Security

Enterprise-grade Linux: Five network security FOSS apps
iTWire has a story detailing five open source security applications:
http://www.itwire.com/content/view/16246/1141/1/0/
As more security applications are gobbled up by large firms, open source projects gain a unique advantage. Anytime an organization needs to make money, they are willing to draw a gray line with respect to their ethics. As most open source projects don't rely on corporate funding, they can be more strict with respect to what they call malware. It is quite likely that as the volume of malware increases, this advantage will become more clear.

Growing virus production taxes security firms
The Register points out the current problem with growing malware trends:
http://www.theregister.co.uk/2008/01/25/malware_surge/

The rate at which malware is growing is quite alarming. If this trend continues it will become impossible for anti virus firms to keep ahead of the wave. The current attitude toward malware is to take a very reactive approach. Most groups don't focus on stopping the cause of problems, but rather treating the symptoms. While there is certainly a great deal of money to be made in treating symptoms, the well is going to dry up eventually.

X Update
New versions of X.org were released this week.
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

The tricky thing with X.org is that it has to run as root, so it gives a local attacker the potential to compromise the machine.

More Vulnerability Reporting
A report was made public last week that once again compares the number of flaws fixed in various things. I think Mark Cox and Window Snyder summed things up pretty well regarding those reports:
http://blog.mozilla.com/security/2008/01/17/read-past-the-headlines-firefox-is-fixed-faster/
http://www.awe.com/mark/blog/200801161200.html

At this point any intelligent reader should notice that these reports need to be taken with a grain of salt, and the real story isn't what's reported, but what one can learn from the data.

Embedded library madness
Right now there has been a bit of news from a company named Palamida. They like to point out all the things that contain embedded copies of various open source projects.
http://www.linuxinsider.com/rsstory/61202.html

Before 2002 this was a fairly common occurrence within a number of open source projects, until there were a number of zlib flaws. This made most project rethink keeping their own local copies of the source and using the system copy instead. This ties in nicely with the above mentioned vulnerability report. More vulnerabilities doesn't always mean less secure.

Clever Tools
So a coworker pointed me at his blog today, which discusses a few really nice tools for those of us in the security world:
http://www.kernel.sg/blog/2008/01/18/running-pfiles-on-a-process-in-linux-to-report-open-files/
http://www.kernel.sg/blog/2008/01/13/psig-for-linux/

These tools should help with the analysis of various bits of software. Figuring out what a piece of malware is doing can always be challenging. Knowing what signals are being trapped along with what files are open can be most useful.

I'm back now after the holiday break and a bout with illness. Luckily it's been a fairly slow couple of weeks.

Coverity and Open Source
There were quite a few stories about Coverity this week. Most were rather poorly written and were confusing at best. The real story is best read from the Coverity site here:
http://scan.coverity.com/

In general Coverity is portrayed in a mostly positive light for providing their service to various Open Source projects. In reality it's not that simple. Using a closed source tool for the supposed benefit of Open Source is misleading at best. If Coverity was serious about improving the state of Open Source, they would release their tool under an Open Source license for the community to consume and improve upon. Right now they simply have a clever marketing program.

Bruce Schneier Interview
Computerworld has a nice interview with Bruce Schneier that even mentions Linux:
http://www.computerworld.com.au/index.php/id;1891124482;pp;1

He is one of the few security public figures who can explain things in a manner that most people can understand.