The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: September 5th, 2008

Linux Security Week: September 1st, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Wider Implications of the Red Hat Breach

02 September 2008

User Rating:

How can I rate this item?

Source: LinuxWorld - Posted by John P. Forman

Reports of data losses and system breaches are almost becoming passe but from time to time events happen that take on a life of their own and have effects far beyond what the initial breach would normally represent. Late last week there was an announcement that key servers belonging to both the Fedora and Red Hat Linux distributions were compromised. With this breach they join the ranks of Ubuntu, Debian and Gentoo as Linux distributions that have suffered severe server breaches. What is the wider significance of the breach to the Fedora and Red Hat Linux distributions that occurred last week? What kind of questions should those responsible for system security be asking themselves in light of this breach? Find out in this informative article.

Write Comment

Mandriva: Subject: [Security Announce] [ MDVSA-2008:182 ] wordnet

02 September 2008

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas
Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149).
Read more...

Linux Password Policies

02 September 2008

User Rating:

How can I rate this item?

Source: tuxtraining - Posted by Bill Keys

Lets start with some basics…. Our Linux system stores its usernames and passwords in a special file : ‘/etc/password’. The passwords in this file are one way encrypted (hash-ed) through a password encryption function called ‘crypt’ using DES as the encryption algorithm. The good thing about ‘hashing’ is that you can not ‘decrypt’ the hashed passwords because the function used for hashing cannot be reversed (one-way traffic). DES generally uses keys (symmetric key cryptography) in which case things can be either encrypted or decrypted, but for encrypting passwords in Linux, only the ‘hashing’ implementation of DES is used. How much do you know about Linux passwords? This article goes into detail about how user's passwords are controlled and handled in Linux.

Write Comment (4 Comments)

Linux Security Week: September 1st, 2008

01 September 2008

User Rating:

How can I rate this item?

Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Security Configuration Guides," "SSH Key-Based Attacks," and "Protecting Your MySQL Database From SQL Injection Attacks With GreenSQL." Write Comment
Read more...

Debian: New wordnet packages fix arbitrary code execution

01 September 2008

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas
Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application.
Read more...