LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

In defense of Ubuntu

Why the JMRI decision matters

LWN.net Weekly Edition for August 14, 2008

Details of the DNS flaw revealed

Udev rules and the management of the plumbing layer

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Security index

This index covers articles that appeared in LWN on various security-related topics. Articles from 2007 on are indexed here.

Anonymity

Eavesdropping on Tor traffic (September 12, 2007)

AppArmor

Linux security non-modules and AppArmor (June 27, 2007)

The future of AppArmor (October 17, 2007)

TOMOYO Linux and pathname-based security (April 14, 2008)

Application binary interface (ABI)

Cascading security updates (February 27, 2008)

Authentication

Biometric

Fingerprint recognition using fprint (November 20, 2007)

Biometrics for identification (April 2, 2008)

Bypass

Authentication bypass in routers (March 5, 2008)

Backdoors

The backdooring of WordPress (March 7, 2007)

The backdooring of SquirrelMail (December 19, 2007)

Berkeley Internet Name Daemon (BIND)

Cache poisoning vulnerability found in BIND (July 25, 2007)

The dangers of weak random numbers (February 20, 2008)

Botnets

Storm worm gains strength (August 29, 2007)

ITU getting serious about botnets (November 28, 2007)

Browser cookies

Session cookies for web applications (May 21, 2008)

Bug reporting

Counting vulnerabilities (June 22, 2007)

Cascading security updates (February 27, 2008)

Secrecy and the DNS flaw (July 9, 2008)

CAPTCHA

Breaking CAPTCHA (March 19, 2008)

CERT

GCC and pointer overflows (April 16, 2008)

Certifications

Red Hat and IBM get certified (June 20, 2007)

chroot()

What chroot() is really for (October 3, 2007)

Cross-site scripting (XSS)

Extended Validation certificates and cross-site scripting (March 12, 2008)

Detecting vulnerabilities

Capturing web attacks with open proxy honeypots (July 3, 2007)

Distribution security

LCA: How to improve Debian security (January 17, 2007)

Security hardening for Debian (February 6, 2008)

Eee PC security or lack thereof (February 13, 2008)

Debian, OpenSSL, and a lack of cooperation (May 14, 2008)

Debian vulnerability has widespread effects (May 14, 2008)

SELinux and Fedora (July 9, 2008)

Ubuntu, security response, and community contributions (July 16, 2008)

Package managers

Trust and mirrors (July 16, 2008)

Document Object Model (DOM)

Finding bugs lurking in the DOM (January 30, 2008)

Leaking browser history (June 25, 2008)

Domain Name System (DNS)

Cache poisoning

Cache poisoning vulnerability found in BIND (July 25, 2007)

Secrecy and the DNS flaw (July 9, 2008)

Email

Spam prevention

Backscatter increase clogs inboxes (April 9, 2008)

Encryption

DMCA

Another attempt at DMCA reform - sort of (February 28, 2007)

Email

Email privacy (November 7, 2007)

Filesystems

The Tahoe secure filesystem (April 30, 2008)

Web

The future of unencrypted web traffic (January 2, 2008)

Deep packet inspection (July 23, 2008)

Firefox

Firefox security status (June 6, 2007)

GCC

GCC and pointer overflows (April 16, 2008)

Hardening

Security hardening for Debian (February 6, 2008)

Hardware

Attacking network cards (May 28, 2008)

Hijacking

X programs

OpenSSH bug falls through the cracks (April 9, 2008)

Identity management

Bandit: multi-protocol identity management (September 26, 2007)

OpenID 2.0 closing in on acceptance (October 31, 2007)

Information leak

Our devices are spilling our secrets (August 1, 2007)

Integrity management

Integrity management in the kernel (March 28, 2007)

Internet

SCADA system vulnerabilities (June 11, 2008)

Deep packet inspection (July 23, 2008)

Honeypots

Capturing web attacks with open proxy honeypots (July 3, 2007)

Routers

Home routers and security flaws (October 10, 2007)

The Onion Router (Tor)

Eavesdropping on Tor traffic (September 12, 2007)

Voice over IP (VoIP)

The Skype outage (August 22, 2007)

Jails

What chroot() is really for (October 3, 2007)

Javascript

Web security vulnerabilities and Javascript (January 23, 2008)

Linux kernel

revoke() returns (December 18, 2007)

vmsplice(): the making of a local root exploit (February 11, 2008)

The rest of the vmsplice() exploit story (March 4, 2008)

Handling kernel security problems (July 16, 2008)

Credentials

Credential records (September 25, 2007)

Linux/POSIX capabilities

LCA: How to improve Debian security (January 17, 2007)

Fixing CAP_SETPCAP (October 31, 2007)

Restricting root with per-process securebits (April 30, 2008)

Random number generation

On entropy and randomness (December 12, 2007)

Virtual file system (VFS)

A kernel security hole (January 16, 2008)

Linux Security Modules (LSM)

Linux security non-modules and AppArmor (June 27, 2007)

Smack for simplified access control (August 8, 2007)

SMACK meets the One True Security Module (October 2, 2007)

The future of AppArmor (October 17, 2007)

LSM: loadable or static? (October 24, 2007)

Kernel-based malware scanning (December 4, 2007)

TOMOYO Linux and pathname-based security (April 14, 2008)

OLS: Smack for embedded devices (August 6, 2008)

Networking

Filesystems

The Tahoe secure filesystem (April 30, 2008)

Obfuscation

Hiding open ports with shimmer (January 9, 2008)

Wireless

USB device authorization (July 17, 2007)

One Laptop Per Child (OLPC)

Bitfrost: the OLPC security model (February 7, 2007)

OLPC's software update problem (July 3, 2007)

OpenOffice.org

BadBunny? Only if you invite it in (June 12, 2007)

OpenSSH

OpenSSH bug falls through the cracks (April 9, 2008)

OpenSSL

Debian, OpenSSL, and a lack of cooperation (May 14, 2008)

Debian vulnerability has widespread effects (May 14, 2008)

Organizations

oCERT and oss-security (June 4, 2008)

PHP

Tools

Scanning for PHP vulnerabilities with Pixy (June 27, 2007)

PostgreSQL

SE-PostgreSQL uses SELinux for database security (July 18, 2007)

Privacy

Our devices are spilling our secrets (August 1, 2007)

Eavesdropping on Tor traffic (September 12, 2007)

Email privacy (November 7, 2007)

Race conditions

Exploiting races in system call wrappers (August 15, 2007)

Exploiting symlinks and tmpfiles (September 19, 2007)

Random number generation

On entropy and randomness (December 12, 2007)

The dangers of weak random numbers (February 20, 2008)

Debian, OpenSSL, and a lack of cooperation (May 14, 2008)

Debian vulnerability has widespread effects (May 14, 2008)

Reference

The Application Security Desk Reference (June 18, 2008)

Research

Auctions

Security research: buy low, sell high? (July 11, 2007)

Ruby

Ruby security flaws expose release process problems (July 2, 2008)

Samba

Eee PC security or lack thereof (February 13, 2008)

Secure Sockets Layer (SSL)

Certificates

Extended Validation certificates and cross-site scripting (March 12, 2008)

Security Enhanced Linux (SELinux)

SE-PostgreSQL uses SELinux for database security (July 18, 2007)

SELinux and Fedora (July 9, 2008)

OLS: SELinux from academia to your desktop (July 30, 2008)

Signing code

Java cryptography and free distributions (March 14, 2007)

Integrity management in the kernel (March 28, 2007)

Spam

Backscatter increase clogs inboxes (April 9, 2008)

Talpa

Kernel-based malware scanning (December 4, 2007)

The TALPA molehill (August 6, 2008)

TOMOYO Linux

TOMOYO Linux and pathname-based security (April 14, 2008)

Tools

Access control

Smack for simplified access control (August 8, 2007)

Browser exploit detection

Finding bugs lurking in the DOM (January 30, 2008)

Firewall

All aboard the SmoothWall Express (August 29, 2007)

Hiding open ports with shimmer (January 9, 2008)

Password guessing prevention

Preventing brute force ssh attacks (October 24, 2007)

PHP code scanning

Scanning for PHP vulnerabilities with Pixy (June 27, 2007)

Policy management

Centralizing policy rules with PolicyKit (November 14, 2007)

Voting machines

Securing our votes (August 8, 2007)

Voting machine integrity through transparency (March 26, 2008)

Vulnerabilities

Authentication bypass

Authentication bypass in routers (March 5, 2008)

Cross-site request forgery (CSRF)

Cross-site request forgery (October 17, 2007)

Cryptographic splicing

Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)

Image handling

Image handling vulnerabilities (April 23, 2008)

Macro language (ab)use

BadBunny? Only if you invite it in (June 12, 2007)

Privilege escalation

vmsplice(): the making of a local root exploit (February 11, 2008)

The rest of the vmsplice() exploit story (March 4, 2008)

Race conditions

Exploiting races in system call wrappers (August 15, 2007)

Temporary files

Exploiting symlinks and tmpfiles (September 19, 2007)

Web application flaws

The backdooring of WordPress (March 7, 2007)

Home routers and security flaws (October 10, 2007)

Cross-site request forgery (October 17, 2007)

The backdooring of SquirrelMail (December 19, 2007)

Web security vulnerabilities and Javascript (January 23, 2008)

Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)

Web browsers

Leaking browser history (June 25, 2008)

Web sessions

Session cookies for web applications (May 21, 2008)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.