We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
News Analysis: Google's Android platform is a relatively secure operating system. It has a number of features that make it a fine alternative to the iPhone. But it's important for users to understand just how Google built security into the mobile operating system.
Mozilla has closed six critical holes in Firefox 3.5 and five critical holes in Firefox 3.0 with the releases of Firefox 3.5.4 and 3.0.15. Three moderate and two low impact vulnerabilities were also fixed in 3.5.4 and 3.0.15.
A blogger who stumbled across a vulnerability in more than 65,000 Time Warner Cable customer routers says the routers are still vulnerable to remote attack, despite claims by the company last week that it patched the routers.
VMware has released updates for its ESX Server to fix vulnerabilities in the DHCP Client, DHCP Server, Service Console kernel and Java Runtime Environment (JRE). The security announcement lists a total of 48 CVE entries. The vulnerabilities can be exploited to carry out denial-of-service (DoS) attacks or to compromise systems.
WordPress version 2.8.5 promises better security. Described by the development team as a 'hardening release', it contains a number of functions back ported from the version 2.9 beta which should make the blogging system more resistant to attack. According to developer Peter Westwood, these include a fix for Trackback related denial-of-service (DoS) attacks and the deletion of areas of code which allowed PHP code in variables to be executed via the eval() function.
Nice pictorial on security features in Windows 7. Does Linux have all of these? Are there any that are better in Linux? See what security features are new and improved in Windows 7 in this slideshow, emphasizing what you can do from the Action Center's security tools.
Canonical is touting private cloud capabilities in an upgrade to its Ubuntu Linux OS being announced on Tuesday. Available for free download on October 29, Ubuntu 9.10 Server Edition introduces UEC (Ubuntu Enterprise Cloud), an open source cloud computing environment based on the same APIs as Amazon EC2 (Elastic Compute Cloud). Businesses can take advantage of private clouds, Canonical said.
A serious flaw in Apple's Snow Leopard OS appears capable of wiping user data after the user opens and closes the "guest" account on the afflicted Macintosh. According to reports, when the user first opens the guest account, closes it, and later logs back into their own account, their Home folder data has been erased.
The ClamAV developers have announced that the 15th of April 2010 will be the end-of-life (EOL) date for all versions up to 0.94.x of their free open source anti-virus program. The reason for the change is that releases older than 0.95 are affected by a bug in freshclam, the ClamAV utility used to download new virus definitions. The bug prevents incremental updates from working with signatures that are longer than 980 bytes. The developers note that they haven't yet released any signatures that exceed the limit.
Is this the same old concerns from a few years ago rising again? Companies are running scared of General Public Licence (GPL) software for fear of being sued, according to a leading open source enthusiast at Adobe. "A number of very large companies have rules to exclude GPL code," said Dave McAllister, director of standards and open source at Adobe.
The Apache HTTP Server Project developers have announced the availability of version 2.2.14 of their open-source HTTP server. According to the projects developers, the release is considered to be the "best available version of Apache HTTP Server". In addition to fixing bugs, Apache HTTP Server 2.2.14 addresses a number of security issues.
Mozilla on Wednesday posted preview builds of its Firefox browser with security enhancements designed to mitigate the risk of certain Web attacks. In a blog post, Brandon Sterne, security program manager for Mozilla, asks security researchers and server administrators to help test the changes by downloading a build appropriate for their operating system.
Google has pushed out a new version of its Chrome browser to fix a high-severity security hole that could lead to malicious code execution attacks.
The OpenBSD project has released version 5.3 of OpenSSH, the free implementation of the Secure Shell protocol (SSH). The main changes in OpenSSH are support for path names with more than 256 characters and that support for Windows 95/98/ME has been dropped.
Free software activist Richard Stallman has withdrawn an accusation that Apple's Mac OS X contained a backdoor after admitting there was no evidence to substantiate his earlier claims.
Seagate Technology LLC today announced it is shipping its Seagate self-encrypting drive (SED) across its portfolio of enterprise-class hard drives. The hard drives included with the self-encrypting option are the Savvio 15K.2, Savvio 10K.3, Constellation and Cheetah 15K.7 drives.
It turns out that Apple's iPhone 3.1 OS fix of a serious security issue, falsely reporting to Exchange servers that pre-3G S iPhones and iPod Touches had on-device encryption, wasn't the first such policy falsehood that Apple has quietly fixed in an OS upgrade. It fixed a similar lie in its June iPhone OS 3.0 update. Before that update, the iPhone falsely reported its adherence to VPN policies, specifically those that confirm the device is not saving the VPN password (so users are forced to enter it manually). Until the iPhone 3.0 OS update, users could save VPN passwords on their Apple devices, yet the iPhone OS would report to the VPN server that the passwords were not being saved.
Microsoft put 22 patents up for sale in July, listing them all as in the "open source" category, with some of them, "Linux-focused." The ultimate buyer was the Open Invention Network, a consortium of Linux backers that wanted to take them off the market.
Network security firm Check Point today launched a new version of its consumer security suite designed specifically to meet the increasingly sophisticated security needs of small and home business users.
Apple unveiled the latest update to its Mac OS X operating system on Friday, an early release that caught many software makers, including some significant security vendors, behind in their development schedule.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
