We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
This is to announce the release of Trustix Secure Linux 2.1, nicknamed "Horizon". It is the second release in the Trustix 2 series. Its main purpose is to serve as a stability release, and it is the natural successor of Trustix 2.0. In addition, we have added a few more features including Samba 3, IBM's stack protector and the XFS filesystem. We have also updated most of the packages to the latest stable version. . . .
With no security breaches so far, LLV Imports is more than satisfied with products and support received from Guardian Digital. "Security is a huge concern of mine. Staying current with security patches and having an easy way to implement them is important to keeping my store and my customers' information secure. With Guardian Digital helping to manage our Internet presence, I can sleep well at night." . . .
Antivirus firm F-Secure has apologised for sending the Netsky.B virus to several thousand of its UK customers and partners via a mailing list. The email apology said: "Because of a human error, you may have received an email infected with the Netsky.B virus that was relayed through our external email list server and was resent to our UK mailing list. . . .
Now some of Microsoft's closely guarded source code is floating freely on the Web, at least some of Windows made open-source, albeit illegally. Whatever Microsoft's investigation of the leak turns up, it's a sure bet that hackers, many of whom claim only to want to learn programming technology are already on the case. Should attacks flow from revelations in the leaked code, look for Microsoft to remind us that such risks were why it kept the source code secret in the first place. . . .
Red Hat Inc. announced Thursday the release of a test version of Fedora Core 2 that is based on the recently released 2.6 Linux kernel. Our readers are probably already aware that 2.6 integrates a whole lot more security into the kernel than was previously the case, including hooks for SELinux, IPSec, and ACLs. Fedora is a hobbyist version of Linux that is constantly being updated and likely does not offer the stability an enterprise would require for its mission-critical systems. This is the first of three phases of the Fedora Core 2 release schedule, which runs through April 19, said Brian M. Stevens, vice president of engineering. . . .
We have not covered much about the Microsoft source code leak that has been inundating the computer security news-sites recently, mostly because its not very relevant to open-source security. However, an exploit has been found due to the leak already. This brings up one of the major bonuses of open-source code: it does not at all depend on obscurity. Defense-by-obscurity leads to sloppy coding habits and opens the door to massive security vulnerabilities should the code be leaked, especially if its no longer supported, but still widely used, like Windows 9x. Bear in mind that, according to the Microsoft EULA, no one else is technically allowed to patch the code, and Microsoft likely won't. They might even claim that the ruling against them on the Java VM issue with Sun means that they cannot, since that was the reason given for dropping support for legacy products in the first place. . . .
Red Hat is enhancing the security model in the next version of Red Hat Enterprise Linux to include support for Security-Enhanced Linux (SE Linux). Red Hat Enterprise Linux 4.0, due out in 2005, will support the National Security Agency-funded SE Linux project, which adds multi-level security to the operating system (OS). . . .
Red Hat will ship an enhanced security model in the next version of Red Hat Enterprise Linux, CRN has learned. Red Hat Enterprise Linux 4.0, due out in 2005, will include support for Security-Enhanced Linux (SE Linux), according to a spokeswoman from the US-based commercial Linux vendor. . . .
Another odd thing. The 10K, which is for the fiscal year ending October 31, 2003 and which was signed and filed on January 28, 2004, mentions the MyDoom virus, which happened January 26, 2004. It puts it in the context of adverse results from their litigation strategy and seems to pin the blame on the Linux community, which as it now turns out is inaccurate . . .
Since I have little hope for the Anti-Virus industry and really doubt they will take the logical course of action and reconfigure their inferior products, it's probably best if I recommend another course of action. Every time you receive a piece of mail from an Anti-Virus company product, treat it like any other spam. Forward it to the appropriate abuse/postmaster contacts of the remote system. Make sure you also send a copy to their upstream provider and any law enforcement that is appropriate. Be sure to send a copy to the offending spammer/Anti-Virus company so they are aware you don't like their practice. . . .
"A high volume system like [Windows] that has been thoroughly tested will be by far the most secure," Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre. "To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux. . . .
One of the main selling points for Linux has been its relative immunity from the hacker community. But that is changing as Linux gains greater traction among enterprises. "While the focus and publicity remains around Windows, Linux is becoming much more of a target to virus writers," says Yankee Group analyst Laura DiDio. . . .
HP is porting OpenView Operations (OVO) to Linux, and renewing OpenView for Unix in the process. Due next year, the first Linux-based OpenView modules will target applications where Linux is most popular, such as security management and the finance industry. . . .
Just a friendly note that the secsup.org mirror is horrendously broken and there are bad files, bad sigs, probably missing files, etc. It seems as though secsup cannot maintain a healthy mirror so if you are currently using it for updates, please find a different mirror instead. . . .
Just a few days after Hewlett-Packard Co. (HP) released a patch for a highly critical vulnerability in its Tru64 OS, it seems Sun Microsystems Inc.'s Solaris 9 has fallen sick with the same bug. . . .
Novell plans to announce Wednesday at the LinuxWorld Conference and Expo that SuSE Linux, the version of the open-source operating system it acquired earlier this month, has passed a new level of security certification. . . .
Red Hat Inc. on Wednesday issued four security alerts that include fixes for problems in Apache, elm, cvs and the KDE desktop environment. These components are bundled with several Red Hat products, including Red Hat Enterprise Linux 3, Red Hat Linux Advanced Server and Workstation software. None of the alerts were labeled critical by the Raleigh, N.C.-based Linux distributor, but administrators are advised to apply the appropriate updates. . . .
Accordingly, Novell today outlined key agenda items for the advancement of Linux. Having just closed its acquisition of SUSE LINUX on January 13, the company is planning to announce next week further initiatives to - as a company spokeman puts it - "further strengthen Linux security, expand Novell's range of partnerships and offer greater freedom of choice to IT customers." . . .
Novell is integrating its identity management and Web services software in a way that it says will ease customers' ability to secure corporate networks. . . .
On December 24, Sun Microsystems released the source code for the software that runs its RaQ Web and e-mail server. Why not? Sun won't be using it any more. The RaQ was a Linux box, and the last of the Cobalt line that Sun bought in 2000. Earlier last year, it opened the source code for the Cobalt Qube server. . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
