Linux Security

LinuxSecurity.com: Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination. Find out about a new exploit that uses a weakness in the design of the internet's Border Gateway Protocol (BGP) to re-direct traffic to an eavesdropper. How do you think ISPs will respond to defending against this new technique? Check it out in the article below.

LinuxSecurity.com: Traditional antivirus software is installed on millions of individual computers around the world but according to researchers, antivirus software from popular vendors is increasingly ineffective. The researchers observed malware --malicious software--detection rates as low as 35 percent against the most recent threats and an average window of vulnerability exceeding 48 days. That means new threats went undetected for an average of seven weeks. The computer scientists also found severe vulnerabilities in the antivirus engines themselves. The researchers' new approach, called CloudAV, moves antivirus functionality into the "network cloud" and off personal computers. CloudAV analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously. This is an interesting article about the research and development of improvements to virus scanner software. Do you think this new approach will help to catch more viruses on user's machines?

LinuxSecurity.com: Carnegie-Mellon University Monday announced it's making available a free add-on to Mozilla Firefox 3.0 that's intended to boost browser security. Find out about how you can protect your Firefox 3.0 browser from digital-certificate and man-in-the-middle threats by using the new free add-on from Carnegie Mellon University. Check it out in the following informative article.

LinuxSecurity.com: Ubuntu today became the latest Linux vendor to patch a vulnerability in the open source operating system's kernel that could have left the door open for hackers to find their way into users' machines. In an email sent overnight, the Linux vendor warned users to update all machines running recent versions of Ubuntu, ranging from 6.06, which was released back in mid-2006, to version 8.04, which came out earlier this year. The problem also applied to other versions of Ubuntu such as Kubuntu, Edubuntu and Xubuntu. I am glad to see Ubuntu letting users know that they should update their kernel's because of a security vulnerability. What do you think? Do you trust your distro to provide you with important computer security information?

LinuxSecurity.com: SQL injection attacks can allow hackers to execute arbitrary SQL commands on your database through your Web site. To avoid these attacks, every piece of data supplied by a user on a Web form, through HTTP Post or CGI parameters, or other means, must be validated to not contain information that is not expected. GreenSQL is a firewall for SQL -- it sits between your Web site and MySQL database and decides which SQL statements should and should not be executed. At least that's the idea -- in execution, I found some open doors. Do you want to know how you can protect your website's MySQL server from SQL injection attacks? Then read the following article which reviews GreenSQL, a proxy which guards against these types of attacks.

LinuxSecurity.com: The most significant breach involved a system used by the Fedora Project to sign the software packages used to automatically update end users' systems. The breach also affected the Fedora Project's database and proxy servers, hosted systems and collaboration network. A smaller number of servers used by Red Hat were affected by the breach, the Fedora Project stated in its announcement. This article looks into the recent attack on the Fedora Project. What do you think the affects of this attack will be for Fedora users?

LinuxSecurity.com: In our conversations, we spoke to Sam Lamonica, CIO of Rudolph and Sletten Construction, a general building contractor; Philipp Huber, CTO/COO of the UK based XCalibre Communications, a hosting firm; Clyde Williams, Infrastructure Systems Manager for Southeast Alabama Medical Center; and Walt Cornelison, Director of Information Technology for Tropitone Furniture, a manufacturer of high-end outdoor furniture. Here's how our conversation went: Find out about how much of a concern security is in an open source environment from a select group of CIOs at real-world companies.

LinuxSecurity.com: The past few weeks have been frustrating and rewarding all at the same time. I had set a goal to configure an intrusion-detection system (IDS) using the de facto standard, Snort on Linux. In our environment, we have very little in the way of security tools and devices, and little or no budget to procure such items. This project was the first step in being able to detect potentially malicious network traffic as inexpensively as possible. security manage This article discuses a security managers experience with deploying a Linux intrusion-detection system. Have you implemented a IDS on your network? If so what was your experience?

LinuxSecurity.com: Beginning with openSUSE 11.1, SUSE users will have an additional option regarding security frameworks. In addition to AppArmor, we will be adding SELinux capabilities in openSUSE 11.1, which will allow users to enable SELinux in openSUSE if they wish. Have you hear that openSUSE 11.1 will have the options to enable SELinux? My question is how useful will enabling SElinux on SUSE will be without a useful security policy? I guess we will have to wait and see if this move will help the distributions security.

LinuxSecurity.com: As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organized forked development with the name of OpenVAS - at last a decent and free Vulnerability Scanner! OpenVAS is a network security scanner which contains a graphical user front-end to help find problems in remote systems and applications. Have you tested it out?

LinuxSecurity.com: PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these algorithms are seeded by a single 32 bit dword when they are first used in a process or one of the seeding functions srand() or mt_srand() is called. This is a great article by Stefan Esser on attacking php PRNG. He explains the attack in such a way that it's easy to understand.

LinuxSecurity.com: Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.

LinuxSecurity.com: Tresys have announced the launch of a new source repository, bugtracker and wiki for the SELinux userland code, which may be found here. The site utilizes trac for project management and git as the source code management system. Developers should use this new repository instead of the old sourceforge site. Have you heard that Tresys has created a page for SELinux userland projects? There is some great information on it if you are interested in SELinux.

LinuxSecurity.com: In 2004 Dino Dai Zovi and Shane Macaulay presented All Your Layer Are Belong To Us at Pacsec in Tokyo. This presentation focused on the insecure behavior of wireless clients. Accompanying the presentation was a tool called KARMA (KARMA Attacks Radioed Machines Automatically). This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application. The services side of KARMA was written in Ruby, making it a perfect match for integration with version 3 of the Metasploit Framework. Have you heard about the new security tool called Karmetasploit? It's said to work well for integrating with the Metaspliot Framework.

LinuxSecurity.com: The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community. Have you heard about the kernel space virus scanning API? This article discusses the debate over it within the kernel development community.

LinuxSecurity.com: Linus Torvalds, creator of the Linux kernel, says he's fed up with what he sees as a "security circus" surrounding software vulnerabilities and how they're hyped by security people. Last month Torvalds stated in an online posting that "one reason I refuse to bother with the whole security circus is that I think it glorifies -- and thus encourages -- the wrong behavior. It makes 'heroes' out of security people, as if the people who don't just fix normal bugs aren't as important. In fact, all the boring normal bugs are way more important, just because there's a lot more of them." Linux Torvalds is back in the news about his views on security. What do you think about his opinion on the security community and the attention that it gets?

LinuxSecurity.com: The key to IT security is secure software - software that is written with not only features, but also security, in mind, says David Jacobson, technical director at Linux services company Synaq. However, says Jacobson, software is seldom developed with an eye on back-end security requirements. Developers are usually under pressure to deliver on required features within tight deadlines which leave little time to check for vulnerabilities each step of the way. The result is that most software is inherently vulnerable. This article discuses some tips for making sure that the applications that you are running is secure. One tip from this article is to make sure that you know what vulnerability does the program have and are there any patches available.

LinuxSecurity.com: Firewall Builder (fwbuilder) is a graphical application that can help you to configure IP traffic filtering. It can compile the filtering policy you define into many specifications, including iptables and various languages used by Cisco and Linksys routers. Separating the actual policy you define and the implementation in this way should let you change what hardware is running your firewall without having to redefine your policy for that platform. How do you setup your firewall? Do you use an application to help or do you us just write your own Iptables? This article looks at a firewall application called fwbuilder and shows you some of the features of this software.

LinuxSecurity.com: Mozilla is moving forward on a number of initiatives to ensure that Internet security improves. Among the efforts is a new approach for determining and measuring security metrics.