Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Mark Shuttleworth Says Open-Source is More Secure Because of Diversity (datamation.com)

Submitted by darthcamaro
darthcamaro writes: 2014 was seen by some as a tough year for open-source, given the Heartbleed and Shellshock vulnerabilities that impacted millions of users and systems. Mark Shuttleworth, founder of Ubuntu Linux (and former space tourist) has a different view. 2014 was a great year for him, as he marked the 10th anniversary of Ubuntu — and in terms of security he knows exactly why the open-source model is superior.

"The great thing about open source is that it's so dynamic and has so much innovation, that we have much more diversity in our ecosystem than there has ever been in the proprietary ecosystem," Shuttleworth said. "You'll never stop security issues from occurring in either open source or proprietary software but you deal with issues faster in open source."

Submission + - WordPress Can Now Automatically Update Plugins (eweek.com)

Submitted by darthcamaro
darthcamaro writes: There have been lots of stories here on /. in recent years about vulnerable WordPress plugins that aren't patched by users, resulting in those sites being exploited by attackers. While WordPress has provided a fully automated way to keep the core WordPress application updated for security fixes, plugins have been a gap. With the new Jetpack update from WordPress.com, a site administrator can now choose a setting that will enable automatic updates of plugins.
Is this the feature that could make massive WordPress exploits extinct in the future?

Comment Grinch is not a flaw - has no CVE!!! (Score 5, Informative) 118

by darthcamaro (#48628735) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking
The linked story is factually incorrect. Red Hat (and others) have publicly stated that this isn't a flaw at all but is in fact an expected and specified feature of PolicyKIt. I spoke with Red Hat on this, which is something that neither of the linked articles in this /. post did. It's not a flaw at all.
Also check out Red Hat Knowledgebase article on this too.

A report has been released detailing an issue that the reporter is naming "Grinch". This report incorrectly classifies expected behavior as a security issue.

Submission + - Linux Hit by Privilege Escalation Flaw; The Grinch is Not to Blame (eweek.com) 1

Submitted by darthcamaro
darthcamaro writes: Some media outlets in the past 24 hours have been reporting on a new alleged flaw in Linux that has been branded as the Grinch. The only problem with the flaw, is that it's not actually a flaw at all, it's a pre-defined feature in PolicyKit.

Basically, this bug report on Grinch was a bit more sensational than it needed to be," Josh Bressers, lead of the Red Hat Product Security Team said.

Ironically though, the same day that the Grinch was disclosed, a bona fide real Linux kernel privilege escalation vulnerability identified as CVE-2014-9322 was disclosed and patched.

Submission + - After a Five Year Delay, Snort 3.0 is Back in Development (eweek.com)

Submitted by darthcamaro
darthcamaro writes: The world's most popular open-source Intrusion Prevention System (IPS) has long been Snort, but it has been a while since there has been a major upgrade. Back in 2009 an effort started to build a Snort 3.0 but it got shelved. This week, Cisco announced that Snort 3.0 is now in development and it will bring a new policy language engine and a new command line shell.

"The user-friendliness features, for example, might enable users to build a programmatic interface for Snort, so when you run it, it can ask the user what class of attacks to look for," Marty Roesch, Snort founder said

Submission + - Red Hat Enterprise Linux 7.1 Set To Beef Up Security (eweek.com)

Submitted by darthcamaro
darthcamaro writes: Red Hat Enterprise Linux 7.1 is now out as a public beta and it has a long list of new features including improved Ceph storage support and windows Common Internet File System (CIFS) integration. Security is a big item in the new release with a number of new capabilities including support for FreeOTP for two-factor authentication, a new Certificate Authority managements system and an guide for the Security Content Automation Protocol (SCAP)

Submission + - Cisco, Akamai, EFF and Mozilla Partner for New Free Let's Encrypt SSL Service (eweek.com)

Submitted by darthcamaro
darthcamaro writes: We all know we should deploy SSL/TLS on our servers but it's not always easier (or cheap) to do properly. That's the reason why the Electronic Frontier Foundation (EFF), Cisco, Akamai and Mozilla have come together for the 'Let's Encrypt' initiative which will provide free certificates backed by a free certificate authority

Peter Eckersley, technology projects director at the EFF said: "To Websites that have been struggling with HTTPS, and Internet users who are frustrated by a lack of privacy and security, we have a simple message: Help is on the way."

Submission + - Does Open Source Have Any Natural Enemies? (eweek.com) 1

Submitted by darthcamaro
darthcamaro writes: Usually, proprietary closed software is thought off as being the enemy of open source, but that's not necessarily the case. At the OpenStack Summit in Paris, Mark Collier, the Chief Operating Officer of the OpenStack Foundation spent the first half of his keynote bashing Amazon for being a monolith. But he was quick to note at the midway point that Amazon isn't the enemy. In his view, open source doesn't have any enemies.

"Open source is not about enemies; it's about using technology in the way that you want," Collier said. What do you think?

Submission + - The Carder Who Loved Me (aka how to entrap a Credit Card Criminal) (eweek.com)

Submitted by darthcamaro
darthcamaro writes: Credit card theft is the bane of the modern world and credit card thieves — known as Carders — are growing in number. Big retail breaches are giving these carders lots of numbers to play with, but thankfully law enforcement is up to the task of tracking down the carders. In a session at the SecTor security conference in Toronto, Grayson Lenik, recounted a story of how a good looking undercover female agent convinced a card to come to Las Vegas to marry her. It didn't end well for the carder — or his friends.

Submission + - OpenStack Juno Released! (eweek.com) 1

Submitted by darthcamaro
darthcamaro writes: The OpenStack Juno release is now generally available. This the 10th major release for the open-source cloud platform and introduces the Sahara Data Processing Service as the major new project. That's not the only new feature in Juno though, with 310 new features in total. The new features include cloud storage policy, improved IPv6 support, a rescue mode and improved multi-cloud federation capabilities.

Submission + - Red Hat Enterprise Linux 6.6's Big New Feature is Red Hat Enterprise Linux 7 (serverwatch.com)

Submitted by darthcamaro
darthcamaro writes: Red Hat is out today with Red Hat Enterprise Linux 6.6 (RHEL), providing its users with a long list of incremental updates. While many of those updates are new to RHEL 6, they are not new to RHEL 7, the newer version of Red Hat's flagship enterprise Linux product. High-availability, security and peformance features from RHEL 7 now land in RHEL 6.6. Going a step further, Red Hat is now providing a RHEL 6 Docker Image, so RHEL 7 users can run RHEL 6 applications on RHEL 7 without any changes.

As to why RHEL 6 applications cannot just simply run natively on RHEL 7, Bhavna Sarathy, technology product manager in the Platform Business Unit at Red Hat explained explained that applications that were built and certified to run on Red Hat Enterprise Linux 6 have to be rebuilt and re-certified to run on Red Hat Enterprise Linux 7, as the software stack between the two major releases is vastly different.

Submission + - Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws (eweek.com) 1

Submitted by darthcamaro
darthcamaro writes: Amazon, Rackspace and IBM have all patched their public clouds over the last several days due to a vulnerability in the Xen hypervisor. According to a new report, the Xen project was first advised of the issue two weeks ago, but instead of the knee jerk type reactions we've seen with Heartbleed and now Shellshock, the Xen project privately fixed the bug and waited until all the major Xen deployment were patched before any details were released. Isn't this the way that all open-source projects should fix security issues?

Submission + - Marten Mickos' Plan for OpenStack? Total Victory (eweek.com)

Submitted by darthcamaro
darthcamaro writes: Marten Mickos is not yet officially part of HP and it's OpenStack cloud (yet) but he will be soon. On Sept 11 Mickos' company Eucalyptus announced that it was being acquired by HP, though the deal has not yet officially closed. That's not stopping Mickos from making bold predictions about OpenStack — an effort that he has been a competitor against for most of the last four years. Speaking at the OpenStack Silicon Valley event Mickos laid out his plan

"For the last one and a half decades, I have been trying to reach full victory for open source," Mickos said.

Submission + - Should Docker Move to a Non-Profit Foundation? (datamation.com)

Submitted by darthcamaro
darthcamaro writes: Docker has become the new hotness in virtualization technology — but it is still a project that is led by the backing of a single vendor — Docker Inc. Is that a problem? Should there be an open-source Foundation to manage the governance and operation of the Docker project? In a video interview — Docker founder and Benevolent Dictator for Life Solomon Hykes says — No.

Slashdot Top Deals

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Close