Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

sec-wall: Open Source Security Proxy - sec-wall, a recently released security proxy is a one-stop place for everything related to securing HTTP/HTTPS traffic. Designed as a pragmatic solution to the question of securing servers using SSL/TLS certificates, WS-Security, HTTP Basic/Digest Auth, custom HTTP headers, XPath expressions with an option of modifying HTTP headers and URLs on the fly.

Book Review: Linux Kernel Programming - As Linux is implemented on increasingly wider number of devices, the number of people responsible for developing and maintaining Linux on those platforms have increased. As the level of maturity of the kernel increases, so does the complexity, capabilities, and size. This book provides the Linux programmer the tools necessary to understand the core aspects of the kernel and how to interface with it.

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
The Linux vs. Windows Security Mystery (May 13)

"NSA recommending Vista for home security is merely a reflection of the reality of monopoly in the retail space," said blogger Robert Pogson. "In the USA probably as few as 2 to 3 percent of users use GNU/Linux, so a recommendation is almost useless." Those who are serious about security "are already aware of SELinux, a product of the NSA. The NSA is merely recommending that folks move on from XP, a poor OS poorly supported by M$."
Everything is Hackable, and Cyber Criminals Can't Be Tracked (May 11)

Rarely a day goes by without news emerging about a giant company losing large amounts of sensitive data to a massive hacker attack. It might be Google one day, Sony the next, and a country's government agency the day after. Just replace the names, rinse, and repeat.
Is Linux Really More Secure than Windows? (May 15)

Common wisdom has held for years that Linux is superior to Windows when it comes to security issues. But now that open source is growing in popularity both on the consumer side (think Android phones) and the enterprise side (Linux runs the 10 fastest supercomputers in the world, for example, according to Wikipedia), it's time to push past the adage and look again at the whole "which is safer" issue.
(May 9)

Online attackers seem to love to exploit Web servers, because they can add scripts that quickly and automatically add malicious links to static HTML pages via an iFrame tag, or code that attempts to exploit website visitors' PCs via drive-by downloads.
Windows Vista for Better Security? I Don't Think So. (May 10)

The National Security Agency (NSA) recently published a report, "Best Practices for Keeping Your Home Network Secure" (PDF) in which it makes numerous recommendations designed to help home computer users avoid malware and other common problems.
(May 11)

A website used to co-ordinate computer attacks on Sony and other big companies by members of Anonymous has itself come under assault in what security experts and veterans of the organisation see as evidence of a split within the hacking group.
What the Sony PlayStation Network Attack Can Teach Us About Database Security (May 12)

Sony's PlayStation Network was breached between April 17 and April 19 and was taken offline by Sony on April 20. At the time of this writing, the service is still not available and it might not be available until the end of May. Much speculation has ensued on what has actually happened and the information released by Sony does not always match up with what is published elsewhere in print or on the Internet.
(May 9)

Businesses that implement VoIP (voice over IP) telephony systems on their local or wide area networks must ensure that they have effective protection against the growing incidence of VoIP hacking.
Self-Encrypting Hard Drives Face Perception Challenge (May 10)

One-third of security professionals who handle encryption don't understand self-encrypting hard disk drives. In particular, they're unsure whether the drives are better or worse than software-based encryption for preventing tampering, managing encryption, or handling authentication keys.
Whitehats break out of Google Chrome sandbox (May 10)

Researchers say they've developed attack code that pierces key defenses built into Google's Chrome browser, allowing them to reliably execute malware on end user machines.
The rising use of SSL raises new risks (May 12)

As more applications turn to SSL to help keep users secure, they may also be inadvertently hampering the ability of enterprises to ensure malicious code and exploits are not slithering through network traffic from the endpoint.
(May 12)

The Apache HTTP Server developers have released version 2.2.18 of the eponymous web server as a bug fix and security fix release. The security fix is needed because of a vulnerability to a Denial of Service (DoS) attack; the vulnerability is rated as moderate.