Author: Benjamin D. Thomas
were released for ircd, gdm, fileutils, sane, fetchmail, gdm, and fetchmail. The
distributors include Conectiva, Immunix, Mandrake, and Turbolinux.This week, Ballmer’s comments
comparing Windows and Linux Security have been all over the press. As you might
suspect, the GNU/Linux community instantly fired back rebutting all of his points.
Personally, I believe he was comparing apples and oranges and exploiting the ignorance
people have for security. Fear, uncertainty, and doubt is a common theme that
we should come to expect. Unfortunately, some believe everything they are being
told without any verification of the facts.
The point of this commentary is
not to make any arguments for or against the security of Linux, but to re-emphasize
the point that the ultimate responsibility of security relies on the person(s)
that has chosen to implement a particular piece of software. For instance, by
choosing to setup a Linux based Web server, that means you take the responsibility
of ensuring that the bare minimum is installed, access is strictly controlled,
and the system is patched as much as necessary. Unfortunately, there will always
be vulnerabilities in software due to sloppy programming. I am not trying to
discount the responsibility of software makers, I am merely suggesting that
security isn’t something that is controlled at a single point. Security is everyone’s
responsibility.
When choosing to implement a piece
of software, security should be one of the most significant factors. Does the
vendor provide timely updates? If something goes horribly wrong, can I fix it
myself? What is the security-history of this software? All questions are important
and should be addressed. I just wanted to emphasize that security shouldn’t
be a game of “my OS has less vulnerabilities than yours,” the point should be
“how easily can the problem be fixed, and/or how long do I have to wait for
an update.” Security is the responsibility of all at many levels and we shouldn’t
forget that.
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity Feature
Extras:
EnGarde
GDSN Subscription Price Reduction
– Guardian Digital, the world’s premier open source security company, announced
today that they will be reducing the annual subscription cost of the Guardian
Digital Secure Network for EnGarde Community users from $229 to $60 for a
limited time.R00ting
The Hacker
– Dan Verton, the author of The Hacker Diaries: Confessions of
Teenage Hackers is a former intelligence officer in the U.S. Marine Corps
who currently writes for Computerworld and CNN.com, covering national cyber-security
issues and critical infrastructure
protection.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]
Distribution: | Conectiva | ||
10/17/2003 | ircd | ||
DoS vulnerability
A buffer overflow vulnerability has been discovered that may allow an attacker |
|||
10/17/2003 | gdm | ||
DoS Vulnerabilities
Jarno Gassenbauer found two local denial of service vulnerabilites in GDM, |
|||
10/22/2003 | fileutils | ||
denial of service vulnerability There is a memory starvation denial of service vulnerability in the ls program. |
|||
10/22/2003 | sane | ||
tmp file vulnerabilities This update fixes several vulnerabilities in the sane package. |
|||
Distribution: | Immunix | ||
10/20/2003 | fetchmail | ||
Multiple vulnerabilities This update fixes several bugs in fetchmail, including a broken boundary |
|||
Distribution: | Mandrake | ||
10/17/2003 | gdm | ||
multiple vulnerabilities Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would |
|||
10/17/2003 | fetchmail | ||
denial of service vulnerability A bug was discovered in fetchmail 6.2.4 where a specially crafted email |
|||
Distribution: | Turbolinux | ||
10/20/2003 | kernel/kdebase Multiple updates |
||
denial of service vulnerability Multiple issues in the Linux kernel and KDM have been resolved. |
|||
Category:
- Security