Linux Today Sticky Page On this page we'll maintain links to important articles and documents that pertain to Free Software, Linux, and the tech industry. Please submit your suggestions to editors@linuxtoday.com. Thank you! (Jun 15, 2009)
Small Features
Is Bill Gates’ New Website Really Running On Linux? TechCrunch: "Sometimes tips come in that seem too good to be true. Take today, for example. I got a tip that Bill Gates’ new site, The Gates Notes, was running on a Linux-powered server." Feb 1, 2010
House Passes Cybersecurity Bill (Feb 7, 2010, 12:02 UTC) (1900 reads)
(0 talkbacks)
(feedback) NY Times: "The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online."
Fake Firefox Update Pages Push Adware (Feb 6, 2010, 04:02 UTC) (2677 reads)
(0 talkbacks)
(feedback) Threat Center Live Blog: "Adware pushers are capitalizing on the success of Firefox, packing ad serving software in with the program in an effort to increase their reach."
10 Kernel Vulnerabilities in Ubuntu 6.06, 8.04, 8.10, 9.04 and 9.10 (Feb 5, 2010, 22:32 UTC) (3101 reads)
(3 talkbacks)
(feedback) Softpedia: "Canonical announced a few hours ago the immediate availability of a new Linux kernel security update for the following Ubuntu distributions: 6.06 LTS (Dapper Drake), 8.04 LTS (Hardy Heron), 8.10 (Intrepid Ibex), 9.04 (Jaunty Jackalope) and 9.10 (Karmic Koala)."
Hacking for Fun and Profit in China’s Underworl (Feb 4, 2010, 18:33 UTC) (1736 reads)
(0 talkbacks)
(feedback) NY Times: “Microsoft and Adobe have a lot of zero days,” he said, while scanning Web sites at home. “But we don’t publish them. We want to save them so that some day we can use them.”
Flash Is at Risk, But It's Not All Adobe's Fault (Feb 1, 2010, 23:03 UTC) (2182 reads)
(0 talkbacks)
(feedback) eSecurityPlanet: "Mike Bailey, a senior security analyst with Foreground Security, is now turning the focus to how common programming bugs can enable Flash objects to attack Web sites."
Nmap 5.20 Released (Jan 26, 2010, 01:34 UTC) (1028 reads)
(0 talkbacks)
(feedback) Insecure.org: "Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements..."
The IE Fix is in (Jan 26, 2010, 00:04 UTC) (1311 reads)
(0 talkbacks)
(feedback) Sure, It's Secure: "First, the good news, Microsoft's fixed the IE bug used to attack Google. The bad news: the bug had been known for months."
Tor Project servers hacked (Jan 25, 2010, 20:33 UTC) (1115 reads)
(0 talkbacks)
(feedback) The H Open: "This is because, in early January, two of the project's seven directory authorities (moria1 and gabelmoo) as well as the metrics.torproject.org statistics server were found to have been hacked."
U.S. enables Chinese hacking of Google (Jan 25, 2010, 16:03 UTC) (2117 reads)
(5 talkbacks)
(feedback) CNN.com: "In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access."
Widespread attacks exploit newly patched IE bug (Jan 23, 2010, 18:03 UTC) (3782 reads)
(3 talkbacks)
(feedback) IT World: "Starting late Wednesday, researchers at antivirus vendor Symantec's Security Response group began spotting dozens of Web sites that contain the Internet Explorer attack..."
Microsoft Warns About 17-year-old Windows Bug (Jan 22, 2010, 17:04 UTC) (3362 reads)
(5 talkbacks)
(feedback) eSecurityPlanet: "Ormandy said that he notified Microsoft of the hole in June but, after receiving no response other than an acknowledgement, decided to publish his discussion as well as a proof-of-concept exploit."
DNSSEC Compromised Again? (Jan 22, 2010, 12:04 UTC) (1474 reads)
(0 talkbacks)
(feedback) eSecurityPlanet: "DNS Security Extensions is supposed to be the technology that helps to secure the Domain Name System, or DNS , against attack. Yet DNSSEC servers aren't always infallible, as a pair of vulnerabilities proved this week."
Make the right browser update: Firefox 3.6 (Jan 21, 2010, 22:32 UTC) (3105 reads)
(0 talkbacks)
(feedback) Cyber Cynic: "Oh the irony! After one of the biggest Internet Explorer security fiascoes ever, Microsoft is finally releasing a patch for the IE problem ... on the same day that the Mozilla Foundation is releasing the latest and greatest version of its Web browser, Firefox 3.6."
Windows hole discovered after 17 years - Update (Jan 20, 2010, 19:03 UTC) (4016 reads)
(6 talkbacks)
(feedback) The H Open: "In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7."
Russia, Brazil Lead Cyber Attack Barrage (Jan 20, 2010, 09:03 UTC) (1590 reads)
(0 talkbacks)
(feedback) eSecurityPlanet: "More than 13 percent of the world's cyber attacks originated in Russia during the third quarter, according to Akamai Technologies' "State of the Internet" report for the third quarter of 2009."
Dump Internet Explorer Now (Jan 18, 2010, 17:03 UTC) (5439 reads)
(9 talkbacks)
(feedback) Sure, It's Secure: "The latest zero-day flaw exists not just in bad old IE 6, but in every modern version of IE."
AP Exclusive: Network flaw causes scary Web error (Jan 16, 2010, 17:03 UTC) (3514 reads)
(3 talkbacks)
(feedback) Boston.com: "A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information."
Update your Adobe software Now (Jan 16, 2010, 04:03 UTC) (4659 reads)
(8 talkbacks)
(feedback) Sure, it's Secure: "Mac, Windows, or Linux user chances are you use Adobe Reader to read PDF (Portable Document Files) and Adobe Acrobat to create them. So it is that, no matter what you're running on your PC, you need to update your copies of Reader and Acrobat."
Drive, Patient Data Go Missing in California Theft (Jan 15, 2010, 20:32 UTC) (1962 reads)
(2 talkbacks)
(feedback) eSecurity: "More than 15,000 Kaiser Permanente patients in Northern California this week are being notified that their personal information, including birth dates, addresses, phone numbers and medical-record numbers, was exposed last month after an unencrypted external storage drive was stolen from an employee's car."
Microsoft Admits Zero-Day Aided Google Attackers (Jan 15, 2010, 02:21 UTC) (3507 reads)
(7 talkbacks)
(feedback) Internetnews: "Microsoft officials acknowledged that widely publicized attacks on Google and perhaps another 20 or more corporations were helped by a previously unknown zero-day (define) vulnerability in most versions of its popular browser."
GSM encryption crack made public (Jan 14, 2010, 23:04 UTC) (2047 reads)
(0 talkbacks)
(feedback) LWN.net: "The schemes commonly used to encrypt GSM telephone calls, SMS messages, and data transmissions have been theoretically broken for years at both the protocol and cipher levels, but results presented in Berlin at the 26th Chaos Communication Congress (26C3) on December 27 demonstrate that a practical attack can be easily implemented."
Oracle Patches Two Dozen Flaws (Jan 14, 2010, 00:14 UTC) (1390 reads)
(0 talkbacks)
(feedback) eSecurity Planet: ""Thirteen of the 24 new vulnerabilities are remotely exploitable without authentication," Eric Maurice, manager for security in Oracle's global technology business unit, wrote in a blog post"
What to Do When Your Laptop is Stolen (Jan 13, 2010, 07:33 UTC) (2542 reads)
(0 talkbacks)
(feedback) eSecurity Planet: "Even the most cautious among us can fall victim to laptop theft. Learn the importance of password protection, encryption, and other strategies for protecting your data--and some tools that may even help you recover your system."
The Role of Worst Practices in Insecurity (Dec 26, 2009, 00:02 UTC) (3162 reads)
(0 talkbacks)
(feedback) Freedom to Tinker: "Deploy Best Practices in your organization, the advisors say, and your security will improve. That's true, as far as it goes, but often we can make more progress by working to eliminate Worst Practices."
Hunting Rootkits with rkhunter Video Tutorial (Dec 23, 2009, 06:02 UTC) (2563 reads)
(0 talkbacks)
(feedback) BeginLinux: "A rootkit is software that is installed on your server with the purpose of hiding the fact that your server has been compromised and providing access to your server so that the intruder can easily return. It is important to understand that in order for an intruder to install a rootkit they will have to have gained the rights to do so on your server."
Attackers Buying Own Data Centers for Botnets, Spam (Dec 22, 2009, 22:02 UTC) (2355 reads)
(0 talkbacks)
(feedback) ThreatPost: "The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers."
Adobe PDF at Risk From Zero-Day Vulnerability (Dec 16, 2009, 03:03 UTC) (2355 reads)
(0 talkbacks)
(feedback) eSecurity Planet: "Users of Adobe Reader and Acrobat PDF documents could be risk from a new zero-day vulnerability, with the company saying it has gotten reports that the flaw is currently being exploited in the wild."
1 Billion Spammers Served (Dec 15, 2009, 21:32 UTC) (2997 reads)
(1 talkbacks)
(feedback) Project Honeypot: "Project Honey Pot received its billionth email spam message. The message, a picture of which is displayed below, was a United States Internal Revenue Service (IRS) phishing scam."
Another Day, Another Adobe Security Hole (Dec 15, 2009, 21:17 UTC) (2147 reads)
(0 talkbacks)
(feedback) Sure, It's Secure: "There's a new attack on Adobe Reader and Acrobat, and for now, there's no protection against it for Windows, Linux or Mac OS X."
Linux Security Kernel Clean-Up (Dec 15, 2009, 12:02 UTC) (2976 reads)
(0 talkbacks)
(feedback) Sure, It's Secure!: "Two significant Linux bugs have been founded and smashed. Here's what you need to know."
