Sunday, April 22. 2007
Security Week in Review (2007-04-15)
There is remarkably little to write about this week. This time of year is usually pretty slow from a security point of view. This is always nice though as it gives us plenty of time to deal with some of the lower priority flaws that get pushed back during times of heavy load.
Risk report: Two years of Red Hat Enterprise Linux 4
Mark Cox wrote an interesting article looking at the last two years of security flaws in Red Hat Enterprise Linux 4. The information in this article should be rather interesting to anyone who tracks open source security flaws. There is not a lot of public analysis of open source security flaws. The article does focus on Red Hat Enterprise Linux 4, but the trends represented will apply to any Linux distribution.
Macbook hacked at cansecwest.
Apple's OS X is currently gaining attention in the security world. Historically people have considered OS X to be very secure and mostly virus and hack free. This is starting to change as researchers have been paying attention to the Mac lately. Part of this is probably the challenge it presents. Those of us in the Linux world have been enjoying a similar situation. There is little fear of viruses, and as long as one applies security updates, there isn't much fear of being compromised.
There are many people who will argue that the real reason for this is that Linux is more secure by design. I believe it's a combination of things. Historically Linux users have been a bit more savvy, this is starting to change. In the past, the desktop was also very simple. This too is changing. As Gnome and KDE gain functionality, they also gain more security flaws. For example, the fact that the desktop will display a thumbnail of many different file types gives an attacker a doorway into a system. They of course need to convince a user into downloading a file, but as we've seen from many viruses, this is no as hard as it sounds. I hope that various technologies such as SELinux and Exec-Shield will help keep most of the trash away, the human factor cannot be fixed as easily. As long as people are willing to open attachments, and visit random web sites, viruses will exist. As a friend of mine used to say "We're OK until the toaster people start using it." The "toaster people" are the normal people confused by the knob on their toasters
Risk report: Two years of Red Hat Enterprise Linux 4
Mark Cox wrote an interesting article looking at the last two years of security flaws in Red Hat Enterprise Linux 4. The information in this article should be rather interesting to anyone who tracks open source security flaws. There is not a lot of public analysis of open source security flaws. The article does focus on Red Hat Enterprise Linux 4, but the trends represented will apply to any Linux distribution.
Macbook hacked at cansecwest.
Apple's OS X is currently gaining attention in the security world. Historically people have considered OS X to be very secure and mostly virus and hack free. This is starting to change as researchers have been paying attention to the Mac lately. Part of this is probably the challenge it presents. Those of us in the Linux world have been enjoying a similar situation. There is little fear of viruses, and as long as one applies security updates, there isn't much fear of being compromised.
There are many people who will argue that the real reason for this is that Linux is more secure by design. I believe it's a combination of things. Historically Linux users have been a bit more savvy, this is starting to change. In the past, the desktop was also very simple. This too is changing. As Gnome and KDE gain functionality, they also gain more security flaws. For example, the fact that the desktop will display a thumbnail of many different file types gives an attacker a doorway into a system. They of course need to convince a user into downloading a file, but as we've seen from many viruses, this is no as hard as it sounds. I hope that various technologies such as SELinux and Exec-Shield will help keep most of the trash away, the human factor cannot be fixed as easily. As long as people are willing to open attachments, and visit random web sites, viruses will exist. As a friend of mine used to say "We're OK until the toaster people start using it." The "toaster people" are the normal people confused by the knob on their toasters
Calendar
Quicksearch
Categories
Syndicate This Blog
Blog Administration
Powered by
