Hackers are actively seeking out unpatched versions of the Mambo content management system, which recently repaired a serious security hole. Sites running on Mambo should upgrade to the latest version as soon as possible.
This week, Coverity announced the initial results of its code scans, churning out numbers for 32 open source projects. Somewhat tellingly, the average defect density of just the LAMP (Linux, Apache, MySQL, and Perl/PHP) stack was .290. These numbers are all well and good, but what are open source developers supposed to do with them now?
A test has revealed that a Linux server is far less likely to be compromised than a Windows one. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.
The Globus Consortium Journal (http://www.globusconsortium.org/journal) this month features Grid security perspectives from a range of experts from both the open source and vendor community. Highlights include:
As a result of articles referring to the threat of Worms and Viruses attacking Linux systems, many new Linux users are in a panic. To help them out and calm any panic stricken nerves, I've completed a brief, encouraging and straightup list for protecting your Linux home system.
Recently, I started looking more closely at some of the security add-ons for Linux and was surprised to find so many kernel-related projects out there. Now that I have been enlightened, I will share some of what I've learned. In this article, I'll give an overview of what's out there.
An exploit that takes advantage of a recently-patched bug in Mozilla Corp.'s Firefox browser has gone public.
A report warns of security vulnerabilities, raising the question of whether the open-source model can provide bulletproof software.
Also: Linux Vulnerabilities Spur Enterprise Warning
Most people set up some type of filter to weed out the bad email from the good. That approach, has its limitations. One company is trying a new, open source-based approach that creates a user-enforced "Do Not Spam" list.