News about Linux security, security alerts and exploits

 Botnet discovered on Linux servers, Sep 14, 2009

A network of hijacked Linux servers is apparently being used to distribute malicious software to Windows PCs.

The story of how a Linux exploit actually wasn't, thanks to some static code analysis.

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

As security threats escalate every year, even Linux servers and operating systems have become prime targets of malware attacks, revealed IT security vendor Kaspersky Lab as they release the beta version of their antivirus solution targeted at Linux-operated file systems.

AVG has released a new anti-malware solution for Linux which combines email and file server protection in a single distribution package.

Whenever the Conficker worm comes up there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?

A worm has been used to build a botnet consisting of DSL routers running Linux, which may be still evolving.

There are some Linux system administrators out there who should be glad, very glad, they don't work for me because I'd be firing them today.

Canonical is the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel that could have left the door open for hackers to find their way into users' machines.

McAfee has promised to help protect Mobile Internet Devices (MIDs) running Moblin Linux from the dangers of the "open Internet." The security software vendor has also promised to deliver encryption software to protect data on stolen laptops that run Linux on Atom processors.

Opera Software ASA today patched seven vulnerabilities in its flagship Opera browser, but it declined to provide information about one of the bugs.

The majority of servers supporting the Fedora Linux distribution were back online on Tuesday following a mystery disruption.

Mozilla Messaging patched nine security vulnerabilities in Thunderbird yesterday, the first time it has plugged holes in the e-mail software since early May.

A popular distribution of the Linux open source operating system is vulnerable to hacks that could leave users' personal data exposed to identity thieves, according to IT consulting group Gartner.

A serious flaw in a widely-used cryptography library has seen users of several popular Linux distributions scrambling to fix the problem.

A Linux v Microsoft security debate at this year’s RSA Conference ended in a draw despite the two opposing experts failing to agree on a concurrent metrics system.

Linux servers infected with a mutating virus are commanding huge Windows botnets six years after the malware was discovered, according to security researchers.

Researchers at a major security vendor are exploring the extent to which Linux systems - especially servers - are involved in the botnet plague.

With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.

The CanSecWest security research conference promoters are thinking about giving hackers another shot at hacking a Mac, as well as Linux- and Windows-based PCs.

Windows Vista was hit by significantly fewer publicly disclosed security flaws in its first year than Windows XP and open source rivals in their first years, according to a report from Microsoft.

A mass attack ongoing for the past month against Linux Apache Web servers has become increasingly successful because its break-in method makes use of an automated password and installation process, according to a security researcher monitoring its progress.

Infected sites feed exploits to visitors--and more sites are affected than first suspected.

Popular open source projects such as Samba, the PHP, Perl, Tcl dynamic languages, and Amanda were all found to have dozens or hundreds of security exposures.

Schneier is one of three keynote speakers at Linux.conf.au 2008 and speaks with Dahna McConnachie about his presentation, books and thoughts.

For any parent, myself included, setting your kids loose on the net is a daunting prospect. We have to do it because the net is a fact of life - it's in our schools, the workplace, public libraries and in many if not most homes of the developed world. Therefore, do we really have any option but to give them Linux?

Fedora has fixed a 'highly critical' flaw in the OpenOffice suite of products more than two weeks after it was first discovered.

Even criminals are branching out from the Windows operating system, eBay's security chief says.

Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice.org that could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.

A few days late, SCO finally released its financial report, Form 10-Q, on Sept. 18 for the quarter ending on July 31. The news was bad. How bad? SCO admits that "there is substantial doubt about the company's ability to continue as a going concern."

Voice over IP outfit Skype has been caught snooping on parts of your PC operation again.

A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service.

Linux software vendor a la Mobile has released a security component that is designed to protect smartphones running the company's mobile operating system.

The Mozilla organization has released an update to its Thunderbird 2.x e-mail client that fixes two critical security holes. These same fixes were also recently implemented in Firefox 2.0.0.5.

Just days after a security researcher blasted its Java patching system, Sun Microsystems has issued a critical update to the consumer version of its Java software.

Microsoft patched fewer security flaws on its Windows Vista operating system than any other recently released desktop operating systems, the company boasted in a new study.

The FBI is in the process of locating and notifying the users of one million computers controlled by hackers through automated crime networks or "botnets," officials said Friday.

Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

Yoggie Security Systems has squeezed a complete hardware firewall for Windows systems into a USB key sized form-factor. The "Yoggie Pico" runs Linux 2.6 along with 13 security applications on a 520MHz PXA270, a powerful Intel processor popular in smartphones and other high-end consumer devices.

A newly-discovered worm targeting OpenOffice attempts to download indecent JPEG images onto compromised Windows, Mac and Linux PCs.

Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software.

Adding more fuel to the Linux versus Windows fire, a US research firm this week released a survey that noted only eight percent of Linux developers had ever seen a virus infect their systems.

I had my suspicions, but now they are confirmed. One day, security holes in the Microsoft family of operating systems will be the downfall of our electronic society.

A researcher from France Telecom has discovered the first remotely exploitable 802.11 WiFi bug on a Linux machine.

According to Symantec's tally, 40 Firefox vulnerabilities were disclosed between August and December 2006; Internet Explorer (IE), meanwhile, was hit with 54 bugs. Opera and Safari -- the browser Apple bundles with Mac OS X -- had four flaws each.

... almost one-third of the 39 Windows holes were high severity, and 20 were medium severity. Just two of the 208 Red Hat Linux security holes discovered were high severity

When Red Hat released the latest version of Red Hat Enterprise Linux desktop, the company fixed nearly 50 vulnerabilities, including some "critical" bugs.

Yoggie Security Systems has introduced inexpensive personal and small-business versions to its line of tiny, Linux-based firewalls for laptops and PCs.

In last month’s column, I said “I’m more secure on a Mac than I was on Windows XP.” Some of you asked how Linux fares in that comparison.

The One Laptop Per Child project, which proposes to give every child in the developing world a computer of his own, dazzled fans with the unveiling of its little green "$100 laptop" in November 2005. Now it's impressing hard-bitten security geeks with a plan to lock down the hundreds of millions of educational machines against spyware and computer intruders.

 View older news this year: Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan
 View news from other years: 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999
 View older news in category Security this year: Sep Jul Jun May Apr Mar
 View Security news from other years: 2008, 2007, 2006, 2005, 2004, 2003