News about Linux security, security alerts and exploits

 Debian Linux Suffers From 'Major Security Flaw,' Gartner Warns, May 30, 2008

A popular distribution of the Linux open source operating system is vulnerable to hacks that could leave users' personal data exposed to identity thieves, according to IT consulting group Gartner.

A serious flaw in a widely-used cryptography library has seen users of several popular Linux distributions scrambling to fix the problem.

A Linux v Microsoft security debate at this year’s RSA Conference ended in a draw despite the two opposing experts failing to agree on a concurrent metrics system.

Linux servers infected with a mutating virus are commanding huge Windows botnets six years after the malware was discovered, according to security researchers.

Researchers at a major security vendor are exploring the extent to which Linux systems - especially servers - are involved in the botnet plague.

With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.

The CanSecWest security research conference promoters are thinking about giving hackers another shot at hacking a Mac, as well as Linux- and Windows-based PCs.

Windows Vista was hit by significantly fewer publicly disclosed security flaws in its first year than Windows XP and open source rivals in their first years, according to a report from Microsoft.

A mass attack ongoing for the past month against Linux Apache Web servers has become increasingly successful because its break-in method makes use of an automated password and installation process, according to a security researcher monitoring its progress.

Infected sites feed exploits to visitors--and more sites are affected than first suspected.

Popular open source projects such as Samba, the PHP, Perl, Tcl dynamic languages, and Amanda were all found to have dozens or hundreds of security exposures.

Schneier is one of three keynote speakers at Linux.conf.au 2008 and speaks with Dahna McConnachie about his presentation, books and thoughts.

For any parent, myself included, setting your kids loose on the net is a daunting prospect. We have to do it because the net is a fact of life - it's in our schools, the workplace, public libraries and in many if not most homes of the developed world. Therefore, do we really have any option but to give them Linux?

Fedora has fixed a 'highly critical' flaw in the OpenOffice suite of products more than two weeks after it was first discovered.

Even criminals are branching out from the Windows operating system, eBay's security chief says.

Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice.org that could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.

A few days late, SCO finally released its financial report, Form 10-Q, on Sept. 18 for the quarter ending on July 31. The news was bad. How bad? SCO admits that "there is substantial doubt about the company's ability to continue as a going concern."

Voice over IP outfit Skype has been caught snooping on parts of your PC operation again.

A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service.

Linux software vendor a la Mobile has released a security component that is designed to protect smartphones running the company's mobile operating system.

The Mozilla organization has released an update to its Thunderbird 2.x e-mail client that fixes two critical security holes. These same fixes were also recently implemented in Firefox 2.0.0.5.

Just days after a security researcher blasted its Java patching system, Sun Microsystems has issued a critical update to the consumer version of its Java software.

Microsoft patched fewer security flaws on its Windows Vista operating system than any other recently released desktop operating systems, the company boasted in a new study.

The FBI is in the process of locating and notifying the users of one million computers controlled by hackers through automated crime networks or "botnets," officials said Friday.

Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

Yoggie Security Systems has squeezed a complete hardware firewall for Windows systems into a USB key sized form-factor. The "Yoggie Pico" runs Linux 2.6 along with 13 security applications on a 520MHz PXA270, a powerful Intel processor popular in smartphones and other high-end consumer devices.

A newly-discovered worm targeting OpenOffice attempts to download indecent JPEG images onto compromised Windows, Mac and Linux PCs.

Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software.

Adding more fuel to the Linux versus Windows fire, a US research firm this week released a survey that noted only eight percent of Linux developers had ever seen a virus infect their systems.

I had my suspicions, but now they are confirmed. One day, security holes in the Microsoft family of operating systems will be the downfall of our electronic society.

A researcher from France Telecom has discovered the first remotely exploitable 802.11 WiFi bug on a Linux machine.

According to Symantec's tally, 40 Firefox vulnerabilities were disclosed between August and December 2006; Internet Explorer (IE), meanwhile, was hit with 54 bugs. Opera and Safari -- the browser Apple bundles with Mac OS X -- had four flaws each.

... almost one-third of the 39 Windows holes were high severity, and 20 were medium severity. Just two of the 208 Red Hat Linux security holes discovered were high severity

When Red Hat released the latest version of Red Hat Enterprise Linux desktop, the company fixed nearly 50 vulnerabilities, including some "critical" bugs.

Yoggie Security Systems has introduced inexpensive personal and small-business versions to its line of tiny, Linux-based firewalls for laptops and PCs.

In last month’s column, I said “I’m more secure on a Mac than I was on Windows XP.” Some of you asked how Linux fares in that comparison.

The One Laptop Per Child project, which proposes to give every child in the developing world a computer of his own, dazzled fans with the unveiling of its little green "$100 laptop" in November 2005. Now it's impressing hard-bitten security geeks with a plan to lock down the hundreds of millions of educational machines against spyware and computer intruders.

In what appears to be a twist on the conventional wisdom that Windows systems are more vulnerable to viruses than Linux systems, some of TomTom's GPS navigation gadgets appear to have infected Windows PCs with a "low risk" virus.

Linux distributor Debian issued a security advisory over the weekend, warning of several problems in Mozilla and associated products such as Mozilla Firefox.

According to the error report, this made it possible, under certain circumstances, to log onto an account using any password.

Alan Cox, one of the leading Linux kernel developers, has told a U.K. House of Lords hearing that neither open nor closed source developers should be liable for the security of the code they write.

The stable-kernel team has released the Linux kernel 2.6.19.2, which does away with a critical error that occurred when data was being written on hard disks and plugs a number of security holes.

Security company Panda has launched a beta version of Panda DesktopSecure for Linux.

Exploit code has been published for a security flaw in Nvidia's Linux graphics driver that could let a remote intruder take over a system.

The proprietary, closed source binary driver from Nvidia has torn open a security hole in Linux through which ill-intentioned individuals can plant arbitrary program code and then execute it with root rights.

It has proven to be the year of living dangerously, if you are using a computer that's attached too the Internet - not so much if you're using a Linux-based machine.

Venture-funded Israeli startup Yoggie Security Systems is readying a tiny, Linux-based remote access device designed to protect Windows XP laptops. The credit-card-sized Yoggie Personal Security Gatekeeper has two Ethernet ports, and runs sophisticated firewall, VPN, and monitoring software on a hardened Linux kernel, the company says.

With its latest entry into the Linux desktop market, Novell plans to make Linux more secure and make that security easier to manage, company officials said at the LinuxWorld conference.

With Microsoft Corp.'s Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses.

Mozilla Corp. on July 26 started urging Firefox users to install a newly released version of the browser, v1.5.0.5, which includes some essential security fixes.

 View older news this year: Jul Jun May Apr Mar Feb Jan
 View news from other years: 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999
 View older news in category Security this year: May Apr Feb Jan
 View Security news from other years: 2007, 2006, 2005, 2004, 2003