Linux Security

LinuxSecurity.com: Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication. Sadly, Twitter's extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong.

LinuxSecurity.com: Late in July 2010, we assessed over 21 solutions that were submitted to the Forensic Challenge on VOIP. The solutions were exceptionally high quality. It is fair to say that we all learnt a lot about this emerging threat in the process of preparing this challenge.

LinuxSecurity.com: It happens every day -- a sensitive document lies in the copier room, forgotten by the person who left it on the scanner. No big deal, right? Nobody else was able to read it.

LinuxSecurity.com: Malicious hackers are using the Google Code repository to host Trojans horses, backdoors and password stealing keyloggers, according to researchers at Zscaler.

LinuxSecurity.com: A group of security researchers began issuing what they said will be a month-long list of undisclosed bugs, as well as detailed binary analysis of known vulnerabilities. The first zero-day: A Linux-based Web hosting console.

LinuxSecurity.com: Google on Monday said that a recent report claiming it failed to patch one-third of the serious bugs in its software had the facts wrong. IBM's X-Force security unit, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated "critical" or "high" in its online services.

LinuxSecurity.com: A quick burst of 9 links for you to chew over, as picked by the Technology team "Tomorrow's WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. The futurists at Darpa are working on a project that would make it harder for troops to funnel classified material to WikiLeaks - or to foreign governments.

LinuxSecurity.com: IBM's security researchers seem to have located the problem. And it is IBM. Last Wednesday, IBM's X-Force security research team published its twice-annual study tracking the latest vulnerabilities and new attacks online.

LinuxSecurity.com: In an attempt to help secure the world from hackers while using a public hotspot, Private WiFi has officially launched its WiFi Encryption Software. Until Sept., users can qualify for a month free of the hacker proof service.

LinuxSecurity.com: Tomorrow's WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. The futurists at Darpa are working on a project that would make it harder for troops to funnel classified material to WikiLeaks - or to foreign governments. And that means if you work for the military, get ready to have your web, email and other network usage monitored even more than it is now.

LinuxSecurity.com: That nice, new computerized car you just bought could be hackable. Of course, your car is probably not a high-priority target for most malicious hackers. But security experts tell CNET that car hacking is starting to move from the realm of the theoretical to reality, thanks to new wireless technologies and evermore dependence on computers to make cars safer, more energy efficient, and modern.

LinuxSecurity.com: Comodo, a leading Internet security organization, announced today that it is offering a FREE annual subscription to BuyerTrust, a trustmark that is displayed on websites to build trust and confidence, with the purchase of any Comodo SSL Certificate.

LinuxSecurity.com: Rapid growth in the market for x86 servers over the past year brought good news for both Linux and Windows, as research firm IDC reported last week.

LinuxSecurity.com: IBM's X-Force security team has updated the security report for the first half of 2010 it released last week after two vendors questioned the correctness of the team's evaluations. The controversy was sparked by a table containing the ten vendors who left the most security holes unpatched over a period of six months:

LinuxSecurity.com: Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like "replacing your car's engine while speeding down the highway", and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!

LinuxSecurity.com: Is there a big hacker conspiracy happening right now inside your business? Research coming out of the DEFCON hacker convention suggests there is.

LinuxSecurity.com: Quantum cryptography is absolutely unbreakable, as it relies on the laws of physics to rat out eavesdroppers. But like other encryption methods, it is sometimes only as good as the users and their hardware.

LinuxSecurity.com: Security researchers have disrupted the botnet known as Pushdo, a coup that over the past 48 hours has almost completely choked the torrent of junkmail from the once-prolific spam network.

LinuxSecurity.com: With Visa releasing its tokenization best practices guide earlier this summer, security professionals and encryption vendors have debated the strengths and weaknesses of the guide. As one of the most debated topics in encryption-land, tokenization still has a long way to go before it achieves any kind of true standardization of best practices.

LinuxSecurity.com: The financial services industry is well ahead of other markets when it comes to making secure coding a reality, but other firms, including smaller independent software vendors, aren't making the effort, according to Ryan Berg, a senior architect of security research for IBM. The CEO within an organization can make the difference, Berg said.