Debian Linux project released today bug fixes for lighttpd and gaim package that allows remote attacks and DoS attacks.
An unpatched security hole in Ubuntu Linux 8.04 LTS operating system could be used by attackers to send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL to take control of vulnerable servers.
Multiple buffer overflows were discovered in the Ubuntu Linux kernel and can be corrected by upgrading your system to latest kernel version.
The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a ultra secure computer system.
An updated Apache package that fixes a bug is now available under FreeBSD operating systems.
This blog post provides good information about password hashing. The main point of this article is to use strong encryption and make attackers life hard. So if someone gains access to database, attacker could figure out your password using a brute force or rainbow tables.
Many new Linux user / admin asks:
Is Linux more secure than Windows?
That depends. ;-) Let me explain:
Fan boys on both sides argue to the death that their
religion operating system is the best and safest to use.
Windows is harder to secure than Linux. It is the simple truth. Many IT professionals including RHCEs and MCSEs believe that Linux is more secure than Windows. However you cannot blindly accept Linux is more secure than Windows. On both operating systems you need to:
a) Restrict user access
b) Restrict service access
c) Restrict network access
d) Create backup / restore policy
e) Install and manage app level security
f) Continuously install, configure, and patch the system etc
As you see both Windows and Linux administrators requires same levels of skills. Linux is secure by design i.e. Linux is inherently more secure than Windows. Linux designed as a multi-use, network operating system from day one. For example IE / FF bug can take down entire windows computer. However, if there were the same bug in FF it won’t take down entire Linux computer. Under windows almost any app level bug (read as vulnerability) can be used to take down the entire system and turn into a zombie computer.
- No operating system is secure
- Both Linux / Windows admin requires same level of skills
- By default Linux is more secure than Windows, but it is also open to attack.
- You can just make attackers job hard.
- Remember, security is an on going process and nothing is secure once connected to network, period.
This is based upon my own experience. I don’t have a good answer here. What do you think? Do you run Windows and Linux? Please add your experience in the comments.