| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
| |
When is a 0day not a 0day? Fake OpenSSh exploit, again (Feb 8) |
| |
When is a 0day in OpenSSH not a 0day? When it's local exploit code. Not the kind that exploits a vulnerability in the system you are logged into, to escalate privilege for example. The kind that takes advantage of potential vulnerabilities in the gray matter between your ears to make a mess of your local system. A reader wrote in to advise us of a potential 0day in the current version of OpenSSH 5.3/5.3p1 released Oct 1, 2009. http://www.linuxsecurity.com/content/view/151617
|
| |
Mozilla Removes Two Malicious Firefox Add-Ons (Feb 8) |
| |
Mozilla on Friday said that it had removed two Firefox add-ons from its Web site because they installed malware.
"Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware," Mozilla said on its security blog. "These were not originally detected with the anti-malware scanning tools that we have been using. We have since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents." http://www.linuxsecurity.com/content/view/151616
|
| |
Google's Android code deleted from Linux kernel (Feb 4) |
| |
After removing Google's Android driver code from the Linux kernel, Novell Fellow and Linux developer Greg Kroah-Hartman has argued that the mobile OS is incompatible with the project's main tree.
Kroah-Hartman deleted the Android drivers on December 11 - Android code is no more as of version 2.6.33 of the kernel release - and yesterday, with a post to his personal blog, he explained the move in detail. http://www.linuxsecurity.com/content/view/151608
|
| |
Report Details Hacks Targeting Google, Others (Feb 4) |
| |
It's been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies.
Until now we've only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. http://www.linuxsecurity.com/content/view/151607
|
| |
How Wi -Fi attackers are poisoning Web browsers (Feb 4) |
| |
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. http://www.linuxsecurity.com/content/view/151606
|
| |
Report: Google, NSA talk defense partnership (Feb 4) |
| |
Google is finalizing an agreement with the National Security Agency to help the search giant ward off cyberattacks, according to the Washington Post.
The electronic surveillance organization is expected to help analyze a cyberattack on Google that the company said originated in China, so that the company can better defend itself against future attacks, the newspaper reported Wednesday. http://www.linuxsecurity.com/content/view/151605
|
| |
Symbian OS now fully open source (Feb 4) |
| |
The Symbian Foundation will move forward on Thursday with offering up the full Symbian smartphone platform to open source.
The Symbian 3 platform, including applications, middleware, and the kernel itself, will be offered under terms of the Eclipse Public License and other open source licenses. "You can download it, you can modify it," said Larry Berkin, head of global alliances for the foundation. Previously, the kernel was made available via open source. http://www.linuxsecurity.com/content/view/151604
|
| |
U.S. 'Severely Threatened' By Cyber Attacks (Feb 4) |
| |
Testifying before the Senate Intelligence Committee on Tuesday, the top U.S. intelligence official warned that U.S. critical infrastructure is "severely threatened" and called the recent cyber attack on Google "a wake-up call to those who have not taken this problem seriously." http://www.linuxsecurity.com/content/view/151603
|
| |
atsec achieves Common Criteria Certification for Red Hat Enterprise Linux Version 5.3 at EAL4 (Feb 3) |
| |
Thanks to Andreas Fabis for sending this in to us. atsec information security is pleased to announce the successful Common Criteria Certification of Red Hat Enterprise Linux Version 5.3 at EAL 4 (augmented for flaw remediation) with the Controlled Access Protection Profile (CAPP). Under Common Criteria, products are evaluated against strict standards for various features, including security functionality, development environment, security vulnerability handling, documentation of security-related topics, and product testing. http://www.linuxsecurity.com/content/view/151596
|
| |
Introduction to OpenPGP – Encrypt, decrypt, sign and verify files for free! (Feb 3) |
| |
Are you looking for a safe way to encrypt your files and messages? What if there is a method that can do all that and more and yet it is FREE to use? If you are interested, keep reading to know about encrypting and exchanging files safely with GPG and PGP. http://www.linuxsecurity.com/content/view/151594
|
| |
Botnet sends fake SSL pings to CIA, PayPal, others (Feb 3) |
| |
In attempt to hide the location of its command-and-control server, the Pushdo botnet has been instructing its infected zombie computers to send fake SSL (Secure Sockets Layer) connections to major Web sites, a botnet expert said on Monday. http://www.linuxsecurity.com/content/view/151593
|
| |
Black Hat: Zero-day hack of Oracle 11g database revealed (Feb 3) |
| |
A well-known security researcher yesterday showed how to subvert security in the Oracle 11g database by exploiting zero-day vulnerabilities that would let a savvy user gain full and complete control.
Researcher claims hack of processor used to secure Xbox 360, other products http://www.linuxsecurity.com/content/view/151592
|
| |
Apache HTTP Server 1.3's final update released (Feb 3) |
| |
The Apache HTTP Server developers have released version 1.3.42 of the popular web server, noting that this will be the last update for the 1.3 series. The release of 1.3.42 is a bug fix and security release, with one moderate security flaw in mod_proxy fixed by preventing integer overflow on platforms where the size of an integer variable in memory was less than that of a long variable. http://www.linuxsecurity.com/content/view/151591
|
| |
PGP buys German crypto outfit to diversify (Feb 3) |
| |
The recession continues to be no barrier to acquisitions with the news that PGP Corporation has reached into its pockets to buy German encryption services company TC TrustCenter.
As usual, because the companies involved, including TC TrustCenter's US parent ChosenSecurity, are private, the sums involved has not been made public. The 75-person TC TrustCenter will continue as a division of PGP, however, with its own head and retaining its own branding. http://www.linuxsecurity.com/content/view/151590
|
| |
Fake Firefox update spreads unwanted app (Feb 3) |
| |
The successor program to the notorious Zango spyware Toolbar is being used to target users of Mozilla's Firefox with fake browser updates, a security company has alleged. http://www.linuxsecurity.com/content/view/151589
|
| |
How To Hack The Sky (Feb 2) |
| |
Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world's most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles. http://www.linuxsecurity.com/content/view/151586
|
| |
How Fedora protects your data with full disk encryption (Feb 2) |
| |
Disk encryption in one of the most overlooked and underused security tools in computing. When most people think about securing a computer or the operating system that powers it, a firewall, anti-virus, and other anti-malware software comes to mind. Those are all good and necessary tools, but they are only concerned with network security. What about physical security? What happens if someone gains unauthorized, physical access to your computer? Even with all the fancy firewall and other network security tools running, If the disk is not encrypted, check mate! Your data is now shared. http://www.linuxsecurity.com/content/view/151585
|
| |
Twitter resets passwords after phishing attack (Feb 2) |
| |
Twitter reset passwords for an unknown number of users on Tuesday whose accounts appeared to have been compromised via phishing.
"As part of Twitter's ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite," the company said in a statement. http://www.linuxsecurity.com/content/view/151584
|
| |
How to use network penetration test results (Feb 2) |
| |
You've done it; your first enterprise network penetration test is now complete. The only problem is that you have what seems like a mountain of vulnerability information, but don't know how to not only parse it to identify the truly relevant weaknesses you've uncovered, but also use that information to strengthen network defenses. http://www.linuxsecurity.com/content/view/151573
|
| |
Squid update fixes DoS vulnerability (Feb 2) |
| |
Specially crafted DNS packets can compromise the popular Squid web proxy/cache in such a way that it briefly fails to respond. The problem is caused by insufficiently checked DNS responses which Squid initially places in a queue. By sending packets that only contain a header, a queue overflow can be triggered which can apparently be exploited for Denial-of-Service (DoS) attacks. http://www.linuxsecurity.com/content/view/151572
|
| |
Accusations fly over voice encryption hack (Feb 2) |
| |
German encryption firm SecurStar has strenuously denied being behind an apparently independent test of voice encryption products that found many of its rivals could be hacked using a $100 phone-tapping program. http://www.linuxsecurity.com/content/view/151571
|
| |
Multiple vulnerabilities in VMware products (Feb 1) |
| |
VMware has advised of a number of vulnerabilities in several of its products, including ESX, Server, VirtualCenter and vCenter. According to the company, a number of the issues relate to problems in the Java Runtime Environment (JRE) and several of the 47 vulnerabilities can be used by an attacker to compromise a system. http://www.linuxsecurity.com/content/view/151566
|
| |
EFF online tool reveals 'fingerprint' browsers leave on the Web (Feb 1) |
| |
The Electronic Frontier Foundation has created an on-line tool that details the wealth of information a Web browser reveals, which can pose privacy concerns when used to profile users. http://www.linuxsecurity.com/content/view/151565
|
| |
Online Credit/Debit Card Security Failure (Feb 1) |
| |
Ross Anderson reports (via Bruce Schneier blog):
Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as "Verified by VISA" and "MasterCard SecureCode". This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It's getting hard to shop online without being forced to use it. http://www.linuxsecurity.com/content/view/151564
|
| |
Experts fret over iPad security risks (Feb 1) |
| |
Apple's much hyped iPad tablet may come tightly locked down but the device is still likely to be affected by many of the security issues that affect the iPhone, as well as some of its own.
Security experts polled by El Reg were concerned about a variety of risks, in particular phishing attacks and browser exploits. http://www.linuxsecurity.com/content/view/151563
|
Only registered users can write comments.
Please login or register.
