We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
There was much hype around the growth of the email archiving market last year. For example, the IDC predicted that 2005’s email archiving application revenue reached US $310 million worldwide. Good news! The open source community has just released MailArchiva, a competitive email archiving product that integrates directly with Microsoft Exchange.
Putting on its fedora hat, Red Hat last month released the first version of its free, open-source Directory Server. The Fedora Project is Red Hat's pure open-source arm, with all product releases and source code being freely available without the company's licensing, or "subscription" restrictions, which are required for running Red Hat's enterprise product offerings.
D-Link jumped aboard the unified threat management (UTM) bandwagon this week with a partnership with security vendor Checkpoint Software to develop a new line of small business-focused security appliances. Under the agreement, D-Link will weave Checkpoint's firewall and VPN technology into two new additions to its NetDefend line of SMB security appliances. Slated to be available sometime this quarter, the appliances are aimed at businesses of up to 100 seats and 25 VPN users.
Looking to spread the usage of the AppArmour application security software it acquired when it bought Immunix, Novell announced last week that it would release the software's source code under the GNU General Public License (GPL) and sponsor a project to maintain and improve it.
Novell plans to release software on Tuesday that is designed to make it harder for new attacks to compromise existing Linux-based computers. The software, called AppArmor, is one of several products in the security realm based on the idea of mandatory access controls. The technology limits a running software program's privileges only to those absolutely necessary.
Companies running Apache and a PostgreSQL database are at risk from serious Internet intrusion. Red Hat warned of a flaw late last week in mod_auth_pgsql, an Apache module that allows authentication against information in popular open-source database PostgreSQL.
Security vendor McAfee agreed on Wednesday to pay a $50-million fine to the U.S. Securities and Exchange Commission to settle charges that it overstated its revenue and earnings by hundreds of millions of dollars, closing an unpleasant chapter in the company’s history.
Debian Etch, the next major version of the Linux distribution, will only be available on eight architectures, with four getting the boot. Steve Langasek, a release manager at Debian, said in a mailing list posting last week that the official release of Etch, which is due in December 2006, will not be ported to systems based on the ARM, Motorola 68k, IBM S/390 and Sun SPARC architectures.
Multiple vulnerabilities were identified in Linux Kernel, which could be exploited by malicious [local] users to cause a denial of service and potentially obtain elevated privileges.
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.3 (Version 3.0, Release 3). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, the SELinux policy, and the LiveCD environment.
New research released over the weekend indicated that BlackBerrys -- the ubiquitous handheld devices favored by on-the-go types -- are vulnerable to a security hole that could let attackers break in to the gadgets by convincing users to open a specially crafted image file attached to an e-mail.
In the latest in a series of moves aimed at getting Korean government institutions to move away from their reliance on Windows and Unix and adopt open source software, two state-owned financial institutions planned to launch the country's first Linux-based Internet banking services in December. The state-owned Korea Post and the National Agricultural Cooperative Federation (NACF) have both said their systems will be up and running for Linux users before the end of December as a part of the open source software fostering projects of the Ministry of Information and Communication.
Virtual infrastructure software maker VMWare Inc. has rushed out fixes for a "very serious" security flaw that put users of its product line at risk of code execution attacks. The vulnerability, which affects both Windows and Linux systems, affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1 and the free VMware Player 1.0. All previous versions of these products are also affected.
"Here's the danger we are running into," said Alan Shimel, Chief Strategy Officer for StillSecure. "People contribute resources to these communities, whether it be time, money, or code. When they see everything they give converted for the commercial success of an individual rather than as a community as a whole, how long do you think they are going to want to keep giving?"
The Debian Project has released an update to its popular GNU/Linux distribution, with security-related bugfixes a key feature. "This is the first update of Debian GNU/Linux 3.1 (codename 'Sarge') which mainly adds security updates to the stable release, along with some corrections to serious problems," said Debian security team member Martin Schulze in an e-mail announcing the update.
Tenable Network Security, Inc., a leading developer of security management solutions and creator of the popular and award-winning Nessus vulnerability scanner, today announced the general availability of Nessus 3.0 for the Linux and FreeBSD platforms. Nessus 3.0 was developed in response to growing market demand from enterprises, government agencies and consultants for a commercially licensed version of Nessus. Nessus 3.0 users will now have access to a number of commercial support and training options from Tenable Network Security. Tenable Network Security will continue to manage, distribute and maintain the open source version, Nessus 2.x.
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.2 (Version 3.0, Release 2). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, the SELinux policy, and the LiveCD environment.
Novell has announced a 21.8 million pounds Sterling ($39 million) contract with the United Kingdom's leading Department of Health agency for a comprehensive set of security, management and infrastructure solutions that will improve delivery of health services to UK citizens. The three year agreement with the National Health Service (NHS) Connecting for Health program lets NHS leverage Novell® solutions across the entire NHS infrastructure, comprising upwards of 600,000 workstations, and will result in substantial cost savings for the NHS. As a strategic partner, Novell will help the NHS deliver its National Programme for IT, improving patient care and services and transforming the way the NHS works.
EnGarde Secure Linux is a server-based distribution developed with security in mind. It comes with a minimal set of services so that the server is not unnecessarily exposed, and no superfluous software -- including no X Window-based window manager. Even compilers, such as GCC, are not included. Yet EnGarde enables you to run any sort of Web presence, from a simple mail server to a complete e-commerce site.
Microsoft went on the offensive earlier this week, announcing a study in which Windows Server trounced Novell's SUSE Enterprise Linux in both reliability and ease of use over a period of one year. Novell says the report simply "aims to confuse the market." In a company blog posting, Novell PR manager Kevan Barney notes that Microsoft funded the Security Innovation study, and says, "Independent studies regularly credit Linux in general, and SUSE Linux in particular, as secure, reliable, supported platforms."
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
