Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: March 30th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Security Subsystem Improvements," "The First Botnet To Attack Linux Systems," and "Moving Infosec Responsibilities To The White House."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Too funny (or scary, depending on your point-of-view). Apparently Iran thinks so poorly of Microsoft Windows they won't even use it.
"Secondly, Microsoft software has a lot of backdoors and security weaknesses that are always being patched, so it is not secure. We are also under US sanctions. All this makes us think we need an alternative operating system."
Indictments in Kentucky Voting Fraud Case (Mar 25)
While not specifically related to "Linux Security" I came across this news late last week and would like to share it here. I am amazed -- and appalled -- that this story is not getting more (any) national coverage:
According to the indictment, these alleged criminal actions affected the outcome of federal, local, and state primary and general elections in 2002, 2004, and 2006.
You read that right: this is exactly the type of voting fraud that many of the experts, such as Bruce Schneier, have been talking about for years. It's no longer theory, it's practical and has actually affected the outcome of elections.
With that being said, where is the national outrage? Sure it was only state- and local-level elections in Kentucky, but now that we see vulnerabilities in these electronic voting machines being used in real life, how do we know for sure it's not affecting us in our state?
Have you ever installed updates on your embedded devices such as wireless access points and gateway devices?
Once in, it locks out other administrators with a series of iptables commands and then connects to the botnet over IRC.
The botnet does not target Windows systems, at least not directly. The initial DroneBL blog on this botnet estimates its size at 100,000 units, which I consider to be impressively large.
Moving Infosec Responsibilities To The White House (Mar 23)
A good idea?
Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives.
