Tag: Linux

Posted on

Critical Security Flaws In All Versions Of Linux Kernels

Linux

Last month, a U.S. Department of Homeland Security (DHS) bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open source software projects.

Security researchers have uncovered “critical” security flaws in a version of the Linux kernel used by a large number of popular distributions.

The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.

They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information or gain “root” privileges, according to security experts.

The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected.

The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia.

“In the 2.6.23 kernel the system call functionality has been further extended resulting in… critical vulnerabilities,” said iSEC Security Research in an advisory.

Secunia disagreed about the bugs’ seriousness, giving them a less critical ranking.

Exploit code for the vulnerabilities has been released publicly on the hacker site milw0rm.com, and Core Security Technologies has also developed a commercial exploit for the bugs, researchers said.

Researchers advised system administrators to update their kernels immediately.

Secunia also previously discovered that the number of security bugs in open source Red Hat Linux operating system and Firefox browsers, far outstripped comparable products from Microsoft last year.

 source:pcword

Posted on

Security Researchers At Linux Role In Botnets Btudied

LINUX
Over two-thirds of the malware infections suffered by Sophos’s Linux honeypots involve Rst-B, which attempts to infect ELF (Executable and Linkable Format) binaries in the current working directory and in /bin, and to create a backdoor to the system.

it a six-year old Linux virus is still in circulation, and Sophos suspects the high uptime exhibited by servers (compared with the typical home or office Windows PC that spends much of the day switched off or asleep) makes them valuable to bot-herders as central control points.

Sophos has created a detection tool specifically for this virus, and encourages administrators to use it and then forward any infected files to SophosLabs for analysis.

“If you don’t find Linux/Rst-B on your system, it’s good news but obviously doesn’t mean that you are not infected with something else, said Billy McCourt, SophosLabs UK.

“I’d encourage you to at least do regular on-demand scans on your Linux box but ideally run an on-access scanner.”

A previous analysis by McCourt suggested that Rst-B infections are not being used by intruders to gain access to systems, rather they occur as a side-effect of already-infected hacking tools being downloaded onto servers once a foothold has been gained.

source:itwire 

Posted on

BIOS Will Run Linux Based Maintenance Services Remotely When Windows Fails

 phoenix

Phoenix is currently working with software and hardware vendors to build the platform and its associated applications. Currently, they plan to offer the following: e-mail functions, Web browsing, a media player, IP soft phones, the remote system maintenance and repair functions mentioned below, and embedded security.

“We have the opportunity to be able to provide remote maintenance services even when Windows is down and run diagnostic programs while the user continues uninterrupted,” said Josh Pickus, CEO of SupportSoft.

Linux is already gaining some ground as an embedded operating system. So now Phoenix, which made its name as the core provider of BIOS for PCs, is working with several partners to leverage embedded Linux as a bypass operating system.

The basic concept is that an embedded Linux OS will accompany the core system firmware or BIOS, allowing instant-on applications to be run from it at any time.

This means regardless of the status of Windows — before, during and after it boots up or shuts down, if it has crashed or if maintenance is being performed — some software will be allowed to run, including Web browsers and tools that can read files and documents on the hard drive.

The system will be built upon Phoenix’s HyperCore virtualization platform, and the company expects to offer SupportSoft’s remote management tools as a part of the package. By running support software alongside Windows, it could allow maintenance to be done to a system from an “outside perspective,” eliminating the need in certain instances to actually be on site (like for OS reinstalls, for example.)

source:betanews
Posted on

Highly demanded OS! Red Hat, Ubuntu Win Linux

pc

Alfresco collected data between July and December of last year, with survey participants coming from 260 countries, according to the company. Fifty percent were from Europe, the Middle East and Asia, while 24 percent were in the U.S., and 26 percent from other nations, Alfresco said.

Ubuntu and Red Hat are the most used Linux distributions among the 35,000 members of content-management vendor Alfresco’s community, the company found in its second survey of trends in enterprise open-source software usage.

Among Linux operating systems, usage of Ubuntu and Red Hat stood at 35 percent and 23 percent, respectively, according to the survey. Suse, OpenSuse and Suse Enterprise collectively garnered 13 percent; Debian, 15 percent; and “other” distributions usage of 14 percent.

Users also reported using a variety of proprietary enterprise software.

Among Windows users, Vista adoption was just 2 percent, compared to 63 percent for Windows XP and 28 percent for Windows Server 2003.

The surveys help inform Alfresco’s technology strategy, according to Ian Howells, Alfresco’s chief marketing officer. “It’s important for us to know which platforms to test against first,” he said, adding, “It’s in users’ interest to give us good data.”

Microsoft’s Office suite remained strong, however, with 66 percent usage. Twenty-four percent of the respondents reported they used OpenOffice. However, German and French users were twice as likely to use the latter compared to those in the U.S. or U.K., Alfresco said.

Tomcat held a dominant position in the application server category, logging 72 percent. JBoss’ entry stood at 18 percent. Entries from Sun, BEA and IBM rounded out the field.

MySQL took home the database prize, with a 60 percent tally, followed by Oracle with 14 percent and Microsoft SQL Server with 13 percent.

In the virtualization category, VMware perhaps predictably ranked highest, at 61 percent. Microsoft’s Virtual Server took 16 percent, followed by Xen, Parallels, Virtual Iron and “other” offerings, according to the study.

“It kind of validates that people want to have a mixed stack,” Howells said of the overall results.

source:pcworld 

Posted on

Yellow Dog Linux 6

Yello gog

Terra Soft on Tuesday announced the release of Yellow Dog Linux v6.0, a new version of their operating system that works on, among other platforms, G4 and G5-equipped Macs. The software is available immediately for YDLnet Enhanced users; it will be published on DVD in two weeks, and public mirrors will have it available within a month.

Yellow Dog Linux 6.0 is built upon CentOS, a derivative of Red Hat Enterprise Linux (RHEL). Key features include the Enlightenment (E17) and Gnome user interface, Gnash, a Flash work-alike, Ekiga VoIP, and more. With Yellow Dog Linux installed, Mac users can operate an open source operating system, installing software compiled to run on PowerPC systems including Web, database, e-mail and network services — more than 2,000 software packages are included on the install DVD alone. YDL v6.0 introduces a new level of multi-media support and functions with the latest Enlightenment window manager for a rich, dynamic, and powerful end user experience.

source:pcworld

Posted on

LiMo’s Linux Phone Platform Nears Launch

Limo

The LiMo Foundation plans to release the first version of its Linux software platform for mobile phones in March, with handsets running the software due soon.

LiMo’s goal is to offer handset manufacturers an open, hardware-independent software platform that offers a secure environment for downloadable applications.

Publishing the code on time is one thing, but “putting handsets into consumers’ hands is the most important proof point,” said Morgan Gillis, executive director of the LiMo Foundation. That will happen very soon, he said.

On Monday, the Foundation will publish a beta version of the software’s APIs (application programming interfaces) so that developers can begin writing applications to run on it.

The APIs are still beta versions because the underlying software is not yet complete and minor details may change ahead of its release in March, Gillis said.

The LiMo Foundation is focusing on phones’ middleware, leaving handset manufacturers and operators to choose their own user interface and content applications.

That freedom is important, Gillis said, because “the cost of developing the first phone on a platform can be as high as half a billion dollars.”

Phone manufacturers may be unwilling to make that kind of commitment to a new operating system if it will also leave them tied to another company’s user interface or content applications, he said.

“That’s why Windows Mobile and Series 60 didn’t gain broad traction; suppliers didn’t feel comfortable,” he said.

LiMo faces competition from another open platform, Android, supported by Google and the Open Handset Alliance.

For Gillis, the connection between Android and Google’s content make that another example of a tied operating system.

Although the LiMo Foundation’s code is not quite finished, most of it has already been proven in handsets sold or distributed by founder members Motorola, NEC, NTT DoCoMo, Panasonic, Samsung Electronics and Vodafone, Gillis said.

Nevertheless, there are some new elements, notably the security model, Gillis said. “Security in handsets is an area that tends to evolve quite quickly,” he said.

Since development of the platform began, “there are no major new threats, but it’s about evolving approaches and algorithms that address the security situation.”

Although the underlying platform is open, the handsets based on it may not be. The LiMo code includes support for application signing, allowing handset designers or operators to block the execution of unsigned downloads.

“The precise rules used for application signing are usually determined by the operator,” Gillis said.

However, he said, there are signs that operators are moving away from the “walled garden” they favored in the past to a more open approach.

source:pcworld