"I am calling you from Windows": A tech support scammer dials Ars Technica [more inside]
posted by the man of twists and turns on Oct 26, 2012 - 98 comments

The U.S. National Security Agency (NSA) has begun releasing Security-Enhanced Android patches and tools, which port their Security-Enhanced Linux tools to Android devices. SEAndroid and SELinux provide mandatory access control designed to limit the amount of damage that rogue or exploited software can do. [more inside]
posted by jeffburdges on Jan 21, 2012 - 35 comments

Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
posted by Foci for Analysis on Mar 11, 2011 - 50 comments

While many Linux users cite the system's security against malware, the appearance of malware disguised as a screensaver reminded everyone that no system is 100% safe. Ubuntu users were quick to identify the virus, identify the perpetrators, and create a fix, but this isn't the first time this has happened, and will in all likelihood not be the last. The criticism in the community is directed squarely at the user base: "In general the lesson to be learned is if you want a secure system, don't download any software outside the official package sources without at least looking at the source code first."
posted by Marisa Stole the Precious Thing on Dec 21, 2009 - 99 comments

An 8 year old critical security bug in the Linux kernel? No problem, we can fix that without even rebooting. You heard me, it is possible to apply a source code patch to a running kernel without reboot.
posted by DU on Aug 17, 2009 - 54 comments

On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
posted by finite on May 16, 2008 - 81 comments

The Winux virus is reported to affect both Windows and Linux boxes/applications. The article says it's "written in a primitive computer language called 'assembly language'." On a side note, who do they get to write these articles? Certainly they are uncomfortable with technology...
posted by fooljay on Mar 28, 2001 - 5 comments

Up to 20% of the internet vulnerable to a virus. There is a new Linux worm virus. Apparently, it steals passwords, installs and hides other hacking tools on infected systems, and then uses those systems to seek other servers to attack. Sys admins are advised to run a check on their servers and upgrade their BIND version.
posted by borgle on Mar 25, 2001 - 5 comments

Linux no longer foolproof? And a smile descened upon Redmond...
posted by mecawilson on Jan 22, 2001 - 21 comments

Well, we talked about NORAD a few posts back, I guess now it's time for everyone's *other* favorite agency: the NSA has a logo. That's funny. No, really, the topic of this posting is their release of Security-Enhanced Linux, including Mandatory Access Control and other cool B-1'ish stuff. Ted T'so has some interesting observations in this Slashdot thread on the topic as well.
posted by baylink on Dec 23, 2000 - 5 comments

Apparently, the conventional wisdom is not quite right. The SDMI's Executive Director says they have "thousands of entries" in their contest to hack the various proposed digital music security schemes. As I pointed out recently in a similar context, the "Linux community" and the population of computer literate, financially motived, non-OS-sectarian hackers are far from being one and the same...
posted by m.polo on Sep 20, 2000 - 6 comments

RedHat Linux security problem uncovered. Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge news (and it turned out to be patently false), yet this has gotten almost no press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...
posted by delfuego on Apr 24, 2000 - 15 comments