linux-watch.com: With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 22.214.171.124.
Also: Stable and unstable kernel releases
risesecurity.org: We recently acquired an ASUS Eee PC. The first thing we did when we put our hands at the ASUS Eee PC was to test its security.
scmagazineus.com: Security vendor SecureWorks reported this week that the mass attack launched against Apache web servers running on the open-source Linux operating system can be thwarted by disabling dynamic loading in the Apache configuration.
LinuxWorld: Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.
Also: Super Techies: Brendan Eich
iTWire: A new report reveals that in 2007 organised criminal gangs for the first time started attacking Internet connected Apple products with the intention of stealing money. The report issues a chilling warning that the increased popularity of Mac computers and the enthusiastic take-up of net connected products such as iPhone and iPod Touch has its down side.
htmlfixit.com: Secunia have reported that more flaws were found in Redhat Linux (633) than in Windows (123), but even a blind man can see it is nowhere near a fair comparison.
Are you using SSH in the best way possible? Have you configured it to be as limited and secure as possible? The goal of this document is to kick in the new year with some best practices for SSH: why you should use them, how to set them up, and how to verify that they are in place. All of the examples below assume that you are using EnGarde Secure Linux but any modern Linux distribution will do just fine since, as far as I know, everybody ships OpenSSH.
techworld.com: Secunia has found that the number of security bugs in the open source Red Hat Linux operating system and Firefox browsers far outstripped comparable products from Microsoft last year.
linux.com: Palamida, the San Francisco company that helps companies to audit their use of open source software, has released a list of what it calls "the top five most overlooked open source vulnerabilities." To this list, Palamida has added an additional five vulnerabilities exclusively for Linux.com.
Matt Asay: Valleywag reports that SourceForge.net was hacked Wednesday, resulting in site downtime while SourceForge tracked down the hacker. SourceForge's Ross Turk confirms the report.
Also: Can Sourceforge marketplace open the cash drawer?
GCN: While most security specialists would agree on the high quality of SELinux, proponents are arguing this framework is the only one that should be needed for the open-source operating system kernel. In fact, it would eliminate the need for the Linux Security Module, an open platform for outsider developers to build their own security frameworks for Linux. And this idea has raised the ire of Linux keeper Linus Torvalds.
PCWorld: This week Microsoft Corp said it would patch Windows to reduce the risk of a new kind of Web-based security vulnerability, but security researchers say that other operating systems are probably at risk too.
Geek Pit: Debian Administration has an article up about the usefulness of firewalls. Are they really necessary? If you consider a firewall as just a non-stateful, layer-3 packet filter, then I would agree they are not very useful. However,
blogs.techrepublic.com: Recently consumer auction giant eBay announced that nearly 1,200 registered eBay users information was stolen via phishing attacks. That’s not shocking. What’s shocking is that it’s very likely the phishers were using rootkitted Linux boxes.
builder.au: Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice, which could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.
distrowatch: The site won't be updated until the problem is dealt with, but at least you can access the existing information. Sorry for the trouble
the register: Downloads of Bastille Linux have always been offered through SourceForge, with Bastille-linux.org serving more as a store-front than as a primary download location. The change of ownership of the site came to light only after duty staff at the Internet Storm Centre followed up a tip that something was amiss.
computerworld: A security researcher has found a serious vulnerability in an aging yet widely used software program used for the Internet's addressing system, prompting the software's maintainers to retire the affected version.
opensourcelearning.info: Recently I have been thinking about my online security. It lead me on a brief search for portable applications which at least give me the feeling that I am more secure that I am now.
Tux Love (PC World): Most people don't realise how their browsers betray them. It's not so bad at home, but in a work context it could cost you your job.
Also: FileZilla 3 brings Windows FTP goodness to Linux