From Fedora Project Wiki

< FWN‎ | Beats

m (move URLs explicitly out)
Line 6: Line 6:
 
Contributing Writer: [[JoshBressers]]
 
Contributing Writer: [[JoshBressers]]
  
=== DNS flaw ===
+
=== Security Circus ===
 +
By far the most entertaining story from last week was Linux giving a few choice quotes[1].
  
A serious flaw in the way most DNS requests are made was announced[1] last weekIt is expected that the details of this issue will be known later this month when Dan Kaminsky presents at Black HatIn the meantime, if you run a DNS server, be sure to get an update from your vendor.
+
He does get some things right, but there's still the very real fact that security flaws let people do things they shouldn't be able to do.  This adds a certain amount of danger and does require more attention than some other flawsA nice comparison is automotive recallsIf there are two problems, one is a broken cup holder, the second makes the car explode, which do you think they'll do a recall for?
  
[1] http://www.kb.cert.org/vuls/id/800113
+
[1] http://news.cnet.com/Torvalds-attacks-IT-industry-security-circus/2100-1007_3-6243900.html
  
On a side note about this issue, newer Linux kernels have a feature where the source port of UDP requests is randomized.  That means that as long as the requesting application has random transaction IDs, it doesn't need additional logic to ensure random UDP source ports.
 
  
=== Package Manager Flaw? ===
+
=== principle of least privilege ===
 +
Steve Grubb has a nice interview up on SearchEnterpriseLinux.com[1].
  
A report came out[1] last week titled: Attacks on Package Managers.  The actual details of this are quite a bit less interesting than the reporter makes it sound.  It's basically the same problem as using an out dated mirror.
+
It offers some hints into some of the intresting things that have happened and can be expected in the SELinux space.
  
[1] http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html
+
[1] http://searchenterpriselinux.techtarget.com/news/article/0,289142,sid39_gci1321374,00.html">SearchEnterpriseLinux.com

Revision as of 00:31, 20 July 2008

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Security Circus

By far the most entertaining story from last week was Linux giving a few choice quotes[1].

He does get some things right, but there's still the very real fact that security flaws let people do things they shouldn't be able to do. This adds a certain amount of danger and does require more attention than some other flaws. A nice comparison is automotive recalls. If there are two problems, one is a broken cup holder, the second makes the car explode, which do you think they'll do a recall for?

[1] http://news.cnet.com/Torvalds-attacks-IT-industry-security-circus/2100-1007_3-6243900.html


principle of least privilege

Steve Grubb has a nice interview up on SearchEnterpriseLinux.com[1].

It offers some hints into some of the intresting things that have happened and can be expected in the SELinux space.

[1] http://searchenterpriselinux.techtarget.com/news/article/0,289142,sid39_gci1321374,00.html">SearchEnterpriseLinux.com