Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. LinuxSecurity.com Feature Extras:

Measuring Security IT Success - In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment.

In most organizations IT success is generally calculated through effectiveness, resource usage and, most importantly, how quickly the investment can be returned. To correctly quantify the ROI of information technology, organizations usually measure cost savings and increased profits since the initial implementation. Additionally, ROI can also be affected based on the overall impact the investment has on employee productivity and overall work environment of the company.

- A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

  EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
 

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
  NHS Toolkit takedown will inconvenience docs, not patients (Feb 12)
 

Patient care will not be affected by an NHS decision to pull a doctors' appraisal website offline to improve its security, but the life of UK doctors will be complicated.

The return of the NHS Appraisal Toolkit, which provides an online database that allows NHS doctors to prepare for their annual appraisals, is not due until 3 March.

news/hackscracks/nhs-toolkit-takedown-will-inconvenience-docs-not-patients
  GNOME screen lock ineffective in openSUSE Linux - Update (Feb 12)
 

The screen lock of openSUSE 11.2 can be bypassed by the simplest of means. A reader's report prompted The H's associates at heise Security to investigate. Tests confirmed that a locked desktop session can be unlocked without password by holding down the return key. This causes the GNOME screen saver to crash and unlock the desktop after only a few seconds.
  Why Data Breaches Can Go Unnoticed by Their Victims (Feb 12)
 

An analysis of data breaches by Trustwave found just 9 percent were uncovered internally by the companies that were breached. The report mirrors other studies and underscores the importance of having visibility into your IT environment as well as being able to correlate disparate events on a network.
  Data Storage, Data Backup and Storage Virtualization IronKey USB Flash Drives Prove Their Mettl (Feb 12)
 

Sturdy and secure USB flash memory storage solution is rapidly deployable with a SAAS-based configuration and management tool.

IronKey has built its Enterprise D200 and S200 USB flash drives to withstand just about anything thrown at it. And I made it my goal to find out how much of a beating it could actually take.

news/vendors-products/data-storage-data-backup-and-storage-virtualization-ironkey-usb-flash-drives-prove-their-mettl
  Install software updates and security patches without rebooting (Feb 12)
 

There's a real irony to my article this week. Just as I began to write, I got an e-mail from one of my hosted service providers. To paraphrase the message, it says: "Dear Customer, we will be performing maintenance on your application server for a few hours this weekend. We plan to install critical software updates and security patches. During this window you may experience brief interruptions in service. Sorry for the inconvenience."

news/server-security/install-software-updates-and-security-patches-without-rebooting
  Security Expert Releases New Linux Distribution for Ethical Hacking and Penetration Testing (Feb 12)
 

The Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this