Linux Security

LinuxSecurity.com: The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers. When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. Learn how a new open source rootkit will make it easier to cloak malware on Linux boxes. How do you think Linux intrusion detection systems like rkhunter will deal with this challenge? Read on.

LinuxSecurity.com: A recent post from Russ Coker entitled AppArmor is Dead was tolling the death bells for AppArmor because SUSE decided to include SELinux in their operating system... not as the default, and not as a replacement for AppArmor, but it was included nonetheless. Russ determined that this was the beginning of the end for AppArmor, and I read it with some interest largely because Mandriva has settled on AppArmor as our security solution... largely because it fits with our ideal of making things nice and easy for our users. So of course, a post that seems to bring doom and gloom about our security solution is something we're interested in reading about because if it's true, then we've invested time and effort into the wrong solution. This article discusses the debate of AppArmor's future. What do you think will happen to AppArmor? Will SELinux become even more popular as a security framework?

LinuxSecurity.com: I don't know what a Zend Optimizer is, but it apparently does not play well with SELinux. I've encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work. When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2). These are well-known attack vectors and disable some very important memory protection mechanisms. See Ulrich Drepper's SELinux Memory Protection Tests for details. What to do when SELinux does not work with a software that you want to run? This article looks into how memory protection in SELinux maybe the cause of the problem.

LinuxSecurity.com: Less than a day after Google arrived on the browser scene with the launch of Chrome, two security researchers have disclosed separate vulnerabilities that could be exploited to compromise the software. Researcher Aviv Raff told SCMagazineUS.com on Wednesday that Chrome suffers from the same "carpet bomb" vulnerability once present in Apple's Safari for Windows, by which the browser does not require user permission prior to a download. Read about two new security vulnerabilities discovered in Google's Chrome browser. How do you think Google will respond to dealing with these flaws? Read about it in this informative article.

LinuxSecurity.com: Like other new browsers, the latest version of Firefox has made security a top priority, and it will alert the user if a site you're about to click on appears to be a hacker's hook. However, the way it and other browsers go about determining that sometimes results in false positives. A new Firefox plug-in adds an additional layer of verification.Intercepting Internet traffic and spying on the communication Improve customer service and productivity with Avaya Unified Communications. between two computers is a gold mine for hackers. Now Carnegie Mellon University researchers hope software they've built will make it harder for criminals to hit that jackpot. This article looks at a new plug-in for Firefox that is designed to prevent users from going to malicious websites. Have you testing this plug-in out, if so what do you think about it? Does it have too many false negatives?

LinuxSecurity.com: Security bloggers are already commenting on Google's slightly premature "Chrome" browser leak. Built on top of the Apple sponsored WebKit engine, the browser offers several security features that we have only seen so far in the beta releases of IE8. The most interesting feature discussed so far is the strict memory separation afforded by the technology, where each web application will operate in its own memory space with its own virtual machine for code execution. Web browser security is important to help protect users from computer attacks. With Google's new browses being released, how do you think it's security features will be compared to Firefox and IE?

LinuxSecurity.com: Reports of data losses and system breaches are almost becoming passe but from time to time events happen that take on a life of their own and have effects far beyond what the initial breach would normally represent. Late last week there was an announcement that key servers belonging to both the Fedora and Red Hat Linux distributions were compromised. With this breach they join the ranks of Ubuntu, Debian and Gentoo as Linux distributions that have suffered severe server breaches. What is the wider significance of the breach to the Fedora and Red Hat Linux distributions that occurred last week? What kind of questions should those responsible for system security be asking themselves in light of this breach? Find out in this informative article.

LinuxSecurity.com: Lets start with some basics.... Our Linux system stores its usernames and passwords in a special file : '/etc/password'. The passwords in this file are one way encrypted (hash-ed) through a password encryption function called 'crypt' using DES as the encryption algorithm. The good thing about 'hashing' is that you can not 'decrypt' the hashed passwords because the function used for hashing cannot be reversed (one-way traffic). DES generally uses keys (symmetric key cryptography) in which case things can be either encrypted or decrypted, but for encrypting passwords in Linux, only the 'hashing' implementation of DES is used. How much do you know about Linux passwords? This article goes into detail about how user's passwords are controlled and handled in Linux.

LinuxSecurity.com: Firefox 3.0, released not too long ago, was generally well-received. It added a load of new features, while also providing much-needed speed improvements and better memory management. Some new features, however, have met more resistance - one of them is the rather complicated user interface thrown at users when they reach a website with an invalid or expired SSL certificate. Find out why the new SSL certificate interface for Firefox 3.0 may be difficult to grasp for ordinary users, even though it is designed to improve user security. Check it out in the following article.

LinuxSecurity.com: NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security. The NSA has new page on their site with information on a tons of security resources for both open source and proprietary software. Check it out you might learn something new.

LinuxSecurity.com: US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed.