Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Articles this week on building a secure Nagios server and how to better understand vulnerabilities in Web applications. Feature Extras:

Vulnerabilities in Web Applications - This paper aims to raise awareness by discussing common vulnerabilities and mistakes in web application development. It also considers mitigating factors, strategies and corrective measures.

A Secure Nagios Server - This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.


Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

  Hacks, Counter-Hacks and the Linux-Free PS3 (Apr 5)

It's not clear why Linux fans would even want to run it on a PS3, "when a console is NOTHING but 'DRM... in a box'" says Slashdot blogger hairyfeet. "Even when [Sony] allowed Linux you didn't get access to the full machine -- no GPU access -- which left it an underpowered POWER based PC."

  iPad hacked to run Newton OS (Apr 5)

As the iPad rolls out across the United States on Saturday, one developer appears to have gone rogue already. Jonathan E. Vi, one of the few developers to actually get an iPad in advance of the launch, has rigged it to run Apple's old Newton personal data assistant from the '90s. Fire up the Newton emulator app, and the iPad's screen changes to that muted green color with dim gray text and the old Mac fonts.

  Booby-trapping PDF files: A new how-to (Apr 5)

A security researcher has demonstrated a mechanism that exploits PDF files without taking advantage of any particular vulnerabilities.Didier Stevens' proof of concept exploit relies on running an executable embedded in a PDF file - something that ought to be blocked - by launching a command that ultimately runs an executable.

© 2023 Guardian Digital, Inc All Rights Reserved