Explore top 10 tips to secure your open-source projects now. Read More
×The latest release of Linux Mint includes changes to the Update Manager to prevent users from procrastinating important security updates. . Earlier this year, Clement Lefebvre, the developer of the popular desktop distro , had expressed concern about users ignoring security updates exposing their Internet-connected installations to all kinds of risk. Although Linux Mint doesn’t collect any relay any telemetry data, based on the activity of the distro’s update server, Lefebre shared that only about 30% users update their distros in less than a week, and a sizable percentage of users are running an outdated version of the distro that stopped receiving security updates in 2019. . Linux Mint enhances its Update Manager to promote prompt security patches and boost user adherence.. Linux Mint Updates, Security Management, User Experience Improvements. . Brittany Day
On a well-maintained Linux system, months can go by without needing to reboot. Sooner or later, however, a security patch to the Linux kernel will require you to reboot your machine. That's not a real problem on a desktop, but when you're talking hundreds of servers it can be a real pain. That's where CloudLinux's new program KernelCare comes in.. CloudLinux, makers of the CentOS-related CloudLinux OS, a Linux distribution for hosting providers, claims that with KernelCare, scheduled outages for security patches on Linux servers are now a thing of the past, giving organizations real-time updates. The program automatically applies Linux server security updates without having to re-boot. This frees technical personnel from the laborious process that takes several minutes for every server, several times a year. The link for this article located at ZDNet Blogs is no longer available. . CloudLinux, makers of the CentOS-related CloudLinux OS, a Linux distribution for hosting providers, . well-maintained, linux, system, months, without, needing, reboot, sooner, later. . LinuxSecurity.com Team
The VideoLAN project has announced the release of version 1.1.10 of its VLC media player, the free open source cross-platform multimedia player which supports a variety of audio and video formats. According to the developers, the eleventh release of the 1.1.x branch of VLC is a maintenance and security update that addresses several issues found in the previous update from mid-April.. VLC 1.1.10 fixes several previously reported vulnerabilities in libmodplug, also known as the ModPlug XMMS Plugin, and addresses an integer overflow in the XSPF playlist demultiplexer. Other changes include the removal of FontCache building in the Freetype module, a rewrite of PulseAudio output on Linux/BSD, and various codec and translation updates. A number of Mac OS X interface and hotkey fixes have also been implemented. The link for this article located at H Security is no longer available. . VLC 1.1.10 addresses several security flaws, notably an integer overflow defect in libmodplug, improving overall software safety.. VLC Media Player, Integer Overflow, Multimedia Player Security. . LinuxSecurity.com Team
Computer Associates has spun off its Ingres database into the privately held Ingres Corporation. The newly formed company has received an investment from private equity fund Garnett & Helfrich Capital, which will be the firm's majority shareholder. CA will provide the intellectual property rights for the database in exchange for a stake in the company. . Ingres Corporation aims to make money from the software as an open source project, providing services and maintenance. The link for this article located at VNUNet.be is no longer available. . Cortex Solutions plans to leverage open access software, offering essential support and upkeep for clients.. Ingres Database, Open Source Project, Software Maintenance. . LinuxSecurity.com Team
A firewall is an organizationally and technical concept for the separation of networks, its correct implementation and constant maintenance. One piece that's often used is a piece of hardware that connects to networks the way as it's allowed in the concept. This piece of hardware is often called firewall-system/computer or in short firewall. . How does a typical technical implementation of a firewall look like? First you put a packetfilter between the directly connected networks (network 1 -- packetfilter -- perimeter network -- packetfilter -- network 2). The packetfilters only allow traffic from the directly attached networks. A connection from one network to the not directly attached packetfilter or the other network is strictly forbidden. The perimeter network is also known as DMZ (Demilitarized Zone). In it there are switching computers for all protocols/services who should work from one net to the other net. Such a switching computer is also known as Proxy, because it works pro procurationem/by proxy (like a secretary). Proxies work on application level, means they understand the communi The link for this article located at Lutz Donnerhacke is no longer available. . How does a typical technical implementation of a firewall look like? First you put a packetfilter be. firewall, organizationally, technical, concept, separation, networks, correct. . Benjamin D. Thomas
"Welcome to yet another article in the series of articles dedicated to basic system maintenace and security. This time, I plan to cover the topic of logging, and why is logging a must for every serious admin, or for any system . . . . "Welcome to yet another article in the series of articles dedicated to basic system maintenace and security. This time, I plan to cover the topic of logging, and why is logging a must for every serious admin, or for any system that plans to be exposed to any kind of multi user enviroment. Before I go on further, a small suggestion you should take seriously, no matter if you plan reading or just skimming through the introduction: log everything! Yes, be paranoid, log everything you can. Now that I have said that, let's discuss it altogether... One of the main advantages of linux and other multi user systems is the logging ability. What is logging exactly? It is merely a process of creating logs, documenting and storing certain system or user activity for various reasons. Entire process and idea of logging probably came from programming, where it was useful to record events, such as program behaviour for further development, and to collect such information for future diagnostic and improvement. Same is with logging on the system level. It is, to say the least, useful to log all activities and events that took place on your system for future analysis. From a security point of view, logging serves as a proof of malicious activity or as an indicator of a potential one. Now, with linux, by default, you are equipped with a several different logging tools and utilities." The link for this article located at Help Net Security is no longer available. . Master logging techniques for system maintenance and security. Discover the importance of effective logging for system administrators.. Linux logging, system logs, security administration, diagnostic practices, multi user environments. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.