linux.com: Palamida, the San Francisco company that helps companies to audit their use of open source software, has released a list of what it calls "the top five most overlooked open source vulnerabilities." To this list, Palamida has added an additional five vulnerabilities exclusively for Linux.com.
Matt Asay: Valleywag reports that SourceForge.net was hacked Wednesday, resulting in site downtime while SourceForge tracked down the hacker. SourceForge's Ross Turk confirms the report.
Also: Can Sourceforge marketplace open the cash drawer?
GCN: While most security specialists would agree on the high quality of SELinux, proponents are arguing this framework is the only one that should be needed for the open-source operating system kernel. In fact, it would eliminate the need for the Linux Security Module, an open platform for outsider developers to build their own security frameworks for Linux. And this idea has raised the ire of Linux keeper Linus Torvalds.
PCWorld: This week Microsoft Corp said it would patch Windows to reduce the risk of a new kind of Web-based security vulnerability, but security researchers say that other operating systems are probably at risk too.
Geek Pit: Debian Administration has an article up about the usefulness of firewalls. Are they really necessary? If you consider a firewall as just a non-stateful, layer-3 packet filter, then I would agree they are not very useful. However,
blogs.techrepublic.com: Recently consumer auction giant eBay announced that nearly 1,200 registered eBay users information was stolen via phishing attacks. That’s not shocking. What’s shocking is that it’s very likely the phishers were using rootkitted Linux boxes.
builder.au: Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice, which could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.
distrowatch: The site won't be updated until the problem is dealt with, but at least you can access the existing information. Sorry for the trouble
the register: Downloads of Bastille Linux have always been offered through SourceForge, with Bastille-linux.org serving more as a store-front than as a primary download location. The change of ownership of the site came to light only after duty staff at the Internet Storm Centre followed up a tip that something was amiss.
computerworld: A security researcher has found a serious vulnerability in an aging yet widely used software program used for the Internet's addressing system, prompting the software's maintainers to retire the affected version.
opensourcelearning.info: Recently I have been thinking about my online security. It lead me on a brief search for portable applications which at least give me the feeling that I am more secure that I am now.
Tux Love (PC World): Most people don't realise how their browsers betray them. It's not so bad at home, but in a work context it could cost you your job.
Also: FileZilla 3 brings Windows FTP goodness to Linux
the inquirer: We already reported how Skype was taking a deep interest in the workings of the BIOs of Windows users, now it seems that the outfit is snooping on Linux users too.
the inquirer: AN ADVISORY from a security researcher called Gregory Shikhman points out that Nvidia drivers have a rather gaping hole when installed under Gentoo Linux.
On August 7, 2007, bannedit reported bug 187971 regarding a possible command injection vulnerability within http://packages.gentoo.org. The Infrastructure team verified the vulnerability and the server was immediately taken down to prevent further exploitation and to allow for forensic analysis.
techrepublic blogs: The term rootkit originated with a reference to the root user account on Unix systems. Rootkits are not limited to Unix, however, or even to administrative user accounts like the Unix root account. No matter what operating system you use, you should be familiar with good practices for detecting and dealing with the threat of rootkits.
Also: Clamav is great
heise-security: According to reports from several security services, the Xvid 1.1.2 Video Codec Library has a security hole which attackers could use to gain control over a PC. Both Windows and Linux applications are affected.
linux.com: Organizations of all sizes need to mitigate the risk of insider threats. Misconduct by authorized users represents a grave threat to an organization. You can secure your network perimeter with intrusion detection systems, firewalls, and virus scanners, but don't neglect to monitor authorized users. The Linux Audit daemon can help you detect violations of your security policies.
ZDNet: The recent OpenOffice worm may be a sign that malware writers are starting to target the increasingly popular open-source software, industry experts say.
With this tip you will be able to work from home using VPN and that too from Linux / FreeBSD system for the proprietary Microsoft Point-to-Point vpn server.