h-online.com: That the American National Security Agency has previously helped Microsoft harden various Windows versions is old hat, but what is news is that the NSA now also assists Apple, Sun and Red Hat with increasing the security of their operating systems.
linux-magazine.com: A research group in the computer sciences faculty at the North Carolina State University has written a prototype for a rootkit protector that uses kernel object hooks.
h-online.com: According to security services provide Secunia, a vulnerability in the free image editing tool GIMP (GNU Image Manipulation Program) can potentially be exploited to compromise a users system.
aplawrence.com: A customer reported that a Linux machine used for ssh access (to in turn give telnet access to an ancient SCO machine) was refusing logins. I asked him to try logging in as root at the console; he was unable to do so.
links.org: For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.
mdeslaur.blogspot: For the past week or so, people have been talking about a “security issue” in Seahorse. This sums up my opinion on the matter: This isn't a security issue, and there is no good way to fix it.
theregister.co.uk: A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.
ubuntu-user.com: The current discussion in the Ubuntu forums is about a possible security hole in GNOME, specifically about GNOME registered users having their passwords appear as cleartext on the keyring. Not a bug, say its defenders, but the security concept behind the GNOME keyring.
omgubuntu.co.uk: A security hole in Gnome allows anyone to see your keyring passwords without needing to enter so much as a password.
h-online.com: Security holes in numerous PDF applications allow attackers to infect systems with malware. Linux distributor Red Hat has already released new packages for these applications, and other distributors are likely to follow soon.