Linux Security Week: April 26th, 2010

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

Companies crave experience in their security staffers, dimming prospects for entry-level applicants. Bill Brenner on how a young upstart can break through. If you're young, breaking into the security industry can be hell.

Jon Callas, who as co-founder and chief technologist of PGP helped bring strong encryption to the masses, has taken a job with Apple working on operating-system security.

Criminals are increasingly attempting to conceal malware embedded in hacked websites from search engines such as Yahoo! and Google. Their aim is to prevent browsers which use technology such as Google's Safe Browsing API from sounding the alarm when a user visits a hacked website. Google's Safe Browsing API allows client applications to query Google's phishing and malware blacklist. Firefox and Google Chrome both make use of the API, which is based on Google searches of websites for suspicious code.

It was simply a matter of time before Linux became my primary operating system. My most recent malware incident was the final straw that sent me into welcoming and safe haven of Ubuntu.

A series of gaffes at Blippy, Google, and a Midwest bank exposed the credit card numbers of four individuals within Google search results for more than two months. Friday was easily the worst day in the history of Blippy, a young start-up that enables people to create social networks around sharing information on goods and services they buy.

With Facebook Connect being abandoned in its favor, and a new draft specification before the IETF, OAuth is shaping up as the cornerstone of identity management for cloud-based applications and services. eWEEK Labs Senior Analyst P. J. Connolly looks at what's behind the seamless access to services on social media sites such as Facebook, LinkedIn and Twitter.

What's more devastating than a DDoS attack launched by a botnet? In some cases, that's the DDoS attack launched by the "opt-in botnet" aggregated through a crowdsourcing campaign.

Social media is making hacktivism easier, especially as politically motivated online crowds come together to create distributed denial of service attacks, finds a new paper by security researcher Gunter Ollmann of Damballa.

Companies stand to lose their reputation, not to mention business, in cases of severe data loss. One way to prevent the inadvertent leakage of information is to go in for encryption to secure data on hard drives, flash drives and the like. Subhankar Kundu looks at the different aspects of data encryption in the corporate world.

The US government has released open source code that it has been working on. In an unusual move for government transparency, the White House is letting developers get their mitts on its open source code. The US executive branch has been working on its custom code as part of its ongoing efforts to "develop an open platform for Whitehouse.gov."

Google was the main target of a group of privacy commissioners from 10 nations who held a press event in Washington, D.C., on Tuesday to air their grievances. They castigated the company over its botched Buzz rollout and criticized its Street View operations. However, other online companies -- such as Facebook and other social networks -- should also take notice, the commissioners warned.

A new version of the open source Metasploit Framework penetration testing tool is set to debut next month with the release of Metasploit Express -- ushering in new enhancements for ease-of-use and management that come courtesy of its new commercial underpinnings.

There are matches made in heaven, and on the other side of the spectrum, there is David Wang's accomplishment: booting Google's Android operating system on Apple's iPhone Wang, the "planetbeing" member of the a group called the iPhone Dev Team devoted to hacking iPhones, on Wednesday posted a video demonstrating Android on an iPhone.

Nearly 40 percent of enterprise network devices exhibit some form of security vulnerability, according to a study published today.

Havoc decended upon Coles stores across the country this morning after 10 per cent of the company's cash registers were knocked out by a botched McAfee anti-virus update. The Internet Storm Center, an initiative of the SANS Technology Institute which monitors problems on the web, said "the affected systems will enter a reboot loop and lose all network access."

Reports have surfaced that Internet Explorer users are not the only targets of the Zeus banking Trojan - Firefox users are now also under threat.

Privacy officials from 10 countries on Tuesday penned a letter to Google criticizing its approach to privacy, pointing to its Buzz and Street View products as examples.

In the spirit of being open, search engine outfit Google has stated under what conditions it will hand over data to governments or delete information on its websites.

We continue our conversation today with Gunnar Hellekson, chief technology strategist for Red Hat's U.S. Public Sector Group.When it comes to security, he explains why the old adage, "the more things change, the more they stay the same" often applies.

LEADING US LINUX VENDOR Red Hat has given the public a first look at the next version of its Enterprise Linux distribution. ... The new System Security Services Daemon (SSSD) feature allows for centralised identity management, while the SELinux sandbox feature lets administrators better tackle untrusted content.

This is a seminal piece of writing from the underground, forgotten by many but adored by many more. It still resonates with me and has as much meaning as it did back in the day when I first read it in Phrack Issue 7.

The Open Web Application Security Project (OWASP) today issued the final version of its new Top 10 list of application security risks.The list, which was first unveiled in November at the OWASP conference, is a departure from OWASP's previous lists, which ranked the most commonly found weaknesses and vulnerabilities in Web applications.

I think this is one plugin we won't see released by Google for Chrome anytime soon. A computer security researcher has launched a project designed to provide people greater privacy when using Google, as the company expands the scope of data its collects about its users.

Countries negotiating a major cross-border agreement to crack down on intellectual property crimes have agreed to release previously secret draft language of the controversial accord this week.