Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/145668

Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday.

http://www.linuxsecurity.com/content/view/151498

Do you manage Apache based web server farms with Web Application Firewall (WAF) requirements that revolve primarily around a need for central thresholding/rate limiting features? Have you found an open source WAF solution that fulfills this need? Well if you haven't, I take extra special joy in the public sharing of two open projects that I'm involved with, serving the roles of cheerleader ;), tester and injecting scope creep whenever possible to solve various forms of abuse.

http://www.linuxsecurity.com/content/view/151497

-Trusted Computer Solutions (TCS), a leading developer of cross domain and cyber security solutions, today announced that its widely adopted automated Operating System (OS) hardening tool, Security Blanket, now supports Novell SUSE as well as openSUSE and Fedora 11. The product already supports Red Hat Enterprise Linux, Solaris, and Oracle Enterprise Linux. This new version of Security Blanket also provides role-based access control (RBAC) and a JAVA-based administration console. By providing such broad OS support TCS is expanding its market reach into new U.S. verticals and into Europe.

http://www.linuxsecurity.com/content/view/151496

Which is more important in a network: the client machines or the system infrastructure? This could be debated until the cows come home and further debated to include the cows. Personally I would say the latter, but as we have seen this week, one single client machines can open up an almighty can of whoop-ass on the entire network.

http://www.linuxsecurity.com/content/view/151495

As you may have noticed, posting to this blog was light last week, as in non-existent (OK, so you didn't notice.) This was because I was engaged in some serious geeking-out at the LCA2010 conference.

One of the talks that I saw came from Jon Corbet, who gave a run-down on recent changes to the Linux kernel. A statistic that he mentioned along the way has garnered much comment: the fact that "75% of the code comes from people paid to do it." In particular, some have leapt on this figure as proof that kernel coders have "sold out", and that the famed altruistic impulse behind free software is dead. I think this is nonsense.

http://www.linuxsecurity.com/content/view/151494

The Internet Systems Consortium (ISC), the company behind the open source DNS BIND, software, has released security updates to resolve a DNSSEC-related vulnerability that could lead to Denial-of-Service (DoS) attacks. According to the relevant advisory, the server's domain validation code contains a flaw that can cause an NXDomain to be regarded as validated although it isn't. With the usual protective measures (random transaction IDs and random source ports) in place, however, the cache is not said to be open to manipulation. However, the prevention of DoS attacks is apparently, compromised. No further details were given by ISC.

http://www.linuxsecurity.com/content/view/151487

Owning a web server that has its own SSL certificate from a registered Certificate Authority (so it won't trigger any browser warnings) does have its advantages. However, the price of a certificate issued by Verisign or a similar vendor usually tends to put a quick end to such fanciful ideas. Israeli vendor StartSSL offers free SSL server certificates that are valid for a year.

http://www.linuxsecurity.com/content/view/151486

The TOR Project is advising users to upgrade to a new version of the software following a hack that compromised three of its servers.

TOR, short for "The Onion Router," is a worldwide network of servers that are used to help anonymize people's Web surfing. Web traffic is randomly routed through many servers, masking critical information such as someone's true IP (Internet Protocol) address.

http://www.linuxsecurity.com/content/view/151485

Security vendor Websense if offering Facebook users and businesses a new free ‘firewall' service that monitors their pages for malicious posts, links and spam.

Defensio 2.0 checks all posts to Facebook in real time against Websense's ThreatSeeker Network, a database of problem URLs, before deciding whether to categorise a post as malicious or unwanted.

http://www.linuxsecurity.com/content/view/151484

Pictured below is what's known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution.

http://www.linuxsecurity.com/content/view/151480

Mozilla yesterday reported a "huge increase" in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.

http://www.linuxsecurity.com/content/view/151478

The Insecure.org developers have announced the release of version 5.20 of Nmap, their popular network scanner and mapper. According to the developers, this first stable update since Nmap 5.00, released last July, includes more than 150 "significant improvements".

http://www.linuxsecurity.com/content/view/151477

The hackers who stole and published 33 million passwords from the Rockyou.com website in December needn't have bothered, a security company has revealed. Many of them were so trivial they could have been guessed anyway.

http://www.linuxsecurity.com/content/view/151476

Security architects who monitor and manage many of the underlying systems that ensure smooth data flow across the Internet are growing anxious over the deployments of some of the latest technologies designed to improve Internet security and reliability.

http://www.linuxsecurity.com/content/view/151457

This is an old report, but still one of the best on where to get started. Traditionally--if such a word can apply to the rapidly morphing digital world--companies have secured their web applications by guarding the perimeter with Web firewalls. However, the ever-growing realization is that the real vulnerability lies in the Web applications themselves, which often contain easily exploited security flaws. According to consultancy Gartner, 90 percent of externally accessible applications today are Web-enabled, and two-thirds of them have exploitable vulnerabilities.

http://www.linuxsecurity.com/content/view/151455

Arbor has released their 2009 Worldwide Infrastructure Security Report and it is an interesting read. The largest DDoS increased nearly 5-fold from 2004 to 2008 (and doubled from 2006 to 2008) to 49Gbps. At that size, you definitely need the assistance of your upstream service provider to mitigate. The report also shows the continuing trend of not reporting/referring attacks to law enforcement.

http://www.linuxsecurity.com/content/view/151454

Internet Systems Consortium (ISC) announced the release of the BIND 9.6.1-P3 security patch to address two cache poisoning vulnerabilities, "both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid."

http://www.linuxsecurity.com/content/view/151453

The ability of attackers to dig deeper and wider thanks to the proliferation of botnets was covered in the first article of this series, DDoS Attacks Are Back (and Bigger Than Before). The trend is also covered at length in The Botnet Hunters.

In this article, two IT security practitioners -- one with experience in dealing with DDoS attacks against government systems, the other an expert from the corporate side -- share what they've learned about the targets chosen for DDoS attacks and how to adjust security strategies based on those lessons.

http://www.linuxsecurity.com/content/view/151452

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It's a stop-gap solution that will enable broader OAuth adoption while OAuth 2.0, the next generation of the specification, is devised by a working group that is collaborating through the Internet Engineering Task Force (IETF).

http://www.linuxsecurity.com/content/view/151441

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee.

http://www.linuxsecurity.com/content/view/151440

First encryption vendor to provide support across Ubuntu Linux, Red Hat Linux, Mac and Windows environments.

PGP Corporation, a global leader in enterprise data protection, today announced availability of the latest version of PGP® Desktop. This new release extends PGP's leadership position in enterprise data protection and enables client convenience and compliance across all of the major desktop operating systems environments -- Windows, Mac OS X, Ubuntu Linux and Red Hat Linux. In addition to allowing disk encryption across mixed environments, PGP® Desktop for Mac now also supports Boot Camp, so users can have complete protection for machines running dual Mac OS X and Windows environments.

http://www.linuxsecurity.com/content/view/151439

According to Arbor Networks' latest annual Infrastructure Security Report (Volume 5) survey of 132 large IP operators from across the world, 35 percent of respondents put this at the top of their worry list for the next year, ahead even of the traditional anxiety over botnets and DDoS.

http://www.linuxsecurity.com/content/view/151438

One of the best ways to protect sensitive computer data like credit card numbers and social security information is to use encryption software. Encryption software executes an algorithm that is designed to encrypt data in such a way that it cannot be recovered (decrypted) without access to the key. It is a main component of all aspects of file protection and computer communication. Files on hard drives and other removable media, email messages, and packets sent over computer networks can be made secure by encryption software.

http://www.linuxsecurity.com/content/view/151428

The Perl CPAN Testers have been suffering issues accessing their sites, databases and mirrors. According to a posting on the CPAN Testers' blog, the CPAN Testers' server has been being aggressively scanned by "20-30 bots every few seconds" in what they call "a dedicated denial of service attack"; these bots "completely ignore the rules specified in robots.txt".

http://www.linuxsecurity.com/content/view/151427

The dangerous Internet Explorer attack code used in last month's attack on Google's corporate networks is now public.

The code was submitted for analysis Thursday on the Wepawet malware analysis Web site, making it publicly available. By Friday, it had been included in at least one publicly available hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee.

http://www.linuxsecurity.com/content/view/151426

Router manufacturer D-Link admitted that some of its routers have a vulnerability that could allow hackers access to a device's administrative settings, but it has issued patches.

http://www.linuxsecurity.com/content/view/151425