The Debian Testing Security team is very near to providing full
security support for the testing distribution. At the time of the last
email, two blockers for full security support were present. However,
we now are able to process embargoed issues (more on that below), so
we are happy to announce that only one blocker remains. The only
remaining blocker for full security support at this point is the
kernel. We are talking to the kernel security team about providing
testing-security support, but at the moment this task lacks
manpower.
This posting talks about the current state of the Debian Testing Security Team. They are always looking for new people to help out in testing so, check it out.
The Ruby programming language, which has become popular as the basis for web 2.0 sites such as Twitter, contains serious security flaws that could allow attackers to take over an organization's web server, according to the Ruby development team. The "disturbing" flaws, which were disclosed on Friday, could affect nearly any typical Ruby-based web application, according to Thomas Ptacek, founder of security firm Matasano.
What do you think about this newly discovered security flaw in the Rudy programming language? As ruby continues to become popular will we see more security vulnerabilities found?
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.They discussed the protection against phishing and the new malware protection, the new update mechanism for add-ons, Mozilla's security policies and processes, and the hardening of their Javascript implementation.
Check out this interview with the Mozilla's Security Team. They talk about the security features they added with their release of Firefox 3.0.
Five hours after Mozilla officially released Firefox 3.0, researchers found a vulnerability in the new browser.Tipping Point has verified the bug and reported it to Mozilla, Tipping Point said on Wednesday.Since Mozilla is still working on a fix, the researchers won't share details about the problem. Tipping Point ranked the severity of the vulnerability as high, but said that users would have to click on a link in an e-mail or visit a malicious Web page before being affected. The issue affects users of Firefox 3.0 as well as Firefox 2.0.
Wow, that was quick in only five hours a security vulnerability was found. I find it a little strange that a vulnerability was found that is said to effect Firefox 3.0 and Firefox 2.0 was not found earlier. What do you think about this latest released vulnerability to Firefox?
Linux-based systems get a lot of press in IT trade publications. A lot of that press relates to its security characteristics. In fact, some claim “Linux is the most secure operating system (OS) of them all.” Such statements are, of course, unsupportable hyperbole; while many Linux distributions may outshine both MS Windows and Apple MacOS X by a significant margin, there’s evidence to suggest that most Linux distributions are not up to the standards of FreeBSD, for instance — let alone OpenBSD, with possibly the best security record of any general-purpose operating system.
This article looks at the question of is Linux the most secure OS? What do you think? Sometime I feel that the OS is only as secure as the person using it and setting it up. But one thing is for sure is that the Open Source community gives the user the tools to make their setup as secure as they want it to be.
Source: Linux Server Security Secrets and Administration - Posted by Bill Keys
Part of the security and sysadmins tasks is the log analysis and decision taking. There is plenty of information in http://www.linux.org/apps/all/Administration/Log_Analyzers.html.
The tools I recommend is called "Lire", this tool permits the creation of several reporting formats, including html, pdf, xml, between others. It also permits to analyze many log file formats, which include MySQL, Iptables, BIND, Apache, Qmail, Postfix, Syslog and more. Lire is GPL'ed Free Software (and Open Source), built around the idea of extendibility.
This article looks at a tool called Lire" for analyzing your logs. I feel looking at your system's logs is an important security practice that users should do. By looking at your log you can find holes in your system which you should plug. Do you think analyzing your log files is a good security practice?
Let us go a little deep about the access privileges and rights which a root user has on a Linux system. Root is the default name for system administrator in a *NIX system - a super user who can do anything and everything within the operating system. As a result, root login should be used with special care. While working with a root login, we can end up doing a lot of harm to our system as well as the data, accidentally.
For any user of Linux it's important to make your root account as tight as possible from attack. This article looks as some of the security issues with root and ways to improve it's security.
There is a saying in the security world that the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground. The sentiment may be somewhat true but it is hardly a practical solution to the problems we face today in protecting servers and desktops from outside intrusion.
This article show the user the basics of Linux security. It is a great how-to for any Linux user. It looks at the basics like open services and firewalls. Do you have any quick tips for the beginner Linux user how is look to make their computer more secure?
Everybody who owns a computer will someday need to dispose of a disk drive. Before you do, it is a good idea to cleanse the drive, so no one can read your sensitive information. Deleting files and reformatting is not sufficient; determined effort can still reveal data from a drive even after it appears to be gone. To do a more thorough job, I suggest using wipe.
It's a good security practice to completely formating a drive before getting rid of your old hard drives. This article looks at some best practices in deciding how-to erase a hard drive. It recommends that user use a software called wipe but, do you have any other favorite programs.
The Scan Report on Open Source Software 2008 by vendor Coverity has found the number of defective lines of code in open source software has decreased in the past two years. According to Coverity, which analyses open source software as part of the US Department of Homeland Security's open source software hardening project, fewer lines of defective code means the overall quality and security of the software is improving.
This report makes the point that open source security is definitely something to look at. I am glad to see that the open source community is getting attention of it's strength in security.
