Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: May 5th, 2008
Source: Linux Security.com Editors - Posted by Ryan W. Maple
This week, perhaps the most interesting articles include "Ksplice, Rebootless Linux Kernel Security Updates", "Virtual Server Sprawl Highlights Security Concerns", and "GCC and Pointer Overflows."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: The Book of Wireless - “The Book of Wireless” by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Virtual Server Sprawl Highlights Security Concerns (May 1)
Think server sprawl is bad now? Just wait till you experience virtual server sprawl. When users can clone a virtual machine with the click of a mouse, or save versions of applications and operating systems for later use, you're asking for trouble if IT doesn't maintain tight control, virtualization management vendor Embotics warned in a session at Interop Las Vegas Tuesday. (Look through our slideshow at other products shown at Interop.)
The ease of creating and deploying virtual machines can lead to a nightmare of confusion when it comes to IT maintenance. How do you keep track of hundreds of VMs scattered about your network, all with varying operating systems and applications installed? How do you know which ones are securely patched and what other servers they can access? Read on for an overview of this growing problem and let us know what solutions you may have for virtual server sprawl.
Firefox 3 Improves Handling of Invalid SSL Certificates (May 1)
I have downloaded the beta of Firefox 3 to check out the improvements related to SSL. First, there's the added support for Extended Validation SSL certificates, but I am not very excited about that (I wrote about this previously in Extended Validation SSL certificates not going anywhere, as predicted). It's a nice feature, but it's not going to bring much good overall. On the other hand, I am very happy with the improvements to the handling of invalid SSL certificates.
A much needed improvement to handling invalid SSL certificates were added to Firefox 3. What do you think about the improvements.
CDPSnarf is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.
Read on for some example output from CDPSnarf as well as links to the actual project. Let us know if this aids in your CISCO traffic debugging!
On April 4, CERT put out a scary advisory about the GNU Compiler Collection (GCC). This advisory raises some interesting issues on when such advisories are appropriate, what programmers must do to write secure code, and whether compilers should perform optimizations which could open up security holes in poorly-written code.
Are you a c programmer? This article shows you how to make your code a little more secure. It's a very an important skill to have so take a look.
About a year ago, we took a look at the growing trend toward open-source security and highlighted 10 of the best apps available. Since then, the area has continued to mature, and now we're back highlighting 75 of the most frequently downloaded open-source security applications.
We all love lists, especially if they have to do with something we care actually care about! See if your "weapon of choice" made this particular list!
Ksplice, Rebootless Linux Kernel Security Updates (Apr 28)
"I've put together an automatic system for applying kernel security patches to the Linux kernel without rebooting it, and I wanted to share this system with the community in case others find it useful or interesting," said Jeff Arnold, announcing ksplice. He explained, "the system takes as input a kernel security patch (which can be a unified diff taken directly from Linus' GIT tree) and the source code corresponding to the running kernel, and it automatically creates a set of kernel modules to perform the update. The running kernel does not need to have been customized in advance in any way."
What do you think about ksplice? It sound like a great improvement for Linux security. I am interested in how well it works. Will in work for all security updates?
