IBM was represented at AusCERT this year, and they gave away complimentary USB flash drives at their booth.  However, IBM released pre-installed malware on their flash drives by accident at the conference.  That's an amazing achievement right there, accidentally setting malware free at a computer security conference.  Whoops.

The Mozilla folks have a Plugin Check service, to make sure your Web browser plug-ins are up to date.  Although designed for the Mozilla family of browsers (Firefox, Seamonkey, and Camino), rumor has it that it works on Opera, Safari, Chrome, and even IE 8.

Following up on the Useful UNIX-Linux Commands journal I wrote a while ago, I found lists of 10 mistakes Linux newbies make and 10 mistakes new Linux sysadmins make.  They are:

Mistakes Linux newbies make:

• Assuming Linux is Windows, just because it has a mouse-driven desktop.  The driving philosophies are very different, and it shows if you try to do things the Windows way on Linux or vice versa.
• Trying to run Windows EXE files on Linux.  You can't, unless you install either Wine or a virtual machine first, and even then it's not the same or may not work at all.  Windows and Linux are very different operating systems, and programs compiled for one operating system is lucky if another operating system can make heads or tails of them.
• Choosing the wrong distro.  Linux isn't a system per se, but a family of exceedingly diverse systems using the Linux kernel.  Choose wisely according to your needs, or you'll only disappoint yourself.
• Not finding software.  There's plenty of Linux software to be had, dozens of thousands of programs, but they're not distributed in Windows-style download-and-run programs.  Nearly everything you'll ever need as far as Linux software goes is managed by the system's package manager, so that everything's kept neat, tidy, and (most of all) up to date.  No hunting for downloads, no fuss, no mess.
• Sending OpenOffice.org documents to Microsoft Office users.  Microsoft still won't play nice with others, and users of Microsoft Office still can't read OpenOffice.org documents.  (Heck, Microsoft don't even play nice with themselves, as any Microsoft Office 2003 user receiving a Microsoft Office 2007 document quickly finds out.)  If you still need to deal with Microsoft Office users, save your documents as Microsoft Office documents.
• Avoiding the command line.  Linux shells aren't wimpy MS-DOS prompts, and they're not as hard to use.  The Linux command line isn't as necessary as it once was, and on some distros it's not even necessary at all, but it's still an incredibly powerful time-saving tool.
• Giving up too quickly.  Not all change is good, yes, but not all change is bad, either.  Certainly not just because it's different.
• Thinking in Windows drive hierarchies instead of the Linux filesystem hierarchy.  Windows inherits the old CP/M legacy of everything being stored on cryptic and inflexible drive letters.  Linux inherits the UNIX legacy of everything being ordered into sensible directory structures.  Your home directory is "/home/your-user-name/", not "C:\Documents and Settings\Valued OEM System Owner\My Documents\", and your documents aren't scattered all over the place or poured out all over your desktop in a huge cluster.
• Skipping updates.  Don't.  The updates are for everything you use, not just the core OS, and they're bug fixes and feature enhancements as well as security updates.
• Logging in as root.  Don't.  Ever.  Ever!  Everything you'll ever need to do that needs superuser privileges can be done from the safety and convenience of your ordinary user account, thanks to su, sudo, gksu, and kdesu.  Unlike Windows, where you practically have to run as an administrator all the time, you never need to log in as root, and you can expect a very stern lecture if you do so even once.
• Losing windows in the pager.  Most Linux desktops (those based on the X Window System) use virtual desktops which you can select with a pager.  That way, you can organize your open windows into desktops, each dedicated to what you want to do, and not have to have everything cluttered on the same screen.  Such things are branded as a geek's power toys in Windows but come standard in Linux.
• Ignoring security.  Linux is not secure.  Linux is more secure than Windows, but that's it.  More doesn't mean totally.  And Linux is a target.  Don't neglect security just because it's Linux.

Mistakes new Linux sysadmins make:

• Installing packages from radically different sources.  If your distro has a package manager, use it.  If the package you need isn't in the repository, learn how to add it properly.  Don't mix and match sources, or you'll risk your package manager breaking the packages it doesn't know about.  It's not a matter of if, but when.
• Neglecting updates.  Sure, you need to run updates through more scrutiny on server and workstation systems than you do on home systems, but that's not an excuse for letting your systems get out of date.  Don't rush headlong into untested updates, but don't neglect them, either, lest you make your systems the targets of exploits everyone has patched but you.
• Choosing a bad password for root.  The superuser password is the master key to the kingdom.  Root login should be disabled completely on sensibly-configured systems, and root's password should be so strong that no one can guess it.  Learn what makes a good, strong password, write it down on its own card, and file that card away in a secure vault.  On systems with sudoers configured, not even the most senior sysadmin ever needs to have access to the root password, so make sure no one else can find it by making the mistake of setting a bad password.
• Avoiding the command line.  Few sysadmins ever need to memorize more than a small handful of commands, and the system makes finding commands reasonably easy.  GUI tools are okay, but relying on GUI tools is the Windows way, not the Linux way.
• Excessive kernels.  Any Linux system needs only the two or so newest working kernels installed, not a dozen.
• Not backing up critical configuration files.  Always make a backup before editing configuration files, and always keep regular backup copies just in case updates trash them.
• Booting a server to X.  No server needs the overhead of the X Window System without a very good reason.  If you can't find a good enough reason, make sure the server boots to a runlevel not booting to X.
• Logging in as root.  Any sysadmin who does needs a very good reason and a very clear understanding of the risks.  Any sysadmin who does as a matter of course should be publicly flogged.
• Ignoring log files.  They're all kept in /var/log for easy finding and reading.  They're the first things to turn to when anything unusual happens, or when anything that should happen doesn't.

So how do you create good, strong passwords?  You could use a password generator such as GRC's password generator.  The longer and more random it is, the more secure it tends to be.  But random passwords aren't memorable, so how do you check the strength of your passwords?  Microsoft have a password checker that can report the general strength of your password as you type.