :).
>>
>> Maybe I can come back from FOSDEM ( http://fosdem.org ) 2014 in
>> Brussels next year with quite a lot of Mageia 4 Live CD's etc to use
>> for an idea :), also what's nice about the Mageia 4 release is how
>> it's released before the XP end of life rather than after it like
>> Ubuntu and Mint for example. However what's also nice about it is how
>> it's going to be a FOSDEM 2014 release :):
>> http://meetbot.mageia.org/mageia-meeting/2013/mageia-meeting.2013-06-24-19.13.html
>> http://meetbot.mageia.org/mageia-meeting/2013/mageia-meeting.2013-06-24-19.13.log.html
>>
>>
>> On the subject of next year and this idea here are some relevant
>> dates and links :):
>>
>> Saturday 1st February 2014 Mageia 4 Final Release, with the release
>> being a FOSDEM 2014 release!:
>> https://wiki.mageia.org/en/Mageia_4_Development
>> https://blog.mageia.org/en/2013/07/22/mageia-4-already/
>>
>> The end of Microsoft's Windows XP SP3 and Office 2003 support Tuesday
>> April 8th 2014!:
>> http://www.microsoft.com/en-gb/windows/endofsupport.aspx
>>
>> Ubuntu 14.04 Long Term Support Release Thursday 24th April 2014.
>>
>> The Linux Mint version based on Ubuntu 14.04 probably May 2014.
>>
>> Of course the above dates may change.
>>
>> On the subject of USB sticks 50 or so card sized Mageia USB sticks
>> sold at the Mageia stand at FOSDEM this year. I didn't buy any
>> though, since didn't really know what was being sold until later, but
>> basically someone made their own card sized ones and sold them. Of
>> course with an install fest type idea we wouldn't be selling any
>> install USB's.
>>
>> By the way I hope you didn't mind me replying, I realise that was
>> more for other people, and are you coming along to this Saturday's
>> LUG meeting? :)
>>
>>
>> _______________________________________________
>> Bristol mailing list
>> Bristol@mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/bristol
>>
>
>
> _______________________________________________
> Bristol mailing list
> Bristol@mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
Message: 3
Date: Tue, 20 Aug 2013 17:31:08 +0100
From: Roger Hill-Cottingham <bblug@rogerh-c.demon.co.uk>
To: bristol@mailman.lug.org.uk
Cc: "d.hockinbt" <d.hockin@btinternet.com>
Subject: Re: [bristol] Old USB Sticks - don't throw them away yet!
Message-ID: <20130820173108.6b7e2dc8@tesla>
Content-Type: text/plain; charset=US-ASCII
On Tue, 20 Aug 2013 16:52:30 +0100
d.hockinbt <d.hockin@btinternet.com> wrote:
<snip>
> Having 3 ISPs and multiple email aliases and happily using Outlook
> Express, I don't know of a linux email prog that can cope with that -
> can anyone advise, please?
>
> Dave, Posset.
Claws-Mail allows you to set up any number of email sources, and any
number of email aliases, and allows you to filter incoming mail based
on anything in the headers to sort it into relevant
directories. Useful if like me you have an ISP that allows you to
choose any number of email addresses.
Roger.
------------------------------
Message: 4
Date: Tue, 20 Aug 2013 17:53:13 +0100
From: Sebastian <sebsebseb_mageia@gmx.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>,
Sebastian <sebsebseb_mageia@gmx.com>
Subject: Re: [bristol] Old USB Sticks - don't throw them away yet!
Message-ID: <52139EF9.5010808@gmx.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
On 20/08/13 17:06, Martin wrote:
> On Tue, 2013-08-20 at 16:52 +0100, d.hockinbt wrote:
>> Why not persade more to install linux and dual boot NOW from LXF disks
>> BEFORE XP is no longer supported, thus giving people a chance of getting
>> accustomed to Linux early?
> Perhaps a personal perspective but I've found that most dual boot
> systems are almost always used with one of the OSs. Although switching
> between them is possible, I've found people rarely do.
>
>
Yes indeed at that, or in some cases they don't like one of the OS's as
in the Linux distro being set the default. However this would be people
who were willing to put a Linux distro on their computer with help, and
as part of that we should educate more about the risks of using a
insecure XP online, but also basic Linux usage etc I think :), and show
them how to get online support as well :), for this idea. Then it should
be ok :), and yes the Linux distro should be the default boot :).
In some cases people may even want only one OS on their computer, but I
think XP should be kept there even though it's going to be unsupported
online. Sometimes having Windows around on a computer still can be
useful to test hardware or run some program that doesn't work with the
Linux distro for example.
Sebastian
------------------------------
Message: 5
Date: Tue, 20 Aug 2013 18:26:39 +0100
From: Chris Simmons <cityofbristol@gmail.com>
To: bristol@mailman.lug.org.uk
Subject: [bristol] This Saturday
Message-ID:
<CAGMFrA5NBvHRGcF_fOpfspkHAvc7Z+NDBR3LV0eLBNVb8hqWiA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I am still hopeful about attending a BBLUG meeting
before too long - if I can sort transport I'll be there -
as long as the ale selection is accepted by my
pathetic attempt at a beard ;)
Chris
------------------------------
Message: 6
Date: Tue, 20 Aug 2013 18:30:40 +0100
From: Chris Simmons <cityofbristol@gmail.com>
To: bristol@mailman.lug.org.uk
Subject: [bristol] (no subject)
Message-ID:
<CAGMFrA7Gw=aK-6pSyNiURepjFkns_z738tfZskbkWqVLX5Eu9Q@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252
You've probably seen this already, but...
http://www.techrepublic.com/blog/linux-and-open-source/hand-of-thief-
malware-could-be-dangerous-if-you-install-it/?ftag=TRE475558a&s_cid
=e011&tag=nl.e011&ttag=e011
This past week marked one of the first times I've seen the media actually
present a real "warning" to Linux users. That warning was about the new
?Hand of Thief? trojan that targets Linux desktop systems to steal bank
account information. What this trojan does is use a form grabber to
steal login credentials of those using Internet banking. The trojan captures
the URL, username, password, and timestamp of when you logged in. Once
the information is captured, it's sent to a control server and then sold.
The Hand of Thief trojan is rumored to work on 15 different Linux distributions
(including Ubuntu, Fedora, and Debian) and attacks all common web browsers.
The stolen information is currently being sold in closed cybercrime
communities for $2,000.00 (USD), and that price includes free updates.
What does this mean? First and foremost, it means that Linux has grown
enough to garner the attention of such malware/virus writers. That's a
rather backhanded compliment, at best, but it does mean that Linux desktop
growth cannot be denied. However, there's a far more serious issue here --
one of application vetting. This applies to distributions that offer
a single point
of entry for application installation, such as Ubuntu Software
Center, Synaptic,
yum, apt-get... actually, just about any Linux distribution. The good news?
Distributions like Ubuntu actually do review all packages that are submitted.
So, if someone attempts to submit a package with the Hand of Thief trojan,
ready to wreck havoc on unsuspecting users machines, they'll catch it and
the submitted user will be reported.
But...
There are plenty of instances out there (this is especially true of Ubuntu),
where you can simply add a PPA to apt-get and install an application without
benefiting from the vetting process. This means that anyone can roll up an
appealing software application (complete with Hand of Thief), create a
repository, and trick people into installing the trojan. The caveat is that
most Linux users are far more savvy than to just install random packages.
Or are they?
The Linux community has finally reached a point where caution will have to
be applied. Once upon a time, I would randomly add a repository, based
on a need I had, and install it with little thought to the consequences of what
could happen. That time has long since passed. Now, if a package isn't
found in the official repositories (or a known, safe, repository), I will not
install said package. There are exceptions, of course. If I need to install a
package from source, and I know the source is safe, I'll install. Outside of
that, no way.
I've been using Linux for a long, long time. I never thought I'd see the day
when I had to actually warn users of trojans such as Hand of Thief, but here
we are. Of course, main distributions have the means to help protect you
from such attacks (SELinux, repository/package signing, firewalls, etc),
but that doesn't mean you can just blindly continue on as you always have.
It's time to start being a bit more vigilant about how you use your Linux
desktop. Here are some suggestions:
Do not install unsigned packages
Do not add unofficial repositories without investigating said repository
Keep your system up to date at all times
Keep all browser plugins up to date
If your distribution has SELinux, use it
Do not let others install software on your machines
Use solid passwords
If asked to enter root user (or sudo) password, always know why
The good news is that Hand of Thief must have the root (or sudo) password in
order to install. If you don't enter the password, it can't add itself
to your machine.
That's the plus side... for now. It's only a matter of time, however, before
someone figures out a way to get something as sinister as HoT onto your
machine without you knowing it. I've said this before, and I'll say it again,
any machine that's plugged into a network connection is vulnerable --
Windows, Mac, and even Linux.
That doesn't mean you need to unplug your machine and give up. At the moment,
the only way HoT can get on a machine is either through social engineering or
?SUT? (Stupid User Tricks). If you stick with your distribution's
official repositories
and keep your machine up to date, you should be okay. There's no need to
panic, just use a bit of common sense and care.
As the Linux desktop continues to grow in popularity, so will the number of
attempts to bring it down. Hand of Thief isn't the first trojan to attack Linux,
and it won't be the last. But like all previous attempts at cracking through
the Linux desktop security systems, unless the root/sudo password is
given for installation, that trojan will have a tough time worming its way
into your machine.
------------------------------
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
End of Bristol Digest, Vol 513, Issue 5
***************************************
Tidak ada komentar:
Posting Komentar