news.softpedia.com: Yesterday, November 27th, the Ubuntu developers discovered yet another security issue (actually, more than one) in the Linux kernel packages. These vulnerabilities affect the following Ubuntu distributions: 6.06 LTS, 7.10, 8.04 LTS and 8.10 (also applies to Kubuntu, Edubuntu and Xubuntu).
linuxhaxor.net: There seems to be a false sense of security among some Linux users. The number of malicious programs specifically written for GNU/Linux has been on the increase in recent years and in the year of 2005 alone has more than doubled: from 422 to 863.
blogs.zdnet: A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.
computerworld.com.au: Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.
computerworld.com: A popular Firefox add-on designed to block scripts and plug-ins has been updated to stymie the new "clickjacking" class of attacks, the extension's developer said today.
techworld.com (IDG): Internet infrastructure vendors are rushing to develop patches for a set of TCP/IP security flaws, which could help hackers knock servers offline with very little effort. Robert Lee and Jack Louis, have said that they can knock Windows, Linux, embedded systems and even firewalls offline.
cyberciti.biz: Really scary exploit attack in wild, which affects all browsers under any desktop operating systems including MS IE, Linux, Apple safari, Opera, Firefox and Adobe flash. Any website that uses CSS, flash and IFRAME can be used to attack on end users. Attacker is able to take control of the links that your browser visits.
telegraph.co.uk: Hackers have mounted an attack on the Large Hadron Collider, raising concerns about the security of the biggest experiment in the world as it passes an important new milestone.
blog.perens.com: Last month, Red Hat issued a security bulletin. Not all that went on is clear, but it seems that the servers used to develop and distribute Fedora and Red Hat were accessed by a person with criminal intent. But there are continuing problems with Red Hat's handling of the situation.
Also: Fedora and our security attitude
sciencedaily.com: Anti-virus companies play a losing game. But Prof. Avishai Wool recently unveiled a unique new program called the “Korset” to stop malware on Linux, the operating system used by the majority of web and email servers worldwide.
heise-online.co.uk: A new critical security hole has been found in the VLC player from the VideoLan project, while there is still no public fix for the previous security hole found two weeks ago.
blogs.zdnet: The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.
itwire.com: A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers.
redhat.com: Last week we discovered that some Fedora servers were illegally
accessed. The intrusion into the servers was quickly discovered, and the
servers were taken offline.
linuxmint.com/blog: Our server was hacked and code was injected into it to make connections on our behalf to pinoc.org and download a trojan called JS/Tenia.d
Examples of "shred" usage on a fresh install of Ubuntu 8.04.1
blog.wired.com: The Massachusetts Bay Transportation Authority filed a suit in federal court on Friday seeking a temporary restraining order to prevent three undergraduate students from the Massachusetts Institute of Technology from presenting a talk at the DefCon hacker conference this weekend about security vulnerabilities in payment systems used in the Massachusetts mass transit system.
A tutorial on howto setup Metasploit, a tool for exploit testing, IDS, and pen testing.
How A rootkit Exactly Works — Explaination and dissection of the dica rootkit (a variant of the t0rn rootkit).
mylro.org: Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that?