The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers. When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate.
Learn how a new open source rootkit will make it easier to cloak malware on Linux boxes. How do you think Linux intrusion detection systems like rkhunter will deal with this challenge? Read on.
A recent post from Russ Coker entitled AppArmor is Dead was tolling the death bells for AppArmor because SUSE decided to include SELinux in their operating system… not as the default, and not as a replacement for AppArmor, but it was included nonetheless. Russ determined that this was the beginning of the end for AppArmor, and I read it with some interest largely because Mandriva has settled on AppArmor as our security solution… largely because it fits with our ideal of making things nice and easy for our users. So of course, a post that seems to bring doom and gloom about our security solution is something we’re interested in reading about because if it’s true, then we’ve invested time and effort into the wrong solution.
This article discusses the debate of AppArmor's future. What do you think will happen to AppArmor? Will SELinux become even more popular as a security framework?
Lets start with some basics…. Our Linux system stores its usernames and passwords in a special file : ‘/etc/password’. The passwords in this file are one way encrypted (hash-ed) through a password encryption function called ‘crypt’ using DES as the encryption algorithm. The good thing about ‘hashing’ is that you can not ‘decrypt’ the hashed passwords because the function used for hashing cannot be reversed (one-way traffic). DES generally uses keys (symmetric key cryptography) in which case things can be either encrypted or decrypted, but for encrypting passwords in Linux, only the ‘hashing’ implementation of DES is used.
How much do you know about Linux passwords? This article goes into detail about how user's passwords are controlled and handled in Linux.
Ubuntu today became the latest Linux vendor to patch a vulnerability in the open source operating system's kernel that could have left the door open for hackers to find their way into users' machines.
In an email sent overnight, the Linux vendor warned users to update all machines running recent versions of Ubuntu, ranging from 6.06, which was released back in mid-2006, to version 8.04, which came out earlier this year. The problem also applied to other versions of Ubuntu such as Kubuntu, Edubuntu and Xubuntu.
I am glad to see Ubuntu letting users know that they should update their kernel's because of a security vulnerability. What do you think? Do you trust your distro to provide you with important computer security information?
The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community.
Have you heard about the kernel space virus scanning API? This article discusses the debate over it within the kernel development community.
With security becoming ever more important, I've been reviewing the various guides available to harden the VMware Virtual Infrastructure.
So far the results have been disappointing, though I've looked at the CISecurity VMware ESX Benchmark and the VMware VI3 Hardening Guidelines. Now for the US Government's Defense Information Systems Agency's Security Technical Implementation Guide (STIG)-a long-awaited document that all levels of the U.S. government will follow to harden and protect their VMware VI3 installations.
At first look at VM security you might think it's just like securing any hardware install OS. However, VM security come with it's own set of challenges. This likes at the security issues with hardening VMware ESX.
Loosely following up on a few previous posts regarding securing Linux and Unix and even more fun with Unix and Linux security, today we're going to look at something vaguely security-related, and also vaguely scary ;) It has to do with the root account (or user id 0) and security hardening. I've got nothing against either, so this won't be an insane diatribe, but (especially, no offense to Ubuntu) with more Linux distro's coming straight out-of-the-box with root disabled, I see the issue of security and the root user get a little confused. A lot ;)
Any Ubuntu user knows that the root account is disabled by default because of security concerns. But if we have strong passwords and firewalls do we really need to disable the root account?
In the field of penetration testing, BackTrack is today's premier Linux distribution. Designed for, created by, and used by security professionals around the globe, BackTrack is the result of a merger between two earlier, competing distributions -- WHAX and Auditor Security Collection. The most recent beta version was released on June 10.
BackTrack 3.0 beta (BT3) is showing up in a lot of places these days. There was a presentation in February at ShmooCon, an annual hacker convention. At this year's National Collegiate Cyber Defense Competition (NCCDC), it was the distro of choice for the Red Team -- the attackers -- made up of experienced security professionals.
Have you heard about the penetration tool called BackTrack? This article looks at ways to get started using BackTrack.
Source: EnterpriseNetworkingPlanet - Posted by Bill Keys
If you haven't already heard, you should be writing down your passwords. Good password security practices don't dictate that you must remember everything. Why would you want to, and what is the best way to do this securely? These, and other important questions will be answered in this article.
Having strong passwords is an basic but important security practice. This article looks at how users can use strong passwords with little effort.
Multiple vulnerabilities have been identified in various VMware products, which could be exploited by local or remote attackers to bypass security restrictions, cause a denial of service or compromise a vulnerable system.The first issue is caused by an input validation error in the "HGFS.sys" driver, which could allow local attackers to execute arbitrary code on the guest system.
The second vulnerability is caused by an untrusted library path error in "vmware-authd", which could be exploited by local unprivileged attackers to execute arbitrary code on the Linux host system.
Have you heard about the news that vulnerabilities have been found in some of VMware's software. This started to make me think what is the state of virtualization security? Do you think it's just as secure as a host installed on physical hardware?
