The original story: According to "Greg KH," co-maintainer of the 2.6.x.y series of important stability and security fixes, the Linux kernel does not suffer from the much-hyped hyper threading vulnerability that affected the BSDs: " The main reason there have not been any updates, is that there really isn't a problem for the 2.6 kernel. The original author has admited this finally, no one was ever able to reproduce it on a 2.6 kernel. The only reason I released a kernel update, was at the time, we thought there was an off-chance that there was a problem. However in further testing, it has not been the case." This confirms Linus's earler assertion.
Privacy, Security Archive
Update: It appears that we mischaracterized the conclusions in our title and our summary on this story. Greg KH was referring only to the ELF vulnerability in this story. Whether we were deliberately mislead by the submitter of this story or not, we regret the error.
Operating system vendors were given two months notice before a security flaw was made public, but some have yet to resolve the issue, a security researcher has claimed.
Because firewalls and other defensive security measures are not failsafe, you need additional tools to detect and respond to security breaches as they occur. A network analyser can detect known (and even some unknown) virus attacks and make the cleanup process much more efficient.
A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional MS software, according to a security researcher.
Colin Percival, a FreeBSD committer and security team member, has found a local exploit against the current implementation of Intel's Hyper-Threading Technology. "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw," Colin explains. "This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately."
Security used to be as simple as a solid lock on a solid door, a safe in the back room and perhaps even a retired police officer out front (if you were really serious). But the modern business looks at security, and threats to security in a whole different light. Security of information, systems and networks are now just as important as, and often integrated with, shop-front security. read more
Mobile security is a hot issue, but who is listening? The mere word 'security' sends most people running. Investing in preventative IT security has never been a very popular topic. It often needs a competitor or an organisation itself to become a victim of crime before senior executives sit up and listen. read more
A CIO Today editorial notes that security concerns are most often cited when IT managers consider a switch to Linux over Windows, but difficulty in replicating Microsoft Office functionality is a barrier. Why not use Macs? In addition to software-side security advantages, there are distinct security advantages to using a non-x86 platform as well. And you can still run Office.
Microsoft has taken alot of heat for the security issues that surround its Windows operating systems, but they should not be the only ones taken the heat for Windows security. There are other parties out there that deserve to shoulder some of the blame with Microsoft. This editorial, originally written for a Communication Security course, tries to take an objective view of who is exactly to blame for what in the perceive mess that is Windows security.
A report released today indicates Windows Server 2003 may actually be more secure than its most popular Linux competitor when it comes to vulnerabilities and the time it takes to patch them.
"The three largest computer makers--Dell, Hewlett-Packard and IBM--have started selling desktops and notebooks with so-called trusted computing hardware, which allows security-sensitive applications to lock down data to a specific PC."
Removable media devices are here to stay. Their ease of use and low cost have made them ubiquitous in the work environment – but at what price? In this article we look at the pro’s and con’s of removable media, and the steps IT managers can take to mitigate the security risks associated with them.
The Least Privilege Model in Solaris 10 allows for finegrained management of process and user privileges within Solaris 10. Amy Rich has written a nice introduction for Sun's bigadmin website.
As criminals operating online have begun to realise the potential commercial value of Internet-related crimes, so they have started to investigate other ways of using malware to line their pockets.
The IT industry isn’t as boring and technically obsessed as many outsiders believe. Viruses and malicious hacker threats in particular have been increasingly sensationalised in the popular press, squeezing the issues gradually into the public consciousness.
A Windows computer without the latest security patches is in big trouble. That's the conclusion from a "honey pot" experiment conducted by StillSecure, a Louisville network security firm. StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software. The results show the Internet is a very rough place.
Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers. The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, "Security Showdown: Windows vs. Linux." One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.
An encryption standard widely used in digitally signing documents and programs has a flaw in it that could allow for the creation of forgeries, sources said Wednesday.
Microsoft's Security Chief says that Windows is safer than Linux. Mike Nash made the comments while stressing that the company is making progress on security. He compared vulnerabilities in Windows with those in Red Hat or SuSE Linux. Update: Nick McGrath, head of platform strategy for Microsoft in the UK has claimed that 'Linux is not ready for mission critical computing.'
Microsoft has released the single largest number of patches since it has started doing monthly updates. The dozen updates include patches for Office XP, IE 6, and Media Player and MSN Messenger. Also, a glitch in the latest version of Microsoft's Tablet PC software is causing significant performance problems for those running the new operating system, the company has confirmed.