Security update: Image loaders for PNM and XPM images, which may result in the execution of arbitrary code.
Several remote vulnerabilities have been discovered in the TYPO3 content management framework.
As reported earlier CanSecWest conference was designed to test zero day vulnerability against three leading desktop operating systems. The result is out:
 The MacBook Air went first
 Windows Vista was cracked (hacked) on the last day of the contest
 Linux remained undefeated
Although several attendees tried to crack the Linux laptop, nobody could pull it off, said Terri Forslof, a manager of security response with TippingPoint. “I was surprised that it didn’t go,” she said.
=> More information available at official web site (Via Yahoo news)
The most anticipated matchup in the cracker (or hacker) world is going on to take control of a computer using zero day vulnerability. Checkout official site for more information about the Pwn2Own contest. The prize is US $20,000, plus you get to keep the laptop.
Many new Linux user / admin asks:
Is Linux more secure than Windows?
That depends. ;-) Let me explain:
Fan boys on both sides argue to the death that their
religion operating system is the best and safest to use.
Windows is harder to secure than Linux. It is the simple truth. Many IT professionals including RHCEs and MCSEs believe that Linux is more secure than Windows. However you cannot blindly accept Linux is more secure than Windows. On both operating systems you need to:
a) Restrict user access
b) Restrict service access
c) Restrict network access
d) Create backup / restore policy
e) Install and manage app level security
f) Continuously install, configure, and patch the system etc
As you see both Windows and Linux administrators requires same levels of skills. Linux is secure by design i.e. Linux is inherently more secure than Windows. Linux designed as a multi-use, network operating system from day one. For example IE / FF bug can take down entire windows computer. However, if there were the same bug in FF it won’t take down entire Linux computer. Under windows almost any app level bug (read as vulnerability) can be used to take down the entire system and turn into a zombie computer.
- No operating system is secure
- Both Linux / Windows admin requires same level of skills
- By default Linux is more secure than Windows, but it is also open to attack.
- You can just make attackers job hard.
- Remember, security is an on going process and nothing is secure once connected to network, period.
This is based upon my own experience. I don’t have a good answer here. What do you think? Do you run Windows and Linux? Please add your experience in the comments.
Some vulnerabilities have been reported in APR-util, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) – CVE-2009-1955, CVE-2009-1956, CVE-2009-0023 fix.