Linux.com

NewsVac: News from around the Web

• Worst-ever software security blooper? 1 week, 1 day ago
  
  T-Mobile has issued an over-the-air fix for a laughable Android security bug that caused anything typed into its G1 phone to be interpreted by a root shell process. Prior to the fix, hackers briefly enjoyed root shell access, leading to such fun as Debian installations on
• Yoggie opens up its miniature hardware firewall 1 week, 2 days ago
  
  Yoggie Security Systems launched its new Open Firewall Pico and Open Firewall SOHO, the first open hardware firewalls based on its Gatekeeper technology. The Open Firewall products are extremely powerful Linux-based miniature computers with 520 MHz ARM CPU, 128 RAM and 128 Flash memory. These unique products will enable developers, security professionals and hobbyists to experiment with Yoggie's own open source hardware firewall for the first time.
• Chinks Appear in WPA's Wireless Security Armor 1 week, 6 days ago
  
  A partial crack could signal problems ahead, given today's wide reliance on WPA for wireless security.
• Install and Configure Nagios to Administer a Networking System 2 weeks, 2 days ago
  
  Learning Nagios 3.0 is a new book from Packt that will introduce Nagios to System Administrators who are interested in monitoring and maintaining their systems. Written by Wojciech Kocjan, this book will help users understand how Nagios works, and help set up and configure its latest version.
• G1 is Jailbroken 2 weeks, 2 days ago
  
  Well, it didn't take too long. G1 is jailbroken. Full system access, read and write, has been obtained. And this method is quite easy. A few folks at the xda-developers forum discovered you can start telnet on the device by downloading PTerminal from Android Market, and then you can telnet to the device from your computer.
• Critical vulnerability in Adobe Reader 2 weeks, 2 days ago
  
  Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe’s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.
• Android-Powered G1 Mobile Phone Flaw Patched 2 weeks, 3 days ago
  
  On October 24th, as Lisa reported, a serious vulnerability was discovered in the Google Android powered G1 mobile phone. Though security researchers classified the flaw in the Android browser as serious, Google assured users that the risk wasn't necessarily as dire as it seemed, due to the way the Android operating system restricts each application to its own area.
• Security Flaw Strikes G1 Android Phone 3 weeks, 3 days ago
  
  T-Mobile and Google work to cook up an update for a flaw found in an older open source software package.
• Security Flaw Discovered in Google's G1 Mobile Phone 3 weeks, 3 days ago
  
  Reports are emerging of a serious security flaw with the Android software that powers T-Mobile's newly-launched G1 smartphone. Charles Miller, the researcher who discovered it, says he notified Google of the flaw this week but decided to also go public with the information to protect users from becoming exploited by people with nefarious intent.
• With encrypted Wi-Fi vulnerable everyone is risking their assets 3 weeks, 3 days ago
  
  The seventh annual Wireless Security Survey from RSA reveals the continued, dramatic growth of wireless networks in the world's major financial centres. The survey of London, New York City and Paris examines the proliferation and inherent security of corporate wireless access points, public hotspots and in-home networks.
• Life in the trenches: an OpenSSH developer speaks 3 weeks, 6 days ago
  
  If you're running GNU/Linux and communicating remotely with other computers, there's a very good chance you have reason to thank Damien Miller.
• Building Confidence with a Security Blueprint 1 month ago
  
  IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organization’s broader strategic goals.
• SELinux and Security changes in the 2.6.27 Kernel 1 month, 1 week ago
  
  Here's an update on the main functional changes in security for the recently released 2.6.27 kernel.
• Diffie-Hellman Key Exchange 1 month, 1 week ago
  
  Diffie-Hellman Key Exchange is a popular mathematical key exchange algorithm. It allows two parties to establish a ‘key’ over an insecure medium such as the internet. As you will see, it doesn’t matter whether the intercepting party captures each piece of transmitted information, they will not be able to break the key in any way, other than the usual brute force method.
• The Insider Threat in IT and Financial Services 1 month, 1 week ago
  
  RSA announced the findings of its latest insider threat survey. Almost half of the respondents' job functions were in information technology. During this era of well-publicized data breaches, the results indicate that even those who should know better are not exempt from the everyday behaviors that can trigger significant risk to sensitive business information. The results of the survey show that employees are well aware of the restrictions placed upon them by their corporate IT departments, yet many often work around these controls in order to get their jobs done in a convenient and timely manner.
• More News