News about Linux security, security alerts and exploits

 Security-Enhanced Linux Moving into Mainstream, Dec 19, 2005

Security Enhanced Linux has move into the mainstream of operating system architecture in recent years. For those who don't understand the technology, many articles exist

This year will almost certainly go down in Web history as the Year of the Firefox. The open-source browser ended up the greatest beneficiary of the barrage of bad press aimed at Microsoft Internet Explorer and its various security vulnerabilities. With the ever-present threat of spyware, it's little surprise that so many users have made the switch to what is now widely considered to be the "safe" Web browser, at least compared with IE.

It's probably not the basis for a new network worm, but Perl format strings could be fertile ground for more targeted hacking.

A type of security flaw in Perl applications that experts thought could lead only to a denial-of-service attack is now believed to be much more serious.

Update addresses flaws that could allow a malicious attacker to remotely take control of a user's system.

Backdoor.Suckit is a Trojan horse program that runs on Linux systems. It opens a back door on the compromised computer and is able to hide its files, processes and open ports.

RealNetworks issued a critical patch last week to address three flaws that could allow a hacker to launch a remote attack to run malicious code on a user's computer.

Yes, Linux will be attacked more often in the days ahead, but far fewer attacks will get through than do on Windows.

You might think that the sky is falling the way the media has gone on a feeding frenzy related to a Linux worm. Sorry to disappoint you, but the worm will hardly affect the user base. It's not like the "Code Red" worm which self-replicated malicious code that exploited a known vulnerability in Microsoft IIS servers (CA-2001-13). Rumor has it, Wal-Mart didn't cope with it very well.

This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Linux/Slapper and BSD/Scalper worms from which it inherits the propagation strategy.

The open-source PHP Group has shipped a new version of the general-purpose scripting language to fix several potentially serious security vulnerabilities.

A working exploit for last week's Snort vulnerability has been released, a security vendor said Wednesday, but any attack should be short-lived and probably feeble.

A highly critical security vulnerability has been discovered in various flavours of the Skype IP telephony software.

The winner of the Crash and Win beta contest will nab 1,000 German beers for finding the most bugs in the upcoming Linux-based BitDefender Mail Protection for Enterprise.

Grisoft, makers of the popular AVG Anti-Virus offering, has warned that it is "only a matter of time" before Linux becomes widely targeted by virus and malware writers.

An Austrian hacker earned the dubious distinction of writing what are thought to be the first known viruses for Microsoft Corp.'s Windows Vista operating system. Written in July, the viruses take advantage of a new command shell, code-named Monad, that is included in the Windows Vista beta code.

Mozilla on Thursday released an update to its Thunderbird e-mail application to fix several security problems.

The Mozilla Foundation on Friday shipped a new version of its Thunderbird mail client to plug a potentially serious URL parsing security hole affecting Linux users.

Popular media players RealPlayer and Helix Player are at risk of a security vulnerability that could let malicious attackers launch remote attacks on a user's system, security experts say.

A bug -- like the one disclosed Tuesday in the Linux edition of Firefox -- relates to how the software processes URLs. It was rated as "extremely critical" by a security vendor.

An 'extremely critical' flaw has been found in Firefox 1.0.6 running on Linux or Unix

Mozilla 'is in much better shape' than Microsoft when it comes to fixing security problems, claims the organisation

The IT industry's obsession with comparing Windows and Linux security is a waste of time, according to top Linux bod Alan Cox. Operating system security is, he says, simply awful right across the board.

The growing popularity of open-source browsers and software may be responsible for the increasing gap between the exposure of a vulnerability and the provision of patch to fix it, security software vendor Symantec has said.

A pair of potential security vulnerabilities in the Linux kernel has been patched with a new point release.

The Mozilla Foundation has released a workaround for a critical buffer overflow vulnerability in the Firefox browser that was first made public early Friday.

A buffer-overflow vulnerability in the open source browser has been revealed by a researcher apparently frustrated with Mozilla's security procedures

Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Elm (Electronic Mail for Unix), a venerable e-mail client still used by many Linux and Unix sysadmins, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux.

A fresh security flaw has surfaced in widespread Web service protocol PHP which could allow attackers to take control of vulnerable servers.

In my case, for example, I have not used a Windows machine for any serious purpose since 1999. And in those six years, I have never had a computer virus, trojan or worm. Not a single one.

The Zotob attacks could have been prevented by proper Windows patching, or they could have easily been prevented for less by using Linux in the first place.

Q: Are Apple Computers affected in any way? Or computers running Linux?

A: No. Only computers running certain versions of Windows are affected by these worms.

Vulnerabilities in the open source instant-messaging client would allow attackers to crash the application or run malicious code on a user's PC - Gaim 1.5.0 fixes them

Serious security bugs in key parts of the latest Linux code have been fixed, but some small glitches have been introduced, according to a recent scan.

There is little to choose between Microsoft and Linux in terms of operating system security, according to experts, but misleading figures and surveys are muddying the waters for IT managers evaluating the platforms.

The IT world may be an insecure place, but don't blame Linux. In fact, very few IT pros participating in InformationWeek Research's Linux and open-source survey say Linux has introduced security problems into their IT environments.

Adobe has released details of a security glitch in its popular Acrobat Reader software which could allow attackers to seize control of a user's PC.

A security flaw in a widely-used data compression technology could put many software programs at risk of attack, experts have warned.

You hear it all the time: Monitor your logs. When there is a problem, check the logs. And it's good advice, because system and application logs tell you anything you need to know, provided you actually look at them and understand what they are saying.

Mistakes are made in both open source and in Microsoft products, Hurley says, and it's better for the world to know of a security problem so there can be a workaround for it even if no patch is available for a month.

Computer fraud has long since moved on from the activities of young geeks anxious to prove their coding virility. Today, criminal gangs are moving in, lured by the ability to rob a bank without leaving their living rooms.

Sun Microsystems has fixed a pair of security bugs in Java that could be exploited by attackers to take over computers running Windows, Linux and Solaris.

There is no silver bullet for security. The threats are as dynamic as the technologies upon which they prey. A systemic approach to security should always be considered.

Operating system vendors were given two months notice before a serious security flaw was made public but some have yet to resolve the issue, a security researcher has claimed.

The uneven skills of driver programmers have left a legion of holes in software that ships with Windows and Linux, security experts say.

I'm a bit hesitant. Can I do this? To master the software I have selected -- Red Hat Inc.'s Fedora Core 3, Snort, MySQL and BASE, as well as Apache, SSL and PHP -- I will have to rely on my little-used *nix (Unix and Linux) skills, as well as white papers and how-to articles written by those much more experienced than me in the nuts and bolts of all this.

Linux users who patched their systems for a serious security vulnerability in K Desktop Environment last month will have to patch once again, because of errors in the original patch, according to the KDE project.

Secure business networks are at risk thanks to a vulnerability in a fundamental protocol, according to security researchers at the Massachussetts Institute of Technology (MIT).

While Windows and other Microsoft Corp. products are the favorite targets of hackers, the malicious code writers are increasingly targeting software that run on other operating systems, including Apple Computer Inc.'s Mac and open-source Linux, a security research group said Monday.

RealNetworks has released a security patch aimed at plugging a flaw in its multimedia software that could allow hackers to run their own code on people's computers.

 View older news this year: Sep Aug Jul Jun May Apr Mar Feb Jan
 View news from other years: 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999
 View older news in category Security this year: Aug Jul May Apr Feb Jan
 View Security news from other years: 2007, 2006, 2005, 2004, 2003