Linux Today Sticky Page On this page we'll maintain links to important articles and documents that pertain to Free Software, Linux, and the tech industry. Please submit your suggestions to editors@linuxtoday.com. Thank you! (Jun 15, 2009)
Two front ends for Clamav (Mar 10, 2010, 21:32 UTC) (724 reads)
(0 talkbacks)
(feedback) Experimenting with GNU/Linux: "There are several graphical front ends for clam av which can make your life easy. The most popular among them are clamtk and Klamav."
Multiple Apache Web Server Flaws Patched (Mar 9, 2010, 19:36 UTC) (954 reads)
(0 talkbacks)
(feedback) Serverwatch: "The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact. That also makes security updates like the new 2.2.15 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server."
Ok, Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU (Mar 8, 2010, 00:02 UTC) (4231 reads)
(3 talkbacks)
(feedback) Bradley M. Kuhn: "Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow severely vulnerable."
Windows Security Gets Boost from Open Source ClamAV (Mar 4, 2010, 23:33 UTC) (2717 reads)
(2 talkbacks)
(feedback) eSecurityPlanet: "The open source ClamAV project is often used on servers as a way to scan and secure e-mail gateways and Windows file shares. Now ClamAV is coming to the Windows desktop too, by way of the cloud."
RSA Authentication Weakness Discovered (Mar 4, 2010, 19:03 UTC) (2333 reads)
(2 talkbacks)
(feedback) Help Net Security: "The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered."
Microsoft warns Windows XP users, 'don't touch the F1 key' (Mar 3, 2010, 03:02 UTC) (5260 reads)
(7 talkbacks)
(feedback) Computerworld: "Microsoft has warned Windows XP users not to press the F1 key when prompted by a website, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE)."
The Perils of Sudo With User Passwords (Feb 26, 2010, 23:33 UTC) (3991 reads)
(0 talkbacks)
(feedback) Longitude Tech Blog: "The consensus among new Unix and Linux users seems to be that sudo is more secure than using the root account, because it requires you type your password to perform potentially harmful actions."
Phishing, SQL Injection Attacks Surged in 2009 (Feb 26, 2010, 04:33 UTC) (1417 reads)
(0 talkbacks)
(feedback) eSecurityPlanet: "Hackers continued to have great success taking advantage of vulnerabilities in applications, such as Adobe Systems' Acrobat, and Web browsers from Mozilla and Microsoft to compromise unsuspecting users' machines or data, according to IBM's annual X-Force Trend and Risk Report."
VeriSign Debuts New Online Trust Seal (Feb 24, 2010, 03:03 UTC) (1690 reads)
(1 talkbacks)
(feedback) eSecurity Planet: "How do you know that the site you're visiting isn't infected with malware? VeriSign is trying to make the answer easier for users to know with the introduction of its new VeriSign Trust Seal."
Chuck Norris is not a Linux virus (Feb 23, 2010, 22:03 UTC) (4159 reads)
(4 talkbacks)
(feedback) Sure, It's Secure: "Get a grip people. A recent story about the so-called Chuck Norris botnet implies that it breaks Linux's security. Wrong."
Hackers Leverage Global Authority Void (Feb 23, 2010, 15:33 UTC) (1539 reads)
(3 talkbacks)
(feedback) Datamation: "The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace."
Wiretapping the Internet: Legal and Dangerous? (Feb 23, 2010, 12:33 UTC) (1718 reads)
(1 talkbacks)
(feedback) eSecurity Planet: "Various jurisdictions around the world have legal requirements to ensure that voice and data traffic can be wiretapped in the interest of public safety and national security. According to an IBM researcher, that same requirement for wiretapping, or lawful intercept of data, could potentially be abused by an attacker."
2 China Schools Said to Be Tied to Online Attacks (Feb 22, 2010, 08:03 UTC) (1890 reads)
(1 talkbacks)
(feedback) NY Times: "But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser."
Metasploit Gains Further Commercial Adoption (Feb 18, 2010, 17:32 UTC) (1165 reads)
(0 talkbacks)
(feedback) eSecurityPlanet: "The open source Metasploit framework is often the place where security vulnerabilities become usable enabling security researchers to test out exploits and fix flaws. Until recently, Metasploit was typically used only as a standalone community project, but that's no longer the case."
16 Feb 2010: Red Hat's Top 11 Most Serious Flaw Types for 2009 (Feb 17, 2010, 23:33 UTC) (1883 reads)
(0 talkbacks)
(feedback) Mark Cox: "The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors was published today listing the most widespread issues that lead to software vulnerabilities. During the creation and review of the list we spent some time to see how closely last years list matched the types of flaws we deal with at Red Hat."
2010 CWE--SANS Top 25 Most Dangerous Programming Errors (Feb 17, 2010, 20:03 UTC) (2296 reads)
(1 talkbacks)
(feedback) CWE: "The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped."
Rogue PDFs account for 80% of all exploits, says researcher (Feb 17, 2010, 17:03 UTC) (2296 reads)
(5 talkbacks)
(feedback) Computerworld: "Just hours before Adobe is slated to deliver the latest patches for its popular PDF viewer, a security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009."
Security Expert Releases New Linux Distribution for Ethical Hacking and Penetration Testing (Feb 16, 2010, 23:33 UTC) (2592 reads)
(0 talkbacks)
(feedback) IT Backbones: "Dr. Ali Jahangiri, the well known security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, is pleased to announce the launch of the Live Hacking CD, a new Linux distribution designed for ethical hacking"
Mozilla Retracts Add-On Malware Accusation (Feb 12, 2010, 20:33 UTC) (2566 reads)
(1 talkbacks)
(feedback) eSecurityPlanet: "Sometimes you get it right, and sometimes, well, you don't.
Mozilla last week said it had identified malware in two Firefox add-ons and pulled both from its Add-Ons Mozilla (AMO) Web site."
32% of computers with AV protection are infected (Feb 11, 2010, 03:03 UTC) (4724 reads)
(1 talkbacks)
(feedback) Help Net Security: "A SurfRight report shows statistics that give credibility to the lately popular opinion that one anti-virus solution is no longer enough to be sure your computer isn't infected."
New Russian botnet tries to kill rival
(Feb 10, 2010, 16:02 UTC) (2972 reads)
(3 talkbacks)
(feedback) Network World: "An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers."
OpenDNSSEC 1.0.0 released (Feb 10, 2010, 00:02 UTC) (2054 reads)
(0 talkbacks)
(feedback) Help Net Security: "Internet engineers continue to enhance Internet security with the release of OpenDNSSEC, a tool which simplifies the process of signing one or more zones with DNSSEC."
House Passes Cybersecurity Bill (Feb 7, 2010, 12:02 UTC) (2561 reads)
(0 talkbacks)
(feedback) NY Times: "The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online."
Fake Firefox Update Pages Push Adware (Feb 6, 2010, 04:02 UTC) (3523 reads)
(0 talkbacks)
(feedback) Threat Center Live Blog: "Adware pushers are capitalizing on the success of Firefox, packing ad serving software in with the program in an effort to increase their reach."
10 Kernel Vulnerabilities in Ubuntu 6.06, 8.04, 8.10, 9.04 and 9.10 (Feb 5, 2010, 22:32 UTC) (4350 reads)
(3 talkbacks)
(feedback) Softpedia: "Canonical announced a few hours ago the immediate availability of a new Linux kernel security update for the following Ubuntu distributions: 6.06 LTS (Dapper Drake), 8.04 LTS (Hardy Heron), 8.10 (Intrepid Ibex), 9.04 (Jaunty Jackalope) and 9.10 (Karmic Koala)."
Hacking for Fun and Profit in China’s Underworl (Feb 4, 2010, 18:33 UTC) (2448 reads)
(0 talkbacks)
(feedback) NY Times: “Microsoft and Adobe have a lot of zero days,” he said, while scanning Web sites at home. “But we don’t publish them. We want to save them so that some day we can use them.”
Flash Is at Risk, But It's Not All Adobe's Fault (Feb 1, 2010, 23:03 UTC) (2669 reads)
(0 talkbacks)
(feedback) eSecurityPlanet: "Mike Bailey, a senior security analyst with Foreground Security, is now turning the focus to how common programming bugs can enable Flash objects to attack Web sites."
Nmap 5.20 Released (Jan 26, 2010, 01:34 UTC) (1493 reads)
(0 talkbacks)
(feedback) Insecure.org: "Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements..."
The IE Fix is in (Jan 26, 2010, 00:04 UTC) (1715 reads)
(0 talkbacks)
(feedback) Sure, It's Secure: "First, the good news, Microsoft's fixed the IE bug used to attack Google. The bad news: the bug had been known for months."
Tor Project servers hacked (Jan 25, 2010, 20:33 UTC) (1428 reads)
(0 talkbacks)
(feedback) The H Open: "This is because, in early January, two of the project's seven directory authorities (moria1 and gabelmoo) as well as the metrics.torproject.org statistics server were found to have been hacked."
U.S. enables Chinese hacking of Google (Jan 25, 2010, 16:03 UTC) (2983 reads)
(5 talkbacks)
(feedback) CNN.com: "In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access."
Widespread attacks exploit newly patched IE bug (Jan 23, 2010, 18:03 UTC) (4777 reads)
(3 talkbacks)
(feedback) IT World: "Starting late Wednesday, researchers at antivirus vendor Symantec's Security Response group began spotting dozens of Web sites that contain the Internet Explorer attack..."
