Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: April 27th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Open Source Metrics On Tap For Security Patch Management," "Secure By Design: How Guardian Digital Secures EnGarde Secure Linux," and "Your Distro is Insecure: Ubuntu."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Cybercrime and Punishment: Sentencing Panel Discards Proxy Penalty (Apr 24)
The U.S. government has dropped -- for now -- a plan to classify the use of "proxy" servers as evidence of sophistication in committing a crime. Proxy servers are computers that disguise the source of Internet traffic. They are commonly used for legitimate purposes, like evading Internet censors and working from home. However, they can also be used to hide from law enforcement. The U.S. Sentencing Commission was considering a change to federal sentencing guidelines that would have increased sentences by about 25 percent for people convicted of crimes in which proxies are used.
Open Source Metrics On Tap For Security Patch Management (Apr 23)
Securosis, Microsoft team up to solicit input for building a metrics model that measures efficiency and costs of security patching. Security consulting firm Securosis is spearheading a new effort to create metrics to quantify the cost and efficiency of an organization's security patching process.
Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs (Apr 23)
More than 70 government-owned domains hit, and nearly half of the overall infections are in the U.S. Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S.
Secure By Design: How Guardian Digital Secures EnGarde Secure Linux (Apr 22)
Here is a brief abstract put together by Guardian Digital that shows security can be achieved with complete functionality, and what other platforms would look like after secure concepts are implemented.
Ubuntu Server has one of the cleanest and easiest Linux distribution installers. However, in many cases, its designers choose to ignore security in favor of ease-of-use. The result? An install that is not secure by default. Nice article, but rest assured that it's very likely whichever distro you're using is insecure. The folks at linuxsecurity are actively involved in the development of EnGarde Secure Linux, if you were looking for a platform specifically designed to be secure.
Press Release: ISC Starts Development Work on BIND 10 (Apr 22)
Internet Systems Consortium (ISC), with the support of industry leading sponsors, today reveals plans for BIND 10, the next leap forward in DNS server software. BIND 10 is being designed to serve the needs of today's dynamic and growing Internet-dependent businesses. The design goals are simple: a secure, flexible, resilient DNS server that integrates easily into the workflow and maintenance of the complex networks organizations demand.
