We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The release on Friday of Apple's Mac OS X 10.6, known as "Snow Leopard," has elicited criticism from security companies, which may have business to lose if Apple's latest operating system reduces interest in third-party security software.
Sun Microsystems' product plans are up in the air pending its acquisition by Oracle, but the company's chip engineers continue to present new designs in the hope they'll see the light of day.
A friend of mine suggested that I should include as boilerplate in my security stories, a line like: "Of course, if you were running desktop Linux or using a Mac, you wouldn't have this problem." She's got a point. Windows is now, always has been, and always will be insecure. Here's why.
Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person's computer. With one attack on Google's V8 JavaScript engine, malicious JavaScript on a Web site could let an attacker gain access to sensitive data or run arbitrary code on the computer within a Chrome protected area called the sandbox, Google said in a blog post Tuesday.
Red Hat has finally managed to release a patch for the previously reported critical Linux kernel vulnerability. Red Hat's initial response was to provide a workaround for the problem that involved blacklisting certain network protocols, preventing the exploit from functioning. Novell has also released updates for openSUSE 10.3 to 11.1, SUSE Linux Enterprise Desktop and SUSE Linux Enterprise Server.
Torvalds has never really been a fan of the vendor-sec list. Vendor-sec is supposed to be a vendor only list that is not publicly available. It's supposed to ensure that vendors will have the time they need to make fixes.
RSA security, one of the top security firms in the country, has sent takedown notices to a blogger and his hosting company in an effort to silence his discussion of a vulnerability found on a bank web site that RSA helps monitor, according to the blogger.
A judge on Tuesday ordered Microsoft to stop selling Word, one of its premier products, in its current form due to patent infringement. Judge Leonard Davis of the US District Court for the Eastern District of Texas issued a permanent injunction that "prohibits Microsoft from selling or importing to the United States any Microsoft Word products that have the capability of opening .XML, .DOCX or DOCM files (XML files) containing custom XML", according to a statement released by attorneys for the plantiff, i4i.
Nice summary and slideshow of the top companies we should be watching for the second half of the year. Our annual look at new security companies worth keeping an eye on. Are there others worth noting? Got experience with any of these companies? Leave your thoughts in our comments section.
Code that Microsoft released Monday for the Linux kernel under the General Public License version 2 (GPLv2) was in violation of that license before Microsoft made it available, according to an open-source network engineer.
The fine folks at Linux+ Magazine have released another full version of their periodical. It includes a DVD full of material, and more than a dozen full articles on Linux & security topics. Read on for the summary. Download the 68-page PDF.
The race is on: Mozilla is scrambling to finish a patch for a now-public bug in its Firefox 3.5 browser, while exploit code is circulating and Metasploit has released a new module for the attack.
Google has a long history of tracking user activity, and the introduction of its Chrome operating system later this year is sure to follow suit. While we know that it's being built off of Linux, one big thing we don't know is how its terms of service will differ from those found in other Google products, and what kinds of user data it will be collecting. Based on the company's track record of watching and monetizing user data, it could be anything from which applications you're using, to all the information that's coming in and out of your computer.
Wednesday's two big technology stories--Google's Chrome-based operating system and cyberattacks against U.S. and South Korean government Web sites are oddly related. The stories are connected because if Google does well at gaining market share for its browser, we could see fewer successful attacks. Or maybe we'll see more attacks.
SourceForge is keenly aware of its roots in the open source community, and its strategies for growth encompass ways to better serve its base. Among its goals are a transformation of the Sourceforge.net Web site into "a world-class development environment," said Jon Sobel, SourceForge's group president of media.
The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla. A total of nine security flaws were fixed in the new release. The patches include a fix for flaws such as one that allows scripts from page content to run with elevated privileges. With this, an attacker could cause an object such as a browser sidebar to interact with web content so that an attacker's code had elevated privileges.
Has anyone used this yet, or have a review of how well it performs in the real world?Satisfied that its security underpinnings are solid, Google has promoted its open-source Native Client technology to accelerate Web applications out of its research phase and is taking steps to build it into the Chrome Web browser. "Based on our experience to date, we believe that the basic architecture of our system is sound and the implementation is supportable. So now we are undertaking a number of tasks to transition Native Client from a research technology to a development platform," said Brad Chen, Google's Native Client engineering manager, in a mailing list announcement Wednesday.
New Fedora release today, promoting improved desktop and server features, and better virtualization security.Frields added that Fedora 11 also includes something called sVirt which is SELinux (Security Enhanced) containment for virtual guests. SELinux is an access control technology that has its roots in the NSA (National Security Agency) and has been part of Fedora for years. By extending SELinux to virtual guests, Fedora is enhancing the security of its virtualization technologies. Fedora 11 also includes what Frields described as better authentication for its virtualization manager software (virtmanager).
'Cloudburst' memory-corruption exploit released with Immunity's new version of Canvas penetration testing software. Researchers for some time have demonstrated the possibility of one of virtualization's worst nightmares -- a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.
Many of today's UTM boxes have their roots in Linux. Which perform best?The InfoWorld Test Center attacks Astaro, SonicWall, WatchGuard, and ZyXel firewalls, and only one puts up a fight. Indeed, a rapidly growing number of small and mid-size companies are opting for the administrative and operational simplicity of the single-box solution. And so we decided that UTMs aimed at the mid-size company were the perfect group to use for the rollout of InfoWorld's new firewall and UTM test protocols. When we began this process well over a year ago, we asked for input from virtually every firewall and UTM vendor we knew, and we invited every UTM vendor we could find to send us an appliance to test. In the end, four vendors answered the call. Astaro, SonicWall, WatchGuard, and ZyXel submitted units for this first set of tests.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
