Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Book Review: Linux Kernel Programming - As Linux is implemented on increasingly wider number of devices, the number of people responsible for developing and maintaining Linux on those platforms have increased. As the level of maturity of the kernel increases, so does the complexity, capabilities, and size. This book provides the Linux programmer the tools necessary to understand the core aspects of the kernel and how to interface with it.

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
SSH tunneling for secure web surfing (Apr 5)

Mindlessly surfing from an insecure location such as a coffee shop, a hotel room or even your workplace? Sure you are and we can understand the need -and often times the urge- to be online. Hopefully, there's an easy way to have all the security of the world and check your email and/or surf the web at the same time.
Popular open source DHCP program open to hack attacks (Apr 7)

The makers of the internet's most popular open source DHCP program have warned that it's vulnerable to hacks that allow attackers to remotely execute malicious code on underlying machines.
Comodo hack may reshape browser security (Apr 4)

Major browser makers are beginning to revisit how they handle Web authentication after last month's breach that allowed a hacker to impersonate sites including Google.com, Yahoo.com, and Skype.com.
(Apr 5)

EMC's RSA division has that it was compromised by a spear-phishing attack -- aka spoof emails -- that used a zero-day Adobe Flash vulnerability. But RSA still offered no details on the information the attacker stole.
(Apr 6)

The Internet System Consortium's (ISC) open source DHCP client (dhclient) allows DHCP servers to inject commands which could allow an attacker to obtain root privileges. The problem is caused by incorrect filtering of metadata in server response fields.
(Apr 7)

The number of new vulnerabilities being discovered has leveled off for the past two years and is well down from its 2006 peak, according to a report on 2010 security trends from Hewlett-Packard, an indication that secure software development is beginning to mature.
(Apr 7)

In a university environment, there is no time for the network to go down. The students and faculty at SUNY Old Westbury, a university located on Long Island, New York, demand 24-7 access to the internet, both on and off campus. And, of course, it isn't enough to simply keep things running, they need to be protected, too.
Wrap Firefox in a Cocoon of privacy (Apr 6)

Web browsers are ground zero for Internet security threats, and the debate over responsibility for preventing those threats has resulted in a Gordian knot. The people behind the new add-on for Firefox called Cocoon (download) want to cut through debate by serving the entire Web to you via proxy. (Cocoon is also available at GetCocoon.com.)
(Apr 7)

This discussion about enterprise mobility is one of the five themes we will be focusing on at theVentureBeat Mobile Summit, on April 25-26. We've carefully invited the top executives in mobile to discuss the biggest challenges of the day, which, if solved, can lead to much faster growth in the industry.
(Apr 5)

Google has revealed its plans for securing Secure Sockets Layer (SSL) certificates, as the security industry attempts to move on from the Comodo security breach.
Security firms learns limits of security tech (Apr 7)

Top-level data breaches often start at the bottom of the ladder. That's a lesson RSA, one of the world's premier computer security firms, learned the hard way.
Google Chrome 12 Protects Against Malware (Apr 8)

Google is updating its Chrome web browser, Chrome 12, with new performance and security features. Chrome 12 is now available in Google's dev-channel, providing users with a sneak peak of what Google has in store . Chrome 12 includes a new version of the V8 JavaScript engine as well as an overall code cleanup.