General Esm W900
This week, perhaps the most interesting articles include "Attacking Web 2.0 at LinuxWorld," "Security Firm Automates Generating Attack Code," and "."


Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.

In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.


LinuxSecurity.com Feature Extras:

    Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


EnGarde Secure Community v3.0.16 Now Available
7th, August, 2007

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.16 (Version 3.0, Release 16). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.

Mozilla Raises Eyebrows With 10-day Patch Claim
6th, August, 2007

A Mozilla executive has vowed that his company can patch any critical vulnerability in its software within 10 days, a sign that Mozilla intends to step up its efforts to improve security. I found this to be a pretty bold claim. Does this have anything to do with the recent flood of Firefox security bugs? I really hope that Mozilla is able to stick with their claim of providing security fixes with-in 10 day. Could other software makers do the same thing?

news/network-security/mozilla-raises-eyebrows-with-10-day-patch-claim
Mozilla: 10-day Patch 'not our policy'
7th, August, 2007

The open source browser maker was forced to issue a statement Monday, retracting a pledge attributed to the company's director of ecosystem development, Mike Schaver, to fix any critical security bugs in the browser within "Ten ****ing Days." Fixing security bugs is not always a easy task, I feel that it was a good idea to retract there claim since it would be hard to backup. However, I hope that they release security bug fixes as fast as they would have with a 10-day deadline. Do you think that retracing their claim was a good idea?

news/network-security/mozilla-10-day-patch-not-our-policy
Firefox 3.0 To Get More Security
9th, August, 2007

Firefox 3.0 will have several new security features baked in, according to Mozilla's chief of security.The browser will likely have a tool for automatically blocking sites suspected of harbouring malware. It will also offer support for the extended validation Secure Sockets Layer (EV SSL) certificates, said Window Snyder, Mozilla's chief security officer. The last couple of weeks Firefox has been in the news related to their security bug. The Mozilla team seems to be taking browser security very seriously now. What do you think about this? Was this a response to the security problems they had with their software last month? Either way to applaud them for making security a top concern.

news/network-security/firefox-30-to-get-more-security
In defense of Black Hat and Defcon
7th, August, 2007

First thing's first - I'm extremely biased in favor of this type of article because I identify with the creative hacker. The media-slanted definition of 'hacker' does the title no justice for the innovative, out-of-the-box, dedicated minds of the world which make word processing programs or the 'Internets' easy for even the media to use. This article covers the general feel of both Blackhat and DefCon conferences with a nod towards the NBC Dateline incident.

news/organizations-events/in-defense-of-black-hat-and-defcon
Something Uncomfortable About DEFCON