LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Latest News
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Some Security Stories from the Week  11 January 2008 
Source: www.ratliff.net/blog - Open Source Security - Posted by Ryan Berens   
Emily Ratliff, a blogger and "architect for Linux Security, Quality, and Support for IBM’s Linux Technology Center," lists her most pressing stories in open source security this week. Below is the list, click-through to her blog and check out her insight...

  • The Fedora Weekly News Issue 114 (dated Dec. 31, 2007) describes three “SELinux Rants” along with the response from the Fedora community.
  • Interview with Bruce Schneier called Bruce Almighty: Schneier preaches security to Linux faithful (dated Dec. 27, 2007)
  • 11 open-source projects certified as secure
  • Data center robbery leads to new thinking on security is an interesting look at the data center break-in that occurred last October.
  • Top 10 security headlines from 2007.
  • Yahoo tests support for OpenID


Best Security Stories
 
How to Mangle Information: Coverity's Open Source Bug Report  10 January 2008 
Source: ZDnet Open Source Blog - Posted by Ryan Berens   
The recent awareness on Coverity's test on Open Source projects has been making the rounds non-stop in the past days. The issue at hand here is the inherent value in what Coverity is actually providing - that is, identifying bugs in software to improve its quality.

Coverity's model is certainly one way of addressing the quality of code in an open source project. In fact, it can be a very useful model. They stated that 11 of the projects were cleared based on their "rung" system, among other observations.

But the issue is that many venues are mangling the information. First they are not stating closed source bugs/problems. Obviously, you can't compare two sides by only counting the faults on one side. To be more clear, awareness of the # of bugs in open source projects has absolutely no bearing on the absolute value of problems relative to other closed-source projects. They are exclusive of each other. Not to mention the fact that more awareness of bugs may account for bad press, but can allow for better overall security (knowledge is power).

The real problem here is that many of those covering the story are portraying it in the worst way imaginable; and in some cases, they are outright inaccurate.

Case in point, the following comment was found on the open source blog at ZDNET regarding the Firebird project - its an example of how sometimes percpetion can be misconstrued...
 
More bugs = Tighter Security (Firefox VS IE)  07 December 2007 
Source: ZDNet.com - Posted by Ryan Berens   
Catching 8 out of 10 bugs is not worse that catching 6 out of 10. And yet, this is the logic behind Microsoft's criticism of Mozilla's Firefox Web browser. To add insult to injury, we don't even know if it is, in fact, 10? Is it 20? Who knows? When there's no open dialog, you are at the whim of voluntary disclosure - disclosure that equals bad PR. But PR and true security are exclusive...

This much and more is said in an interview with Tristan Nitot, the president of Mozilla Europe. He gets into Linux, browsers, policies, security and more.

I'm surprised that bug counting, which is a terrible metric, was used by Microsoft. It isn't easy to assess security, but bug counting definitely isn't the way to do it. I'd rather talk about time to fix the duration of the window where users are at risk, which in our opinion is a much better metric.
 
EnGarde Secure Community v3.0.18 Now Available!  04 December 2007 
Source: Guardian Digital - Posted by Ryan Berens   
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
 
Security: #1 Reason Users in Asia choose Open Source  17 October 2007 
Source: LinuxWorld - Posted by Ryan Berens   
According to a report performed by IDC Research: organizations perceived open source technology as providing better security compared to proprietary products... In reality, it seems that the advantages of open source security are taking hold, so much in fact, that they are the primary reason for adoption in Asia and the region. So maybe, when Microsoft and other firms can't artificially meddle with the system, look what happens - the people speak and the choice is clear. Is the reason because proprietary versions are so insecure, that Linux is secure by comparison? Or is it that Linux, by nature, gets more attention from a driven community to create platforms that are inherently better engineered, for more security through development?
 
How much longer does AppArmor really have?  16 October 2007 
Source: Heise Security - Posted by Ryan Berens   
As of today, Novel has dissolved the AppArmor development team, centered around main developer, Crispin Cowan.

For a long time, AppArmor has been slow to be adopted due to the nature of its security structure (it differs from SELinux by its adherence to using names).

The issue here seems to be that without a funded back-end by Novell, how much longer does AppArmor really have? Is this a case of survival of the fittest? Could a name-based structure ever succeed? Certainly, with backing from Novell now gone, it may be safe to say that the project may only have another year. While a few distributions still include that support, will they be willing to include it in one year, without a large corporate backer?

It seems unlikely, at best, that another large organization is going to rise to take Novell's place, and without that AppArmor's days may be numbered.
 
EnGarde Secure Community v3.0.17 Now Available  09 October 2007 
Source: Guardian Digital - Posted by Bill Keys   
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.

 
Linux Security Spaces  19 September 2007 
Source: LXer - Posted by Ryan Berens   
As the value of Linux security grows, and the coverage it warrants, more and more sites will continue to pop up covering the security issues in Open Source. This one comes from an OSTG member named Mayank Sharma, who also is also a blogger on IBM's site.
 
Who's the BOSS?  11 September 2007 
Posted by Ryan   
The BOSSIES, or Best of Open Source Software awards, are a yearly ranking of some of the highest ranked open source tools and projects. In this year's Security category, they included many, but not all, of the best tools. And although they didn't, it is, as always a great overview of what's going on in the industry. Standard winners include Snort for Intrusion detection, Nessus for scanning, ClamAV for Anti-virus, other old-timers, and a couple of new comers. But what about the manual?

 
EnGarde Secure Community v3.0.16 Now Available  07 August 2007 
Source: Guardian Digital - Posted by Eckie Silapaswang   
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.16 (Version 3.0, Release 16). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.

 
<< Start < Prev 73 74 75 Next > End >>

Results 721 - 730 of 808
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.