The OpenSSH team has been made aware of an attack against the SSH
protocol version 2 by researchers at the University of London.
Unfortunately, due to the report lacking any detailed technical
description of the attack and CPNI's unwillingness to share necessary
information, we are unable to properly assess its impact.
Have you heard about the latest reported attack on the SSH protocol version 2? Do you think the SSH
team made the right decision in not doing an emergency release? If you are interested in ways to prevent this attack, please read on...
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week advisories were released for python, libxml, clamav, php, kernel, dovecot, firefox, gnutls, gdm, thunderbird, net-snmp, HPLIP, and mysql. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.
Source: James-Morris.Livejournal.com - Posted by Burhan Syed
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes.
Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information.
Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points.
This howto was performed on a Debian Lenny system. Thus some tools are Debian specific. However, tasks can be performed with other distro specific tools or even with universal tools (make).
Have you ever thought about testing Grsecurity? It takes some work what this article will walk you through it.
Hand-rolling your own Linux-based network servers, routers and wireless access points is easier than ever largely because of the proliferation of tiny, specialized Linux distributions like Zeroshell. Zeroshell weighs in at just over 100 megabytes, making it perfect for embedded devices like PC Engines WRAP boards, Soekris boards, Mini-ITX, and other small form-factor computers
Check out this lightweight Linux distro which is suited to delivering network security services running on embedded devices.
Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks.
Have you ever looked at your ssh logs and notice attackers trying to get in? This article analyses those logs and presents some recommendations to show you how to make your ssh server more secure.
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interested articles include "Problems with Penetration Testing," "Access Remote Network Services with SSH Tools," and "Protecting a Web Application Against Attacks Through HTML Shared Files."
