Open source software vendors do something akin to selling air: They get people to pay for something that easily, and perfectly legally, can be had for free. But added security is becoming an increasingly important part of the value proposition, as Red Hat (RHT), maker of one of the leading Linux enterprise distributions, emphasized this week in a statement on its software subscriptions.
Tor is apparently no longer a safe place to run a marketplace for illegal goods and services. With the alleged operator of the original Silk Road marketplace, Ross Ulbricht, now going to trial, the arrest of his alleged successor and a number of others in a joint US-European law enforcement operation, and the seizure of dozens of servers that hosted "hidden services" on the anonymizing network, the operators of the latest iteration of Silk Road have packed their tents and moved to a new territory: the previously low-profile I2P anonymizing network.
Red Hat achieved its latest successful FIPS 140 validation back in April 2013. Since then, a lot has happened. There have been well publicized attacks on cryptographic protocols, weaknesses in implementations, and changing government requirements. With all of these issues in play, we want to explain what we are doing about it.
Right now Fedora allows for SSH log-ins as root, which is the default behavior as currently shipped by sshd. However, for Fedora 22 there is a proposal that the packaged sshd will default the option of PermitRootLogin to no so that root log-ins wouldn't be permitted into Fedora SSH servers. This change is being proposed to try to avoid brute-force attacks against root passwords of Fedora servers.
Open source code security has been in the spotlight since the Heartbleed bug infected the Canada Revenue Agency website last year. Found embedded in OpenSSL, one of the Web’s most common security systems, Heartbleed sent public-sector IT personnel scrambling to test their agencies’ websites to make sure they were clean and protected.
North Korea is a technological island in many ways. Almost all of the country's "Internet" is run as a private network, with all connections to the greater global Internet through a collection of proxies. And the majority of the people of the Democratic People's Republic of Korea who have access to that network rely on the country's official operating system: a Linux variant called Red Star OS.
Red Star OS, first introduced in 2003, was originally derived from Red Hat Linux. In theory, it gave North Korea an improved level of security against outside attack—a Security Enhanced Linux operating system based on Red Hat that could enforce strict government access controls on the few who got to use it.