Linux admins rarely deal with one fixed system anymore. A single environment may include public-facing web apps, internal services, containers, cloud workloads, code repositories, and third-party packages pulled into production. That mix creates more...
When it comes to securing your Linux system -- or any other system, for that matter -- the first step is to set up a security policy, a set of guidelines that state what you enable users (as well as visitors over the Internet) to do on your Linux system. The level of security you establish depends on how you use the system -- and on how much is at risk if someone gains unauthorized access to it.
Tom Espiner surveys the security landscape for the shape of things to come.
When my editor asked me to predict what would happen to security over the coming year, and over the next 10 years, my heart sank. The permanency of internet publishing, caching and so forth means predictions have a habit of coming back to haunt you.
Great summary of the best free (as in speech and beer) applications of 2009, including TrueCrypt Free open-source disk encryption (real-time on-the-fly encryption) software for Windows, Mac OS X, and Linux (for Linux I prefer native disk encryption). From the wikipedia:
It can create a virtual encrypted disk within a file or a device-hosted encrypted volume on either an individual partition or an entire storage device. It supports Microsoft Windows, Mac OS X and Linux (using FUSE) and encrypted volumes can be made portable. The version for Windows Vista or XP can encrypt the boot partition or entire boot drive and has the ability to create and run a hidden encrypted operating system whose existence is deniable.
Like computers themselves, the Cyber Challenge is simple on the outside and complicated on the inside. The first round of the game began in June, and winners of the earlier games were brought to Washington to compete in NetWars.
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines. Vulnerabilities exist for virtually every vendor, every week. Check this newsletter to be sure your distribution is secure.
Stats from the one billion spam messages blocked by Project Honey Pot over the last five years provide an insight into junk mail trends and spamming practices.
The Honey Pot project was formed by a community of web administrators as an alliance against online fraud and abuse back in 2004. The group now numbers 40,000 members in 170 countries, making it the biggest effort of its kind on the web.
While Windows has more security problem than a barn dog has fleas, Linux isn't immune to having its own security holes. Recently, two significant bugs were found, and then smashed. To make sure you don't get bit, you should patch your Linux system sooner rather than later.
Developers have exterminated two bugs from the Linux kernel that threatened the security of people using the open-source operating system.
The most serious of the two is remote denial-of-service vulnerability that made it possible for attackers to crash systems by sending them oversized packets.
Cliffe Schreuders wrote, "Today FBAC-LSM, a new security mechanism for Linux, has been released. FBAC-LSM restricts programs based on the features each application provides. You specify high level goals such as "Web Browser", some application-specific information (which can usually be automated), and then FBAC-LSM stops the programs from misbehaving. This limits the damage which can be done by malicious code due to malware or software vulnerabilities.
Six-monthly releases have become something of a talking point in free and open source software circles after the problems Ubuntu has faced with users unhappy over major bugs. While Ubuntu, which is now five years old, appears to struggle with this pace of development, the OpenBSD project has been doing six-monthly releases for the last 12 years - with no major bugs.
Ira Winkler prognosticates on the possibility of a catastrophic online international event. Interesting?
For 15 years now, I have been publicly lambasting all of those people who have made their careers, or at least made fleeting news headlines, based on their declaration of an imminent Electronic Pearl Harbor. My disdain is based on several factors, but predominantly the lack of accountability for such statements.
This is the second of two parts of an interview of Stephen Northcutt by technologist David Greer. Everything that follows is by Messrs Greer and Northcutt with minor edits. DG: It seems like many of the current security issues are problems that we have been dealing with for decades. How do you see the evolution of the problem space of information security?
Fresh ISO images of Owl-current for x86 and x86-64 (generated today) are
available on our FTP mirrors (well, maybe not on all yet, but should be
by tomorrow). There are also direct download links on the Owl homepage
(pointing to a specific already-updated and fast mirror)
A team of researchers has implemented support for 'trusted computing' in a commercially available version of the open source operating system Linux, breaking new ground in the global drive toward more secure computing environments.
Linux aficionados and computer security experts -- not to mention many IT writers -- are known to use a couple of terms with, well, not-easily-discernable definitions when they talk about Linux security. Problem is, you need to know these terms to understand discussions about computer security (and, of course, to communicate effectively with security vendors).
The Mozilla developers have announced that Firefox 3.6 will "lockdown" the components directory of the browser to stop third party applications bypassing the standard add-ons and plug-in support by pushing user invisible changes directly into Firefox. From today's planned release of Firefox 3.6's beta 3, and onwards, the components directory will be for Firefox code only and third party developers will only be able to extend the browser through the officially supported add-ons system.
With a focus on risks, rather than only ranking software vulnerabilities, the Open Web Application Security Project (OWASP) has made a significant - and welcomed - change in how the organization rates Web application security weaknesses.
Google Australia plans to incorporate data released by the Government 2.0 Taskforce as part of an 'open access' initiative into its Google Maps platform.Taskforce member and director of engineering at Google Australia Alan Noble told iTnews that the web giant was "going to look at all of the data sets" released by federal and state governments "to see which of those can be used."
