Privacy, Security Archive

No ELF Vulnerability in Linux Kernel (Updated)

Update: It appears that we mischaracterized the conclusions in our title and our summary on this story. Greg KH was referring only to the ELF vulnerability in this story. Whether we were deliberately mislead by the submitter of this story or not, we regret the error.

The original story: According to "Greg KH," co-maintainer of the 2.6.x.y series of important stability and security fixes, the Linux kernel does not suffer from the much-hyped hyper threading vulnerability that affected the BSDs: " The main reason there have not been any updates, is that there really isn't a problem for the 2.6 kernel. The original author has admited this finally, no one was ever able to reproduce it on a 2.6 kernel. The only reason I released a kernel update, was at the time, we thought there was an off-chance that there was a problem. However in further testing, it has not been the case." This confirms Linus's earler assertion.

OSes suffer serious security hole through CPUs

Colin Percival, a FreeBSD committer and security team member, has found a local exploit against the current implementation of Intel's Hyper-Threading Technology. "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw," Colin explains. "This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately."

Security – The Best Laid Plans

Security used to be as simple as a solid lock on a solid door, a safe in the back room and perhaps even a retired police officer out front (if you were really serious). But the modern business looks at security, and threats to security in a whole different light. Security of information, systems and networks are now just as important as, and often integrated with, shop-front security. read more

Mobile Security: Data Goes Walkabout

Mobile security is a hot issue, but who is listening? The mere word 'security' sends most people running. Investing in preventative IT security has never been a very popular topic. It often needs a competitor or an organisation itself to become a victim of crime before senior executives sit up and listen. read more

The Facts & Fiction Around Windows Security

Microsoft has taken alot of heat for the security issues that surround its Windows operating systems, but they should not be the only ones taken the heat for Windows security. There are other parties out there that deserve to shoulder some of the blame with Microsoft. This editorial, originally written for a Communication Security course, tries to take an objective view of who is exactly to blame for what in the perceive mess that is Windows security.

How secure is your computer?

A Windows computer without the latest security patches is in big trouble. That's the conclusion from a "honey pot" experiment conducted by StillSecure, a Louisville network security firm. StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software. The results show the Internet is a very rough place.

Study finds Windows more secure than Linux

Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers. The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, "Security Showdown: Windows vs. Linux." One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.

Microsoft releases “critical” patches; Tablet OS glitch

Microsoft has released the single largest number of patches since it has started doing monthly updates. The dozen updates include patches for Office XP, IE 6, and Media Player and MSN Messenger. Also, a glitch in the latest version of Microsoft's Tablet PC software is causing significant performance problems for those running the new operating system, the company has confirmed.