Security Alerts
Ethereal Trouble  Noel Davis looks at problems in sudo, Ethereal, Apache mod_auth_shadow, fetchmailconf, lynx, Mantis, pnmtopng, gnump3d, Squid, unzip, uim, Curl, and imlib.   [Linux]

Security Alerts
KWord Trouble  Noel Davis looks at problems in KWord, SPE under Gentoo, wget, Brightstore, eTrust, Unicenter, OpenSSL, XMail, uw-imap, weex, tcpdump, graphviz, up-imapproxy, xloadimage and xli, and Ruby.   [Linux]

Security Alerts
XFree86 Trouble  Noel Davis looks at problems in XFree86, cfengine, RealPlayer 10, Helix Player, ClamAV, XSun, Xprt, arc, prozilla, AbiWord, Backupninja, Hylafax, ApacheTop, and libsnmp5.   [Linux]

Big Scary Daemons
Information Security with Colin Percival  The recent disclosure of side-channel techniques to retrieve cryptographic secrets on hyperthreading machines caused stirs in security and operating system development communities. Colin Percival, a FreeBSD security officer, reported the vulnerability and weathered the questions and criticisms. Michael W. Lucas recently interviewed him on this vulnerability, vendors' responses, and security research.   [ONLamp.com]

Security Alerts
MySQL Trouble  Noel Davis looks at problems in MySQL, umount, KDE's kcheckpass, GNOME Workstation Command Center, X.org, Squid, TWiki, ncompress, grip, Turquoise SuperStat, gtkdiskfree, and LessTif.   [Linux]

Security Alerts
Problems in PCRE, the Linux Kernel, and SILC  Noel Davis looks at problems in PCRE, the Linux kernel, SILC, Frox, MPlayer, pam_ldap, maildrop, lm_sensors, simpleproxy, backup-manager, Adobe Version Cue, phpGroupWare, and webcalendar.   [Linux]

Security Alerts
PHP Trouble  Noel Davis looks at problems in PHP, Adobe Reader, Kismet, LibTIFF, Evolution, Mutt, bluez-utils, Ignite-UX, CPAINT, Awstats, Clam AntiVirus, and Gaim.   [LinuxDevCenter.com]

Security Alerts
Apache Trouble  Noel Davis looks at problems in Apache, bzip2, Cisco devices, fetchmail, Netpbm, Ethereal, Proftpd, pstotext, apt-cacher, Compress::Zlib, Gopher, nbSMTP, and PowerDNS.   [LinuxDevCenter.com]

Securing Web Services with mod_security  Web services build atop HTTP to allow more flexible applications. However, their flexibility and ubiquity do not always protect against vulnerabilities due to the way HTTP works. Fortunately, the mod_security module and some planning can block potential attacks at both the protocol and application level before they start. Shreeraj Shah explains.   [ONLamp.com]

Important Notice for Security DevCenter Readers About O'Reilly RSS and Atom Feeds  O'Reilly Media, Inc. is rolling out a new syndication mechanism that provides greater control over the content we publish online. Here's information to help you update your existing RSS and Atom feeds to O'Reilly content.  [Security DevCenter]

Security Alerts
Problems in Oracle Reports  Noel Davis looks at problems in Oracle Reports, Skype for Linux, MediaWiki, Kate, Kwrite, Shorewall, ekg, libgadu, PHPNews, phpSurveyor, Affix, Heartbeat, and phpPgAdmin.   [LinuxDevCenter.com]

Security Alerts
Problems in SpamAssassin, PEAR, and Bugzilla  Noel Davis looks at problems in SpamAssassin, PHP PEAR, Bugzilla, Heimdal/Kerberos telnetd, Vipul's Razor, TikiWiki, poppassd_pam, zlib, FUSE, the Solaris kernel, HT Editor, GNATS, JBoss jBPM, Trustix Secure Linux, and Trac.   [LinuxDevCenter.com]

Security Alerts
Problems in OpenSSH, Sudo, and Java  Noel Davis looks at problems in OpenSSH, Sudo, Sun Java, Blackdown Java, tcpdump, cpio, JBOSS, Adobe Reader and Acrobat, gedit, Gaim, and Trac.   [LinuxDevCenter.com]

Security Alerts
Problems in the Kernel, OS X, and WordPress  Noel Davis looks at problems in the Linux kernel, Mac OS X, bzip2, WordPress, WebSphere, Peercast, PHPMailer, Binutils, Popper Webmail, Dzip, and FreeBSD's gzip.   [LinuxDevCenter.com]

Security Alerts
Problems in the Linux Kernel, LISTSERV, and gdb  Noel Davis looks at problems in the Linux kernel, LISTSERV, gdb, FreeRADIUS, shtool, mailutils, Qpopper, davfs2, libmagick6, picasm, cheetah, and ppxp.   [LinuxDevCenter.com]

Security Alerts
Mozilla and Firefox Flaws  Noel Davis looks at problems in gzip, Mozilla and Firefox, OpenOffice.org, the FreeBSD kernel, Ethereal, TCPDump, libTIFF, Smail, Apache2's htdigest, and SCO UnixWare's chroot.   [LinuxDevCenter.com]

Security Alerts
CVS Trouble  Noel Davis looks at problems in CVS, PostgreSQL, Squid, Gaim, Debian's lsh, Xine-lib, Caroline, Convert-UUlib, Rootkit Hunter, snmppd, Kommander, kimgio, RealPlayer, Helix Player, xli, and Debian's samba.   [LinuxDevCenter.com]

Security Alerts
Linux Kernel Vulnerabilities  In Noel Davis' latest column, he looks at problems in the Linux kernel, Telnet, sharutils, Ethereal, Midnight Commander, mpg321, OpenMosixView, cdrecord, ImageMagick, and grip.   [LinuxDevCenter.com]

Anatomy of an Attack: The Five Ps  The five Ps--Probe, Penetrate, Persist, Propagate, and Paralyze--represent a model of how a security attack progresses. In this excerpt from Managing Security with Snort & IDS Tools, the authors discuss an attack's progression through these five steps, whether the attack is sourced from a person or an automated worm or script, with emphasis on the Probe and Penetrate phases, the stages that Snort monitors.   [O'Reilly Network]

Security Alerts
KDE Trouble  Noel Davis looks at problems in KDE, MySQL, Perl, Ximian Evolution, GnuPG, OpenSLP, Ringtone Tools, LuxMan, and Ethereal.   [LinuxDevCenter.com]

Security Alerts
Problems in GProFTPD  Noel Davis looks at problems in GProFTPD, bsmtpd, Uim, phpMyAdmin, Vim, Cyrus IMAPd, the Kodak Color Management System on Solaris, Arkeia Network Backup, curl, and PuTTY.   [LinuxDevCenter.com]

Security Alerts
Trouble in the Kernel, VMware, and PostgreSQL  Noel Davis looks at problems in the Linux kernel, VMware, PostgreSQL, Squid, MySQL, mailman, Apple OSX HFS+, movemail with GNU Emacs or XEmancs, KStars, typespeed, awstats, and synaesthesia.   [LinuxDevCenter.com]

OpenBSD 3.6 Live  Right on schedule, the OpenBSD team plans to release version 3.6 on November 1. Federico Biancuzzi recently interviewed several members of the core team about new features and changes in the code and the project.   [ONLamp.com]

Deploying a VPN with PKI  Security and convenience often conflict with each other. It'd be nice to have access to your office network from anywhere, but you can't trust the Internet. Virtual private networks are one solution. Scott Brumbaugh explains how to deploy a VPN using OpenVPN and OpenSSL.   [ONLamp.com]

Security Alerts
Perl Trouble  Noel Davis looks at problems in Perl, PostgreSQL, ncpfs, Squid, cpio, UW IMAP, ChBg, FireHOL, Clam AntiVirus, and f2c.   [O'Reilly Network]

Security Alerts
Linux and Darwin Kernel Trouble  Noel Davis looks at problems in the Linux kernel, the Darwin/Mac OS X kernel, iSync, Ethereal, enscript, hylafax, rssh, Xine-lib, mpg123, and Konversation.   [LinuxDevCenter.com]

Security Alerts
DB2 Problems  Noel Davis looks at problems in DB2, SHOUTcast, nasm, Vilistextum, libtiff, wxGTK2, phpGroupWare, Vim, namazu2, and htmlheadline.   [LinuxDevCenter.com]

Security Alerts
Linux AMD64 Kernel Bug  Noel Davis looks at a Linux 2.4 kernel bug on AMD64 machines, problems in Samba, changepassword.cgi, MPlayer, the MIT Kerberos 5 administration library, logcheck, Sybase Adaptive Server Enterprise, Konqueror, Debian debmake, Xpdf, and xzgv.   [LinuxDevCenter.com]

Security Alerts
J2SE Woes  Noel Davis looks at problems in the Java 2 Runtime Environment, wget, FreeBSD's procfs and linprocfs, OpenSSL, OpenSSH, AbiWord, Blogtorrent, scponly, rssh, and kfax.   [LinuxDevCenter.com]

Security Alerts
ELF Trouble  Noel Davis looks at problems in the Linux kernel, sudo, TWiki, phpBB, cscope, Cyrus IMAP, Bugzilla, ProZilla, unarj, libxml2, and fetch.   [LinuxDevCenter.com]

Security Alerts
Media-Tool Trouble  Noel Davis looks at problems in libgd, mtink, zip, ruby, Samba, freeamp, Kaffeine and gxine, Portage, zgv, shadow, and BNC.   [LinuxDevCenter.com]

Security Alerts
Trouble in iptables  Noel Davis looks at problems in Linux iptables, OpenSSL, PuTTY, rssh, Quake II Server, libmagick6, HP Serviceguard, Xpdf, FreeRadius, WVTFTPD, GNU tftp, and pppd.   [LinuxDevCenter.com]

Secure Your Wireless with IPSec  Wireless can make your life much, much easier, but those pesky radio waves won't stay put. Sometimes this is good, but sometimes you want to lock down your network. WEP and MAC address filtering aren't secure enough. IPSec, the same approach used to secure VPNs, is much better. Dan Langille explains how to configure Wifi with IPSec.   [ONLamp.com]

Security Alerts
mod_ssl Problems  Noel Davis looks at problems in mod_ssl, LibTIFF, mpg123, LessTif, the Cyrus SASL library, MySQL, CUPS, ProFTPD, and the Squid web proxy cache.   [O'Reilly Network]

The Basics of DNSSEC  The Domain Name System (DNS) is one of the building blocks of the modern Internet. It's showing its age, though; it comes from a time when trust was the default. Now it's time to move to more secure approaches. David Gordon and Ibrahim Haddad provide a technical tutorial on DNS Security Extensions (DNSSEC), a technique for securing DNS.   [ONLamp.com]

Google Your Site For Security Vulnerabilities  The fact that Google indexes pages you might never have known were public is both good and bad. It's good when you're searching for specialized or esoteric information. It's bad when Google indexes potential security vulnerabilities on your site. Nitesh Dhanjani demonstrates how to use the Google API to help identify your inadvertently shared secrets.   [ONLamp.com]

Network Tool Development with hping3  Network security analysts sometimes need access to create and analyze raw packets. Salvatore Sanfilippo's hping is a tool that allows them to do just that. Federico Biancuzzi recently interviewed Salvatore on the project's design, implementation, and goals.   [ONLamp.com]