[linuxkernelnewbies] Security index [LWN.net]

Thu, 26 Mar 2009 08:45:11 -0700

http://lwn.net/Security/Index/
This index covers articles that appeared in LWN on various security-related topics. Articles from 2007 on are indexed here.

Anonymity

Eavesdropping on Tor traffic (September 12, 2007)

AppArmor

Linux security non-modules and AppArmor (June 27, 2007)

The future of AppArmor (October 17, 2007)

TOMOYO Linux and pathname-based security (April 14, 2008)

Application binary interface (ABI)

Cascading security updates (February 27, 2008)

Authentication

Biometric

Fingerprint recognition using fprint (November 21, 2007)

Biometrics for identification (April 2, 2008)

Bypass

Authentication bypass in routers (March 5, 2008)

Backdoors

The backdooring of WordPress (March 7, 2007)

The backdooring of SquirrelMail (December 19, 2007)

Berkeley Internet Name Daemon (BIND)

Cache poisoning vulnerability found in BIND (July 25, 2007)

The dangers of weak random numbers (February 20, 2008)

Books

Book Review: Hacking VoIP (January 28, 2009)

Botnets

Storm worm gains strength (August 29, 2007)

ITU getting serious about botnets (November 28, 2007)

Storm botnet used to study spam (November 12, 2008)

Browser cookies

Session cookies for web applications (May 21, 2008)

Another kind of cookie (October 29, 2008)

Bug reporting

Counting vulnerabilities (June 22, 2007)

Cascading security updates (February 27, 2008)

Secrecy and the DNS flaw (July 9, 2008)

Injunction lifted against MIT students (August 20, 2008)

Partial disclosure (October 8, 2008)

Distribution advisories (November 26, 2008)

"Vishing" advisory targets Asterisk (December 17, 2008)

CAPTCHA

Breaking CAPTCHA (March 19, 2008)

CERT

GCC and pointer overflows (April 16, 2008)

Certifications

Red Hat and IBM get certified (June 20, 2007)

Fedora and CAPP (December 10, 2008)

chroot()

What chroot() is really for (October 3, 2007)

Cross-site scripting (XSS)

Extended Validation certificates and cross-site scripting (March 12, 2008)

Detecting vulnerabilities

Capturing web attacks with open proxy honeypots (July 3, 2007)

Distributions

ParanoidLinux: from fiction to reality (October 1, 2008)

Distribution security

LCA: How to improve Debian security (January 17, 2007)

Security hardening for Debian (February 6, 2008)

Eee PC security or lack thereof (February 13, 2008)

Debian, OpenSSL, and a lack of cooperation (May 14, 2008)

Debian vulnerability has widespread effects (May 14, 2008)

SELinux and Fedora (July 9, 2008)

Ubuntu, security response, and community contributions (July 16, 2008)

Fedora distributes new keys (September 10, 2008)

Distribution advisories (November 26, 2008)

Fedora and CAPP (December 10, 2008)

Package managers

Trust and mirrors (July 16, 2008)

Document Object Model (DOM)

Finding bugs lurking in the DOM (January 30, 2008)

Leaking browser history (June 25, 2008)

Domain Name System (DNS)

Cache poisoning

Cache poisoning vulnerability found in BIND (July 25, 2007)

Secrecy and the DNS flaw (July 9, 2008)

Details of the DNS flaw revealed (August 13, 2008)

Email

Spam prevention

Backscatter increase clogs inboxes (April 9, 2008)

Encryption

DMCA

Another attempt at DMCA reform - sort of (February 28, 2007)

Email

Email privacy (November 7, 2007)

Filesystems

The Tahoe secure filesystem (April 30, 2008)

Web

The future of unencrypted web traffic (January 2, 2008)

Deep packet inspection (July 23, 2008)

Firefox

Firefox security status (June 7, 2007)

Firefox 3 SSL certificate warnings (August 27, 2008)

Firefox security add-ons (January 21, 2009)

GCC

GCC and pointer overflows (April 16, 2008)

Hardening

Security hardening for Debian (February 6, 2008)

Hardware

Attacking network cards (May 28, 2008)

Hijacking

X programs

OpenSSH bug falls through the cracks (April 9, 2008)

Identity management

Bandit: multi-protocol identity management (September 26, 2007)

OpenID 2.0 closing in on acceptance (October 31, 2007)

Information leak

Our devices are spilling our secrets (August 1, 2007)

Integrity management

Integrity management in the kernel (March 28, 2007)

System integrity in Linux (December 3, 2008)

Internet

SCADA system vulnerabilities (June 11, 2008)

Deep packet inspection (July 23, 2008)

Honeypots

Capturing web attacks with open proxy honeypots (July 3, 2007)

Routers

Home routers and security flaws (October 10, 2007)

The Onion Router (Tor)

Eavesdropping on Tor traffic (September 12, 2007)

Voice over IP (VoIP)

The Skype outage (August 22, 2007)

"Vishing" advisory targets Asterisk (December 17, 2008)

Book Review: Hacking VoIP (January 28, 2009)

Jails

What chroot() is really for (October 3, 2007)

_javascript_

Web security vulnerabilities and _javascript_ (January 23, 2008)

Linux kernel

revoke() returns (December 18, 2007)

vmsplice(): the making of a local root exploit (February 12, 2008)

The rest of the vmsplice() exploit story (March 4, 2008)

Handling kernel security problems (July 16, 2008)

Kernel security, year to date (September 9, 2008)

System calls and rootkits (September 10, 2008)

DR rootkit released under the GPL (September 10, 2008)

The future for grsecurity (January 7, 2009)

Credentials

Credential records (September 25, 2007)

Linux/POSIX capabilities

LCA: How to improve Debian security (January 17, 2007)

Fixing CAP_SETPCAP (October 31, 2007)

Restricting root with per-process securebits (April 30, 2008)

Filesystem capabilities in Fedora 10 (January 7, 2009)

Random number generation

On entropy and randomness (December 12, 2007)

Virtual file system (VFS)

A kernel security hole (January 16, 2008)

Linux Security Modules (LSM)

Linux security non-modules and AppArmor (June 27, 2007)

Smack for simplified access control (August 8, 2007)

SMACK meets the One True Security Module (October 2, 2007)

The future of AppArmor (October 17, 2007)

LSM: loadable or static? (October 24, 2007)

Kernel-based malware scanning (December 4, 2007)

TOMOYO Linux and pathname-based security (April 14, 2008)

OLS: Smack for embedded devices (August 6, 2008)

Snet and the LSM API (January 28, 2009)

Mobile phones

Android's first vulnerability (November 5, 2008)

Android application security (February 4, 2009)

Networking

Filesystems

The Tahoe secure filesystem (April 30, 2008)

Obfuscation

Hiding open ports with shimmer (January 9, 2008)

Wireless

USB device authorization (July 17, 2007)

One Laptop Per Child (OLPC)

Bitfrost: the OLPC security model (February 7, 2007)

OLPC's software update problem (July 3, 2007)

OpenOffice.org

BadBunny? Only if you invite it in (June 12, 2007)

OpenSSH

OpenSSH bug falls through the cracks (April 9, 2008)

OpenSSH and keystroke timings (September 17, 2008)

SSH plaintext recovery vulnerability (November 19, 2008)

OpenSSL

Debian, OpenSSL, and a lack of cooperation (May 14, 2008)

Debian vulnerability has widespread effects (May 14, 2008)

Organizations

oCERT and oss-security (June 4, 2008)

PHP

Tools

Scanning for PHP vulnerabilities with Pixy (June 27, 2007)

PostgreSQL

SE-PostgreSQL uses SELinux for database security (July 18, 2007)

Privacy

Our devices are spilling our secrets (August 1, 2007)

Eavesdropping on Tor traffic (September 12, 2007)

Email privacy (November 7, 2007)

Another kind of cookie (October 29, 2008)

Race conditions

Exploiting races in system call wrappers (August 15, 2007)

Exploiting symlinks and tmpfiles (September 19, 2007)

Random number generation

On entropy and randomness (December 12, 2007)

The dangers of weak random numbers (February 20, 2008)

Debian, OpenSSL, and a lack of cooperation (May 14, 2008)

Debian vulnerability has widespread effects (May 14, 2008)

Reference

The Application Security Desk Reference (June 18, 2008)

Research

Auctions

Security research: buy low, sell high? (July 11, 2007)

Rootkits

System calls and rootkits (September 10, 2008)

DR rootkit released under the GPL (September 10, 2008)

Ruby

Ruby security flaws expose release process problems (July 2, 2008)

Samba

Eee PC security or lack thereof (February 13, 2008)

Secure Sockets Layer (SSL)

Certificates

Extended Validation certificates and cross-site scripting (March 12, 2008)

Firefox 3 SSL certificate warnings (August 27, 2008)

SSL man-in-the-middle attacks (December 24, 2008)

SSL certificates and MD5 collisions (January 14, 2009)

Security Enhanced Linux (SELinux)

SE-PostgreSQL uses SELinux for database security (July 18, 2007)

SELinux and Fedora (July 9, 2008)

OLS: SELinux from academia to your desktop (July 30, 2008)

Newer kernels and older SELinux policies (September 24, 2008)

SELinux permissive domains (October 15, 2008)

Signing code

Java cryptography and free distributions (March 14, 2007)

Integrity management in the kernel (March 28, 2007)

Spam

Backscatter increase clogs inboxes (April 9, 2008)

Storm botnet used to study spam (November 12, 2008)

Talpa

Kernel-based malware scanning (December 4, 2007)

The TALPA molehill (August 6, 2008)

TALPA strides forward (August 27, 2008)

TOMOYO Linux

TOMOYO Linux and pathname-based security (April 14, 2008)

Tools

Access control

Smack for simplified access control (August 8, 2007)

Browser exploit detection

Finding bugs lurking in the DOM (January 30, 2008)

Firewall

All aboard the SmoothWall Express (August 29, 2007)

Hiding open ports with shimmer (January 9, 2008)

Password guessing prevention

Preventing brute force ssh attacks (October 24, 2007)

Penetration testing

Mobile phone or penetration tool? (September 24, 2008)

PHP code scanning

Scanning for PHP vulnerabilities with Pixy (June 27, 2007)

Policy management

Centralizing policy rules with PolicyKit (November 14, 2007)

SQL injection scanning

Find SQL injection vulnerabilities with sqlmap (September 3, 2008)

Voting machines

Securing our votes (August 8, 2007)

Voting machine integrity through transparency (March 26, 2008)

Vulnerabilities

Authentication bypass

Authentication bypass in routers (March 5, 2008)

Cross-site request forgery (CSRF)

Cross-site request forgery (October 17, 2007)

Cryptographic splicing

Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)

HTTP response splitting

HTTP response splitting (October 17, 2008)

Image handling

Image handling vulnerabilities (April 23, 2008)

Macro language (ab)use

BadBunny? Only if you invite it in (June 12, 2007)

Privilege escalation

vmsplice(): the making of a local root exploit (February 12, 2008)

The rest of the vmsplice() exploit story (March 4, 2008)

Standards, the kernel, and Postfix (August 20, 2008)

Race conditions

Exploiting races in system call wrappers (August 15, 2007)

SQL injection

Find SQL injection vulnerabilities with sqlmap (September 3, 2008)

Temporary files

Exploiting symlinks and tmpfiles (September 19, 2007)

Web application flaws

The backdooring of WordPress (March 7, 2007)

Home routers and security flaws (October 10, 2007)

Cross-site request forgery (October 17, 2007)

The backdooring of SquirrelMail (December 19, 2007)

Web security vulnerabilities and _javascript_ (January 23, 2008)

Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)

Web browsers

Leaking browser history (June 25, 2008)

Web sessions

Session cookies for web applications (May 21, 2008)

Reply via email to