Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: January 21st, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Open-source Security Moves to Next Step," "OS Tool of the Month: Perform GnuPG Functions Within Vim," and "Is Hidden Open Source Code Putting Your Apps at Risk."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
SSH: Best Practices - If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible?
Read on for my best practices for using Secure Shell.
Open Source Tool of the Month: GnuPG! - It’s the new year! And to start it off right, LinuxSecurity.com wants to start things off with January’s Open Source Tool of the month: GnuPG!
Encryption is one of the main pillars of security, and GnuPG is a robust and flexible tool with great functionality that is fully GPL Licensed. And since it just celebrated its landmark 10th Anniversary, it was an easy choice for our tool of the month.
Ten years is a long time in the open source community; a very long time. Lasting a decade, especially in these years of open source development, is nothing short of remarkable. And like all great open source projects, it came from humble beginnings - it was initiated as a way to encrypt data without relying on restricted patents (namely RSA and IDEA) by Werner Koch from Germany. Why?
Back in 1999 Richard Stallman was interested in pursuing a PGP replacement after existing patents had run out and had decided to turn to European developers...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
San Francisco - In the first column of this year, I discussed computer security outlook and hopes for 2008. I forecast more of the same that we saw in 2007: more spam, more malware, more bad guys basically owning the Internet and our connected computers. I don't see any trends or new leaders with significant power to change the status quo.
what do you see for Internet security in 2008? One thing is true computer security is more important then ever.
The work is part of a U.S. government-backed project to harden open-source code.
"We applaud the developers responsible for the 11 open-source projects that have advanced to the second rung of code security and quality," said David Maxwell, open-source strategist for Coverity.
The Open Source Hardening Project, sponsored by the U.S. Department of Homeland Security, uses Coverity's Scan, which grades projects on a "ladder" according to their progress at fixing and preventing flaws.
This article talks about the Open Source Hardening Project which was started in January 2006. It discuses the current plans for helping open source security.
OS Tool of the Month: Perform GnuPG Functions Within Vim (Jan 16)
Performing GnuPG functions from Vim is actually pretty helpful if you work heavily with both applications on a regular basis. I was recently looking for a simple way to both word wrap and clearsign various text files within Vim, and found just what I was looking for...
If you tend to use Vim and GnuPG, he aslo goes into how to encrypt, decrypt and verify text from directly within Vim. Do you use Vim?
Is Hidden Open Source Code Putting Your Apps at Risk? (Jan 16)
The most overlooked open source security vulnerabilities, according to Palamida researchers, occur in Apache Geronimo, JBoss Application Server, Libtiff, Net-SNMP and ZLIB. "The most popular projects appear in every test. This always surprises companies. There is from three to 10 times the use of open source code [in software enterprise uses] than companies realize," said Theresa Bui-Friday, cofounder of Palamida.
I believe that open source code is more secure because more people are identifying and patching any vulnerabilities found in the code. What do you think?
2007 was an interesting year for SELinux. Many issues were important and gained exposure, but what did you, the reader have to say about the most important articles in SELinux? There are many ways to judge this and one of them is by listing the most popular articles as chosen by our readers over the course of the year, based on hits. It isn't the only answer, but certainly an interesting one.
Click through to see the list of the Top SELinux stories on Linuxsecurity.com for 2007.
Also: For a COMPLETE list of all the SELinux articles that have ever appeared on LinuxSecurity.com, go here Easy to follow and organized by year, it's one of many, many resources avaialable at EnGardelinux.org with regards to SELinux.
Most Oracle Database Pros Ignore Security Patches (Jan 14)
A survey by Sentrigo indicates that most Oracle database administrators do not apply the Critical Patch Updates that Oracle issues on a quarterly basis. Oracle designed its CPU program to help customers protect databases and other products against recently discovered security vulnerabilities. However, security patching is largely neglected as 67.5 percent of the respondents said they had never applied any Oracle CPU and that leaves many databases open to exploits.
