Linux Security Weekly Review: Tools, Monitoring, And Updates

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

Marking nearly 10 years of Openwall GNU/*/Linux, the Openwall Project developers have released version 3.0 of Openwall. Openwall GNU/*/Linux, also known as Owl for short, is a small, security-enhanced distribution of Linux aimed at servers, appliances and virtual appliances.

If Marcus Ranum were your CISO, this would be his resolution for 2011: To plan a "War Games" style exercise. "It's very enlightening for everybody," says Ranum, a noted security thought-leader, :and it actually helps a great deal in helping sell the need for security to the entire executive team."

There's a cartoon that made the rounds in the Linux community a few years back that I often think of at this time of year. In essence, it depicts a Linux aficionado refusing to help convince someone to switch to Linux, explaining, "If everyone's using it, I'm not cool anymore."

So far, the analyses of OpenBSD's crypto and IPSec code have not provided any indication that the system contains back doors for listening to encrypted VPN connections. The OpenBSD developers started the code audit to investigate allegations made by Gregory Perry, the former CTO of crypto company NetSec. In an email to OpenBSD founder Theo de Raadt, Perry had accused developer Jason Wright and others of having built back doors into the IPSec stack. De Raadt made the email public and presented Perry's allegations for discussion.

The OpenBSD project has found two bugs in how OpenBSD, a Unix-like open source operating system, implements Internet protocol security (IPsec). The bugs are of interest given the recent allegation made by Gregory Perry, former CTO of now-defunct Federal Bureau of Investigation contractor Network Security Technology (NetSec), that the FBI created a backdoor in the OpenBSD code base, specifically in how it implements IPsec.

A data breach affecting Twin America, the parent company of CitySights NY, potentially compromised an estimated 100,000 customers' personal details, including credit card numbers. According to a security breach notification letter sent to the New Hampshire attorney general, as required by that state's laws, attackers successfully exploited a Twin America Web server by using a SQL injection attack.

Think your innermost thoughts and secret actions are hidden? Think again. "Cell phones are the worst," says Scotland Yard's Alysha Carpenter, "The signals are just in the air. It's not rocket science to intercept them." Any information sent anywhere by any means could potentially be hacked. Online reports abound about potential snoops using hacked webcams or Xbox's new Kinect system to look into your living room and figure out how to steal from you or market to you.

"I can tell old RMS he has lost," said Slashdot blogger hairyfeet. "The game is over, the fat lady is down the street having a sandwich. All one has to do is look at how quickly the public hands over every detail of their lives to Facebook to realize they simply don't care a thing about privacy as long as you appeal to their overblown sense of self worth."

The lead developer of the OpenBSD operating system says that he believes that a government contracting firm that contributed code to his project "was probably contracted to write backdoors," which would grant secret access to encrypted communications.

2010 was a big year for Linux, with four major kernel releases, multiple enterprise Linux updates and some large vendor shifts that will likely affect the Linux market for years to come. The most recent kernel release is the 2.6.36 kernel which debuted at the end of October. Among the notable inclusions in the 2.6.36 kernel is the AppArmor security access control system, which is an alternative to SELinux which has been backed by Red Hat since at least 2004.

WikiLeaks has gone down, returned, gone down again, returned and other sites have been taken down by supporters of WikiLeaks like Visa.com. From a technical standpoint, what is happening exactly and what will happen next in this ongoing cyberspace saga? HuffPost Tech asked SafeCentral CTO Ray Dickenson to help us break it all down based on his Internet security expertise.

Passwords are like the keys to your house: you use them every day, but almost never really think of them until you lose them. Or someone else finds them. The recent hack of Gawker, which operates sites such as Lifehacker, Gizmodo, and Deadspin, revealed some troubling news about the way many of us use passwords.