Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: June 15th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "New DOS attacks threaten wireless data networks," "The Job of Security Guys is Not to Be Doctor No'," and "Taking almost 2k blogs to a security."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Media Misreports on Biased Pirate Bay Judge (Jun 14)
Three judges are currently reviewing the judge that handled the Pirate Bay trial to discover if he was biased or not. No decision has yet been made but the New York Times and several other publications report inaccuracies and plain wrongs that claim otherwise. Time to get the facts straight.
Mozilla releases security fixes for Firefox (Jun 13)
The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla.
A total of nine security flaws were fixed in the new release.
The patches include a fix for flaws such as one that allows scripts from page content to run with elevated privileges. With this, an attacker could cause an object such as a browser sidebar to interact with web content so that an attacker's code had elevated privileges.
Has personal security been relegated into a simple graph that shows your risk? Fraud, and even phishing risks are real. Is this capitalizing on FUD?Like many people, I'm worried about identity fraud. Not paranoid, just generally curious what the chances are that I could be victimized by things like mail theft. Sure, I could sign up for one of the fee-based identity fraud monitoring services like LifeLock or Debix, or I can get a credit report that might give me some clue that a credit card has been taken out by someone else in my name.
Now there is a Web site that offers an assessment of a person's identity fraud risk for free.
Google Native Client grows out of research phase (Jun 11)
Has anyone used this yet, or have a review of how well it performs in the real world?Satisfied that its security underpinnings are solid, Google has promoted its open-source Native Client technology to accelerate Web applications out of its research phase and is taking steps to build it into the Chrome Web browser.
"Based on our experience to date, we believe that the basic architecture of our system is sound and the implementation is supportable. So now we are undertaking a number of tasks to transition Native Client from a research technology to a development platform," said Brad Chen, Google's Native Client engineering manager, in a mailing list announcement Wednesday.
New DOS attacks threaten wireless data networks (Jun 10)
Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks.
The latest wireless network threats were outlined in a talk here Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York.
RSA Chief: the Job of Security Guys is Not to Be 'Doctor No' (Jun 10)
Web 2.0 technologies and cloud computing are extending traditional enterprise network perimeters to the point that they are practically vanishing, says a report released this week by RSA, the security division of EMC Corp. The report further states that information security managers who understand the associated risks and learn how to manage them can help their companies adopt such technologies on their own terms.
Blog Security Stats - Taking almost 2k blogs to a security (Jun 9)
Sucuri submitted a great research document they created that details the security of random blogs on the Internet for their attention to security factors.Research to determine if bloggers are taking the security of their sites seriously. We randomly selected 1747 blogs from the blog catalog and scanned them to see how secure they are... The results are interesting... Check it out. It is indeed very interesting. I'd like to hear more from this security team in the future.
Fedora 11: Leonidas is Hardly a Spartan Linux (Jun 9)
New Fedora release today, promoting improved desktop and server features, and better virtualization security.Frields added that Fedora 11 also includes something called sVirt which is SELinux (Security Enhanced) containment for virtual guests. SELinux is an access control technology that has its roots in the NSA (National Security Agency) and has been part of Fedora for years. By extending SELinux to virtual guests, Fedora is enhancing the security of its virtualization technologies.
Fedora 11 also includes what Frields described as better authentication for its virtualization manager software (virtmanager).
Virtualisation and security – the two-edged sword (Jun 9)
All new innovations in IT are a double-edged sword – with the benefits come challenges and unintended consequences. Not least server virtualisation, which does have a number of security advantages over running software directly on servers. While it's worth considering these, it's also worth weighing them up against the challenges, particularly given the relative immaturity of the technology.
Hacking Tool Lets A VM Break Out And Attack Its Host (Jun 8)
'Cloudburst' memory-corruption exploit released with Immunity's new version of Canvas penetration testing software. Researchers for some time have demonstrated the possibility of one of virtualization's worst nightmares -- a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.
Hacker named to Homeland Security Advisory Council (Jun 8)
Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.
The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano.
