Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

At the DEFCON hacking conference, which ended yesterday, IT security researchers Nicholas Percoco and Christian Papathanasiou demonstrated what they claim is the first rootkit for Android. Their aim was to show how slight the obstacles to the development of a such a rootkit are and how powerful the result can be. Android is Linux-based and desktop Linux rootkits are nothing out of the ordinary.

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and used a non-Ubuntu-traditional Window Manager, with no DM.

A few companies in the Fortune 500 need to upgrade their Web browsers. And while they're at it, a little in-house training on social engineering wouldn't be a bad idea, either.

A researcher at the Def Con security conference in Las Vegas demonstrated that he could impersonate a GSM cell tower and intercept mobile phone calls using only $1500 worth of equipment. The cost-effective solution brings mobile phone snooping to the masses, and raises some concerns for mobile phone security.

James Morris, the maintainer of the Linux kernel's security subsystem, has integrated the kernel code for the AppArmor security extension into his development branch, which forms part of Linux-Next. Shortly afterwards, he announced that he also intends to send the code to Linus Torvalds for integration into the Linux 2.6.36 kernel.

Both types of attack have increased in the past year, according to the 2010 Verizon Data Breach Investigations report in partnership with the US Secret Service.This is the first time private and commercial data has been combined in a data breach report, said Matthijs Van der Wel, head of the EMEA forensics team at Verizon Business.

Well it looks like what happened to WEP all those years ago is going to happen to GSM now. The methods have been known, the theory is established but the breaking point is when freely available tools are published that makes it possible for anyone to perform the attacks even without really understanding what is going on.

A security researcher named Barnaby Jack amazed attendees at the Black Hat security conference by hacking ATM machines in a session titled "Jackpotting Automated Teller Machines Redux". There are some important lessons to be learned from the hacks Jack demonstrated, and they apply to more than just ATM machines.

In an effort to help Android developers address ongoing worries about unauthorized app copying, Google this week announced a licensing service for apps in the Android Market.

A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.Michael Coates, the head of Web security for Mozilla, said he discovered several problems while trying to sign up for the US$395 service.

Modern enterprise security often involves multiple security technologies, including firewall, IPS (define) and antivirus tools, which can't always integrate to provide a broader view of security events and data risks. But with attackers persistently probing a range of enterprise defenses looking for weaknesses, that broader view becomes a must-have.

The FBI announced that as part of a two-year, cross-border investigation into the Mariposa botnet, authorities in Slovenia last week arrested a Slovenian citizen and charged him with being the botnet's creator. The suspect, a 23-year old known as "Iserdo," has not been named. He is currently free on bail.

A security researcher today gave notice to companies that make automated teller machines (ATMs). Here on the first day of the Black Hat conference, Barnaby Jack, director of research at IOActive, demonstrated attacks that would allow a criminal to compromise ATMs, allowing hypothetical thieves to steal cash, copy customers' ATM card data, or learn the master passwords of the machines.

Rackspace announced the OpenStack project today, open sourcing much of the software it uses to run its own cloud. I spoke with Rackspace's Jonathan Bryce on the topic to get an in-depth overview, discuss Rackspace's intentions, and explore the operational future of OpenStack.

Lots of code excitement will spring from the Black Hat hacker conference this week, but already a huge controversy is erupting: Black Hat's founder thinks SSL--the security code making much of online commerce safe--is broken.

Re "A whistle-blower with global resonance," and "WikiLeaks wasn't wrong," Editorial, July 27WikiLeaks founder Julian Assange, an Australian hacker, may end up being one of the best things to ever happen to our American democracy.

The makers of the popular open-source Snort intrusion detection platform today unveiled a new open-source platform -- a detection framework that unites existing security tools, including IDS/IPSes.

Just before the Black Hat security conference begins, Google has patched seven security holes in its stable version of Chrome and has begun an effort to speed up the software industry's response to such vulnerabilities.

Global BitTorrent news source TorrentFreak has ridiculed the veracity of a University of Ballarat study on the legality of BitTorrent usage, labelling some of its claims "horribly wrong" and saying that "mistake after mistake" was made during its preparation.

The battle to develop the next generation of open source intrusion prevention systems (IPS) technology is intensifying between incumbent Snort and a US government-backed project, the Open Information Security Foundation (OISF).

Last year, a security researcher was forced to cancel his talk scheduled for two hacker conferences about weaknesses in ATM software after the ATM vendor complained.

Security firm Imperva reports a free phishing kit called "Login Spoofer 2010" that turns perpetrators into victims, is currently being touted in hacker forums. "Hackers" who have clicked through the foolproof user interface and used the program's wizard to set up their own online phishing page for PayPal,

A Norwegian startup is assuming responsibility for maintaining an open source web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January. The company, ForgeRock, has released a new version of Sun's Open Single Sign On (OpenSSO) Enterprise software, called OpenAM, that adheres to the OpenSSO roadmap established by Sun.

Two premiere security conferences -- Black Hat and DefCon -- run back-to-back in Las Vegas this week, each with their own distinct flavor. But even these events don't meet the needs of all computer security pros, setting the stage for a widening set of satellite events.

Just before the Black Hat security conference begins, Google has patched seven secuity holes in its stable version of Chrome and begun an effort to speed up the software industry's response to such vulnerabilities.

A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Las Vegas

Security experts at AirTight Networks have discovered a hole in the WPA2 Wi-Fi security protocol. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document.

Yahoo is considering investing in hackers with good ideas and technologies, a company executive said on Saturday."We are open to many ways of having a stake in creative young companies," said Jeff Kinder, Yahoo's senior vice president for media products and solutions, on the sidelines of a Yahoo Open Hack Day in Bangalore.

For the second time in two months, Mozilla on Friday rushed out a fix for Firefox to patch a problem with a browser update issued just days before.Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called "a stability problem that affected some pages with embedded plug-ins."

Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time!

The National Institute of Standards and Technology (NIST) has issued new guidelines for the implementation of full virtualization that address common security concerns with the technology.

Symantec has released the July 2010 MessageLabs Intelligence Report which contains the usual interesting and relevant facts regarding trends in spam and malware. Of particular interest in this report, though, is the fact that attacks exploiting shortened URLs have skyrocketed, and that a new approach is needed to protect against the rising threat.

Though encryption is a strong way to safeguard passwords, personal information, and other sensitive data, it can be confusing due to the acronyms and technobabble that surround the topic.Many encryption utilities--such as the BitLocker feature in Windows 7 Ultimate, or the Rohos Mini Drive utility for protecting info on a thumb drive--are available.

The users of PHP 5.2 should upgrade to 5.3 at their earliest convenience, as the active support of the 5.2 series came to an end with the release of version 5.2.14 earlier today. PHP 5.2.0 was released almost four years ago and according to the release announcement, the developers say that, in future, any further security fixes will only be released on a case-by-case basis.