LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Pardus
Bruce Schneier at LinuxConf AU  31 January 2008  Print E-mail
User Rating:      How can I rate this item?
Source: ZDNET - Posted by Ryan Berens   
Latest News Linux.conf.au kicked off its main proceedings in Melbourne on Wednesday morning with a stark message from security guru Bruce Schneier: "When security companies give you cost justifications, they're complete bull@#&&."

And so begins what is, as always, a great piece of commentary on the overall nature of security and the problems that are derived from the gap between perceived security and real security. Read on....
 
Linux security guru joins Microsoft  22 January 2008  Print E-mail
User Rating:      How can I rate this item?
Source: ZDnet.com - Posted by Ryan Berens   
Latest News Crispin Cowan, the Linux security expert behind StackGard, the Immunix Linux distro and AppArmor, has joined the Windows security team.
Originally posted by a blogger over at Microsoft. It's interesting though - what is making Microsoft go for Linux security professionals? Is there something inherently more effective about security developers with an Open Source background? Something else?
 
Most Oracle Database Pros Ignore Security Patches  14 January 2008  Print E-mail
User Rating:      How can I rate this item?
Posted by LogError   
Latest News A survey by Sentrigo indicates that most Oracle database administrators do not apply the Critical Patch Updates that Oracle issues on a quarterly basis. Oracle designed its CPU program to help customers protect databases and other products against recently discovered security vulnerabilities. However, security patching is largely neglected as 67.5 percent of the respondents said they had never applied any Oracle CPU and that leaves many databases open to exploits.
 
Some Security Stories from the Week  11 January 2008  Print E-mail
User Rating:      How can I rate this item?
Source: www.ratliff.net/blog - Open Source Security - Posted by Ryan Berens   
Latest News Emily Ratliff, a blogger and "architect for Linux Security, Quality, and Support for IBM’s Linux Technology Center," lists her most pressing stories in open source security this week. Below is the list, click-through to her blog and check out her insight...

  • The Fedora Weekly News Issue 114 (dated Dec. 31, 2007) describes three “SELinux Rants” along with the response from the Fedora community.
  • Interview with Bruce Schneier called Bruce Almighty: Schneier preaches security to Linux faithful (dated Dec. 27, 2007)
  • 11 open-source projects certified as secure
  • Data center robbery leads to new thinking on security is an interesting look at the data center break-in that occurred last October.
  • Top 10 security headlines from 2007.
  • Yahoo tests support for OpenID


Best Security Stories
 
How to Mangle Information: Coverity's Open Source Bug Report  10 January 2008  Print E-mail
User Rating:      How can I rate this item?
Source: ZDnet Open Source Blog - Posted by Ryan Berens   
Latest News The recent awareness on Coverity's test on Open Source projects has been making the rounds non-stop in the past days. The issue at hand here is the inherent value in what Coverity is actually providing - that is, identifying bugs in software to improve its quality.

Coverity's model is certainly one way of addressing the quality of code in an open source project. In fact, it can be a very useful model. They stated that 11 of the projects were cleared based on their "rung" system, among other observations.

But the issue is that many venues are mangling the information. First they are not stating closed source bugs/problems. Obviously, you can't compare two sides by only counting the faults on one side. To be more clear, awareness of the # of bugs in open source projects has absolutely no bearing on the absolute value of problems relative to other closed-source projects. They are exclusive of each other. Not to mention the fact that more awareness of bugs may account for bad press, but can allow for better overall security (knowledge is power).

The real problem here is that many of those covering the story are portraying it in the worst way imaginable; and in some cases, they are outright inaccurate.

Case in point, the following comment was found on the open source blog at ZDNET regarding the Firebird project - its an example of how sometimes percpetion can be misconstrued...
Read more...
 
<< Start < Prev 79 80 81 Next > End >>

Results 712 - 720 of 802
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Today's Security Hacks Are After More Than Bank Info
How Boston Children's Hospital Hit Back at Anonymous
SNMP DDoS Scans Spoof Google Public DNS Server
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.