Linux Security Week: February 9th, 2010

Ls Default Copy 1

Anthony Pell

3 - 6 min read Feb 09, 2010

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline. This week we have articles on cryptography, the government, host and network security, intrusion detection, and much more.

LinuxSecurity.com Feature Extras:

Measuring Security IT Success - In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment.

In most organizations IT success is generally calculated through effectiveness, resource usage and, most importantly, how quickly the investment can be returned. To correctly quantify the ROI of information technology, organizations usually measure cost savings and increased profits since the initial implementation. Additionally, ROI can also be affected based on the overall impact the investment has on employee productivity and overall work environment of the company.

- A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

	EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
	Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
	When is a 0day not a 0day? Fake OpenSSh exploit, again (Feb 8)
	When is a 0day in OpenSSH not a 0day? When it's local exploit code. Not the kind that exploits a vulnerability in the system you are logged into, to escalate privilege for example. The kind that takes advantage of potential vulnerabilities in the gray matter between your ears to make a mess of your local system. A reader wrote in to advise us of a potential 0day in the current version of OpenSSH 5.3/5.3p1 released Oct 1, 2009. news/server-security/when-is-a-0day-not-a-0day-fake-openssh-exploit-again
	Mozilla Removes Two Malicious Firefox Add-Ons (Feb 8)
	Mozilla on Friday said that it had removed two Firefox add-ons from its Web site because they installed malware. "Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware," Mozilla said on its security blog. "These were not originally detected with the anti-malware scanning tools that we have been using. We have since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents." news/vendors-products/mozilla-removes-two-malicious-firefox-add-ons
	Google's Android code deleted from Linux kernel (Feb 4)
	After removing Google's Android driver code from the Linux kernel, Novell Fellow and Linux developer Greg Kroah-Hartman has argued that the mobile OS is incompatible with the project's main tree. Kroah-Hartman deleted the Android drivers on December 11 - Android code is no more as of version 2.6.33 of the kernel release - and yesterday, with a post to his personal blog, he explained the move in detail. news/vendors-products/googles-android-code-deleted-from-linux-kernel
	Report Details Hacks Targeting Google, Others (Feb 4)
	It's been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies. Until now we've only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. news/hackscracks/report-details-hacks-targeting-google-others
	How Wi -Fi attackers are poisoning Web browsers (Feb 4)
	Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. news/network-security/how-wi-fi-attackers-are-poisoning-web-browsers
	Report: Google, NSA talk defense partnership (Feb 4)
	Google is finalizing an agreement with the National Security Agency to help the search giant ward off cyberattacks, according to the Washington Post. The electronic surveillance organization is expected to help analyze a cyberattack on Google that the company said originated in China, so that the company can better defend itself against future attacks, the newspaper reported Wednesday. news/government/report-google-nsa-talk-defense-partnership
	Symbian OS now fully open source (Feb 4)
	The Symbian Foundation will move forward on Thursday with offering up the full Symbian smartphone platform to open source. The Symbian 3 platform, including applications, middleware, and the kernel itself, will be offered under terms of the Eclipse Public License and other open source licenses. "You can download it, you can modify it," said Larry Berkin, head of global alliances for the foundation. Previously, the kernel was made available via open source. news/vendors-products/symbian-os-now-fully-open-source
	U.S. 'Severely Threatened' By Cyber Attacks (Feb 4)
	Testifying before the Senate Intelligence Committee on Tuesday, the top U.S. intelligence official warned that U.S. critical infrastructure is "severely threatened" and called the recent cyber attack on Google "a wake-up call to those who have not taken this problem seriously." news/government/us-severely-threatened-by-cyber-attacks
	atsec achieves Common Criteria Certification for Red Hat Enterprise Linux Version 5.3 at EAL4 (Feb 3)
	Thanks to Andreas Fabis for sending this in to us. atsec information security is pleased to announce the successful Common Criteria Certification of Red Hat Enterprise Linux Version 5.3 at EAL 4 (augmented for flaw remediation) with the Controlled Access Protection Profile (CAPP). Under Common Criteria, products are evaluated against strict standards for various features, including security functionality, development environment, security vulnerability handling, documentation of security-related topics, and product testing. news/vendors-products/atsec-achieves-common-criteria-certification-for-red-hat-enterprise-linux-version-53-at-eal4
	Introduction to OpenPGP

LinuxSecurity Poll

What is the best browser with a built-in VPN?

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved