|
Source: LinuxSeurity Contributors - Posted by Benjamin D. Thomas
|
Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
|
|
Source: ZDNet - Posted by Alex
|
IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. |
|
|
Source: TMC Net - Posted by Alex
|
A few years ago I wrote a paper for SANS titled “Security Implications of the Virtualized Data Center.” I had been working in system and network security for almost 10 years and, like many IT professionals, had been relying on virtualization as a system tool for many years. While using virtualization as a sandbox for security research I was drawn to virtualization security, now called virtsec, once I realized how great the security threat was in x86 virtual computing environments. |
|
|
Source: Search Security - Posted by Alex
|
One of the infosec industry's top Web security gurus said a hash algorithm flaw, discovered more than a year ago, may well be the most dangerous security flaw on the Web. |
|
|
Source: CSO Online - Posted by Alex
|
As strange as it might sound, there are times when I wish for the old days of the Internet circa the early 1990's. The days of Mosaic and Lynx, where there was no Flash, no Javascript and no Java. A simpler time where protecting your privacy and security wasn't as essential as it is today. |
|
|
Source: IT World - Posted by Alex
|
At the RSA Conference in San Francisco last week, security vendors pitched their next generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats. |
|
|
Source: Search Security - Posted by anthony
|
In this wide ranging interview, cryptographer, Taher Elgamal, chief security officer of Axway Inc. and the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks and how cloud computing may alter data protection and authentication. The SSL protocol will be updated to prevent man-in-the-middle attacks, but researchers need to find better ways to prevent malware from getting on PCs in the first place, Elgamal said. Better security at the browser layer and a greater focus on Web application security could help prevent future attacks, he said. End-to-end encryption is a marketing term that doesn't hold much weight, Elgamal said. |
|
|