Language Selection

English French German Italian Portuguese Spanish

Security

ASUS Eee PC rooted out of the box

Filed under
Security

risesecurity.org: We recently acquired an ASUS Eee PC. The first thing we did when we put our hands at the ASUS Eee PC was to test its security.

Mass attack on Apache servers running Linux can be stopped by disabling server's dynamic loading

Filed under
Security

scmagazineus.com: Security vendor SecureWorks reported this week that the mass attack launched against Apache web servers running on the open-source Linux operating system can be thwarted by disabling dynamic loading in the Apache configuration.

Mozilla says that flaw could lead to data leak

Filed under
Moz/FF
Security

LinuxWorld: Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.

Also: Super Techies: Brendan Eich

Cybercriminals moving beyond Microsoft to Apple and Linux

Filed under
Security

iTWire: A new report reveals that in 2007 organised criminal gangs for the first time started attacking Internet connected Apple products with the intention of stealing money. The report issues a chilling warning that the increased popularity of Mac computers and the enthusiastic take-up of net connected products such as iPhone and iPod Touch has its down side.

lies and statistics.

Filed under
Security

htmlfixit.com: Secunia have reported that more flaws were found in Redhat Linux (633) than in Windows (123), but even a blind man can see it is nowhere near a fair comparison.

SSH: Best Practices

Filed under
Linux
Security
HowTos

Are you using SSH in the best way possible? Have you configured it to be as limited and secure as possible? The goal of this document is to kick in the new year with some best practices for SSH: why you should use them, how to set them up, and how to verify that they are in place. All of the examples below assume that you are using EnGarde Secure Linux but any modern Linux distribution will do just fine since, as far as I know, everybody ships OpenSSH.

Red Hat and Firefox more buggy than Microsoft?

Filed under
Security

techworld.com: Secunia has found that the number of security bugs in the open source Red Hat Linux operating system and Firefox browsers far outstripped comparable products from Microsoft last year.

Top FOSS security vulnerabilities

Filed under
Security

linux.com: Palamida, the San Francisco company that helps companies to audit their use of open source software, has released a list of what it calls "the top five most overlooked open source vulnerabilities." To this list, Palamida has added an additional five vulnerabilities exclusively for Linux.com.

SourceForge hacked, but not to worry(?)

Filed under
Security

Matt Asay: Valleywag reports that SourceForge.net was hacked Wednesday, resulting in site downtime while SourceForge tracked down the hacker. SourceForge's Ross Turk confirms the report.

Also: Can Sourceforge marketplace open the cash drawer?

SELinux sparks tussle over Linux security model

Filed under
Linux
Security

GCN: While most security specialists would agree on the high quality of SELinux, proponents are arguing this framework is the only one that should be needed for the open-source operating system kernel. In fact, it would eliminate the need for the Linux Security Module, an open platform for outsider developers to build their own security frameworks for Linux. And this idea has raised the ire of Linux keeper Linus Torvalds.

Syndicate content

More in Tux Machines

Uselessd: A Stripped Down Version Of Systemd

The boycotting of systemd has led to the creation of uselessd, a new init daemon based off systemd that tries to strip out the "unnecessary" features. Uselessd in its early stages of development is systemd reduced to being a basic init daemon process with "the superfluous stuff cut out". Among the items removed are removing of journald, libudev, udevd, and superfluous unit types. Read more

Open source is not dead

I don’t think you can compare Red Hat to other Linux distributions because we are not a distribution company. We have a business model on Enterprise Linux. But I would compare the other distributions to Fedora because it’s a community-driven distribution. The commercially-driven distribution for Red Hat which is Enterprise Linux has paid staff behind it and unlike Microsoft we have a Security Response Team. So for example, even if we have the smallest security issue, we have a guaranteed resolution pattern which nobody else can give because everybody has volunteers, which is fine. I am not saying that the volunteers are not good people, they are often the best people in the industry but they have no hard commitments to fixing certain things within certain timeframes. They will fix it when they can. Most of those people are committed and will immediately get onto it. But as a company that uses open source you have no guarantee about the resolution time. So in terms of this, it is much better using Red Hat in that sense. It’s really what our business model is designed around; to give securities and certainties to the customers who want to use open source. Read more

10 Reasons to use open source software defined networking

Software-defined networking (SDN) is emerging as one of the fastest growing segments of open source software (OSS), which in itself is now firmly entrenched in the enterprise IT world. SDN simplifies IT network configuration and management by decoupling control from the physical network infrastructure. Read more

Only FOSSers ‘Get’ FOSS

Back on the first of September I wrote an article about Android, in which I pointed out that Google’s mobile operating system seems to be primarily designed to help sell things. This eventually led to a discussion thread on a subreddit devoted to Android. Needless to say, the fanbois and fangrrls over on Reddit didn’t cotton to my criticism and they devoted a lot of space complaining about how the article was poorly written. Read more