On Jan 30, 2010 the Freenode IRC network finally activated SSL support. This is something that many have long been waiting for, and I’m glad to finally see it! I have been an IRC user for some years now, the majority of which has been specific to the Freenode network. Historically all data passed to the Freenode network, including username, password and chat messages have been done in the clear. This no longer has to be the case as SSL client support is now available.

With internet technology, and the rise of cloud computing, SSL is becoming more important than ever. Corporations usually have it as a standard to secure their networks with VPN, with solutions seen in ATT virtual private nets. VPN and use of Proxies can enhance online security and is also available for consumer use.

In this article I will outline how to configure your IRC client to connect to the Freenode IRC network using SSL client encryption. This article includes instructions for Irssi, Empathy and Pidgin.

Access Freenode via SSL – Irssi

This section outlines how to configure irssi, the command-line IRC client, to connect to freenode via SSL secure connection.

First, you’ll need to ensure you have an updated list of CA root certificates. This can be done by verifying you have the following package installed:

sudo aptitude install ca-certificates

It is likely that this is already installed, but it won’t cause any problems to attempt installation just to make sure.

Once you’ve verified that you have the latest CA root certificates you can connect to Freenode via SSL using the following command:

/connect -ssl_verify -ssl_capath /etc/ssl/certs chat.freenode.net 7000

If you’d like to automatically connect to freenode each time you launch irssi, use the following:

/network add -nick <nick> -realname <realname> freenode

/server add -auto -ssl_verify -ssl_capath /etc/ssl/certs -network freenode chat.freenode.net 7000

/save

Access Freenode via SSL – Empathy (IDLE)

This section outlines how to configure Empathy, the default messaging client in Ubuntu 9.10+, to connect to freenode via SSL secure connection.

You’ll need to verify that you have an updated list of CA root certificates. This can be done by verifying you have the following package installed:

sudo aptitude install ca-certificates

Once you’ve verified that you have the latest CA root certificates, you’ll also need to verify your Empathy configuration. Below is a screenshot for the FreeNode configuration in Empathy. Ensure yours matches the port and SSL activation.

Empathy FreeNode configuration

Access Freenode via SSL – Pidgin

This section outlines how to configure Pidgin, the default messaging client in older Ubuntu releases, to connect to freenode via SSL secure connection.

You’ll need to verify that you have an updated list of CA root certificates. This can be done by verifying  you have the following package installed:

sudo aptitude install ca-certificates

Once you’ve verified that you have the latest CA root certificates you’ll also need to verify your Pidgin configuration. Below is a screenshot for the IRC configuration in Pidgin. Ensure yours matches by modifying your account.

On the “Basic” tab, the default Server: entry will likely be “irc.ubuntu.com”. Unless you change this to “chat.freenode.net”, you’ll get a warning about not being able to verify the certificate.

Pidgin Basic Configuration

Next, navigate to the Advanced tab. On this tab you’ll need to change the Port: to 7000 and activate the checkbox for “Use SSL”. When you are finished, save your changes

Pidgin Advanced Configuration

Conclusion

Encrypted connections via SSL are important for network security, particularly in the situation where usernames and passwords are being transfered. As end-users we should be aware of improved security options available to us, such as encrypted network connections. If you are an IRC user and haven’t yet made the switch to SSL enabled connections, I’d invite you to take a minute and do so now.

The following security announcement applies to fuse-utils. If you have fuse-utils installed, please see below for details on the vulnerability and instructions on patching your system:

Ronald Volgers discovered that FUSE did not correctly check mount
locations.  A local attacker, with access to use FUSE, could unmount
arbitrary locations, leading to a denial of service.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

The following security announcement applies to smbfs. If you have smbfs installed, please see below for details on the vulnerability and instructions on patching your system:

Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

The following security announcement applies to lintian. If you have lintian installed, please see below for details on the vulnerability and instructions on patching your system:

It was discovered that lintian did not correctly validate certain
filenames when processing input.  If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

Recently I published a short article outlining how to install the latest Firefox Web Browser manually, alongside your existing Firefox installation. In this article I will outline how to install the latest stable Firefox release by making use of the Mozilla Team PPA.

This Personal Package Archive (PPA) provides the latest stable releases for Firefox, unlike a previously available solution which was the Mozilla Daily PPA, which provided the latest daily builds. If you are looking for the latest stable release of Mozilla Firefox, this article will outline how to configure the PPA in order to install the required package(s).

Requirements

Installing the latest stable release of the Mozilla Firefox web browser requires the addition of a Personal Package Archive (PPA). Configuring and activating this PPA on your system can be done by simply pasting the following command into your Terminal (Applications > Accessories > Terminal):

sudo add-apt-repository ppa:mozillateam/firefox-stable

Installation

Once you have the Personal Package Archive (PPA) configured, you can install the latest stable release of Mozilla Firefox by pasting the following two commands into your Terminal (Applications > Accessories > Terminal):

sudo aptitude update
sudo aptitude install firefox firefox-3.6 firefox-3.6-branding firefox-gnome-support

Troubleshooting

If you have issues with the latest stable version of Firefox, feel free to drop by the Ubuntu Tutorials forum thread and discuss solutions.

The following security announcement applies to dhcp-client. If you have dhcp-client installed, please see below for details on the vulnerability and instructions on patching your system:

USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to
fix the vulnerability was not properly applied on Ubuntu 8.10 and higher.
Even with the patch improperly applied, the default compiler options
reduced the vulnerability to a denial of service. Additionally, in Ubuntu
9.04 and higher, users were also protected by the AppArmor dhclient3
profile. This update fixes the problem.

Original advisory details:

It was discovered that the DHCP client as included in dhcp3 did not verify
the length of certain option fields when processing a response from an IPv4
dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a
malicious dhcp server, a remote attacker could cause a denial of service or
execute arbitrary code as the user invoking the program, typically the
‘dhcp’ user. For users running Ubuntu 8.10 or 9.04, a remote attacker
should only be able to cause a denial of service in the DHCP client. In
Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3
profile.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart any DHCP network connections utilizing dhclient3 to effect the necessary changes.

Those of you that follow the Ubuntu development mailing lists may have already come across this news, but it has been announced that Ubuntu will change the default search provider in Firefox from Google to Yahoo!. This is based on a revenue sharing agreement between Canonical and Yahoo!, allowing Canonical to continue to support the infrastructure required to continue to develop the distribution.

With this change, whatever your search bar default is will also match your default start page. If your search default is Google, your start page will be Google. If it is set to Yahoo!, your start page will also be Yahoo!.

Personally, I like the idea of Canonical continuing in its goal of becoming a profitable, successful business. More money for Canonical means more developers, which means continued improvements and stability.

On the other hand, it has been years since I’ve used anything other than Google for web searches. It think it would feel very foreign to use something else.

Perhaps I’ll change my default search to Yahoo! for the rest of the week, just to see what the change will be like.

What do you think about this change? Will you change your default search back to Google? Stick with Yahoo! and help support Canonical? Use a different browser altogether?

The following security announcement applies to Python. If you have Python installed, please see below for details on the vulnerability and instructions on patching your system:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.

Original advisory details:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart any applications that use PyXML to effect the necessary changes.

I’ve been using the Shiki theme (Shiki-Brave) for some time now. You may recall that I wrote about it in My Ubuntu Look and Feel as well as How To Install Shiki-Colors Theme in Ubuntu. After seeing some recent posts on other blogs regarding some of the potential themes for Ubuntu 10.04 “Lucid”, I’ve got the urge to try something new.

So, I this is my question for all of you readers out there, and don’t be shy about linking to screenshots:

What is the best GNOME Desktop theme?

Fresh on the heels of my article outlining How to Install the Latest Firefox Web Browser, this article outlines how to install the Opera Web Browser on Ubuntu.  I will outline how to configure the repository to subscribe to Opera Web Browser updates, install the required packages, and more.

Requirements

Installing the Opera Web Browser using these steps requires that you subscribe to the official Opera Debian repository. This repository will ensure that you are kept up to date with the latest releases as well as security updates. To configure and activate the Opera repository, add the following line to your /etc/apt/sources.list file:

deb http://deb.opera.com/opera/ stable non-free

You’ll also want to import the GPG package signing key, to verify the downloaded packages. Importing the key can be done using the following command:

wget -O - http://deb.opera.com/archive.key | sudo apt-key add -

sudo aptitude update

Installation

Now that you have the Opera repository configured, you can install the latest Opera Web Browser package. Opera provides both 32bit and 64bit releases by way of their official repository. Install the correct architecture for your system using the following commands: (or click the linked package name)

sudo aptitude install opera

Once the package installation is finished you should have a new entry in your Applications menu. Opera Web Browser should be listed under Applications > Internet > Opera.

Troubleshooting

There have been reported issues in the past about Opera Web Browser on Ubuntu loading pages very slowly. If this is the case for you, it may help do Disable ipv6 on your Ubuntu system.

While this and other issues have not been reported by all users, you may be unlucky enough to run into issues. There are additional troubleshooting suggestions on the Ubuntu Opera Troubleshooting Wiki page