We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Dell reckons Ubuntu offers more protection than Windows online as it convinces consumer PC shoppers they shouldn't be scared of Linux. In a statement flagged here by TheVarGuy.com, Dell picked on security as one of ten reasons why people should buy PCs running Canonical's Linux rather than Microsoft's operating system.
According to a security advisory from Adobe, there is a critical vulnerability in Flash Player 10.0.45.2 (and earlier versions) and in the authplay.dll component that ships with Adobe Reader and Acrobat 9.0; Windows, Mac OS X, Unix and Linux versions are all vulnerable. Attackers can exploit the hole to crash the software or gain control of the system and there are already reports of exploitation in the wild for all three products.
As Apple and Adobe sparred over the inclusion of Flash in the iPhone OS, supporters of the emerging HTML5 standard -- including Apple, Google, and Microsoft -- touted the H.264 video codec specified in HTML5 as a reason that Flash is unnecessary. But H.264 is proprietary technology that requires a license for use and redistribution, which effectively means Mozilla can't adopt it for the open source Firefox browser.
Version 0.96.1 of ClamAV, the free and open source toolkit, fixes bugs which cause it to crash when faced with crafted PDF and PE files. Attackers had been able to exploit these vulnerabilities to disrupt network operation, allowing them to disable web proxies or mail gateways, for example.
In case your boss ever questions whether security is big business... Symantec will pay US$1.28 billion to acquire VeriSign's security business. The two companies confirmed the rumored acquisition, saying it would give VeriSign the opportunity to focus on its more-profitable domain name business, while allowing Symantec to broaden its growing portfolio of enterprise security products. l.
Released last week, version 3.4.8 of the free Samba file and print server fixes various holes including two denial of service (DoS) vulnerabilities which allow attackers to remotely crash the Smbd service. One of the problems is caused by a null pointer dereference when processing a certain series of SMB headers that include a specific combination of flags.
Outsourcing Web security functions sounds good on paper, but how do you make hosted services work in your organization? A new Dark Reading report offers some answers.
One of open source's promises is to minimize vendor lock-in. However, it's not so apparent that this value proposition holds when using software as a service (SaaS) or cloud-based platform services. The implication is clear: So-called open source cloud platforms, like the recently announced VMforce, are no more open than proprietary clouds -- and believing otherwise will trap you into unintended lock-in.
In recent years, software manufacturers appeared to be increasing the transparency of communication about bugs. The Internet has allowed for rather rapid delivery of software patches, and Microsoft Corp. even releases details in its security bulletins and accompanying Webcasts. However, all is not what it seems...
Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web attack vectors.
No one is really focusing attacks on Mac and Linux, namely because there're not enough users," Steckler said in an interview. "Viruses, just like [those] in humans, need lots of hosts to propagate. Since there are very few Mac and Linux machines in the ecosystem, it's very difficult to propagate [and] to target."
PS3's loss of Other OS feature spurs an additional set of class-action complaints in Northern California court, alleging breach of contract, false advertisement, more.
The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that "any given Linux machine is five times more likely to be sending spam than any given Windows machine."
Google has released version 4.1.249.1064 of its Chrome browser for Windows to correct three critical vulnerabilities. The company had fixed seven vulnerabilities in its WebKit-based browser just a week ago.
Historically, cctv security has been a small and relatively specialised sector. Analogue technology has provided few opportunities to increase functionality beyond basic capture of images and sound, to be studied in real-time and stored on video tape or DVD.
LEADING US LINUX VENDOR Red Hat has given the public a first look at the next version of its Enterprise Linux distribution. ... The new System Security Services Daemon (SSSD) feature allows for centralised identity management, while the SELinux sandbox feature lets administrators better tackle untrusted content.
Marketing hype, or does this product provide value to Linux users? Enomaly, a leading provider of cloud computing platform software for telcos and other service providers, today announced the availability of the High Assurance Edition of the Enomaly Elastic Computing Platform. The new product enables telcos and service providers to offer their customers a cloud computing service with a higher level of security than has previously been available in Infrastructure as a Service (IaaS) offerings.
Most folk know if they want a secure gateway between the Internet and their home or business they should use Linux for maximum protection. The new IPFire distribution seeks to take security to the highest level while also making things a breeze for the less experienced to set up.
Seems like Pwn2Own is getting a reputation for uncovering some pretty nasty browser based vulnerabilities, once again this year Firefox, Safari and IE8 were all broken wide open. The latest development is Mozilla has beaten both Microsoft and Apple to the punch and released Firefox 3.6.3 patching the vulnerability.
Mozilla has announced the release of Firefox 3.6.3 to address a critical security hole used as part of a winning exploit at Pwn2Own 2010. The update comes just over a week after the release of Firefox 3.6.2 which addressed a different critical flaw.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
