From Fedora Project Wiki

< FWN‎ | Beats

No edit summary
No edit summary
Line 6: Line 6:
Contributing Writer: [[JoshBressers]]
Contributing Writer: [[JoshBressers]]


=== April Fools! ===
=== Malicious Activity grows in 2008 ===
Probably the biggest not story this week was the Conficker Worm not ending the world on April 1. From a security perspective, designing the worm to activate on April 1 was brilliant. The Internet is probably 90% nonsense on any given day, but April 1 pushes that dial to an 11. If you want to do something and not get the word out, do it on April 1. Had the worm actually done something interesting, would anyone believe the story?
2008 Saw a surge in malicious code activity <ref>http://www.net-security.org/secworld.php?id=7311</ref>
This is a disturbing trend, and for the underground, this is easy money. The threat will continue to grow until either the money dries up (unlikely) or the difficulty of exploiting this is greater than the potential gain. Right now it looks like the trend will continue for several years.


=== April Fools? ===
=== Who in the Linux world would be responsible for a worm ===
The other biggest non April Fools story is probably OpenSSL 1.0.0 Beta 1 <ref>http://www.openssl.org/source/</ref> being released on April 1. Openssl has been at version 0.9 for as long as most people can remember. It's great to see it nearing version 1.0.0
Last week OSNews asked a rather interesting, but easily answered question:
OSNews Asks: Who'd Be Responsible for a Linux Conficker? <ref>http://www.osnews.com/story/21312/OSNews_Asks_Who_d_Be_Responsible_for_a_Linux_Conficker_</ref>
The world of Open Source security is mostly a process that happens behind the scenes, but is quite effective. There is a wiki called OSS-Security <ref>http://oss-security.openwall.org/wiki/</ref> that provides a number of links to various groups. In the event of something like a worm, the vast majority of the effort would end up happening on the Vendor Security (vendor-sec<ref>http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec</ref>) mailing list. This is a group of trusted Open Source distributors that communicate in private in an effort to keep the end users of Open Source software secure. To date this group has been working out quite well, and the members are very used to solving security flaws in a cooperative manner. In the event of a widespread Linux worm, there would be many tired people, and quite a lot of vendor-sec emails.


<references/>
<references/>

Revision as of 19:40, 19 April 2009

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Malicious Activity grows in 2008

2008 Saw a surge in malicious code activity [1] This is a disturbing trend, and for the underground, this is easy money. The threat will continue to grow until either the money dries up (unlikely) or the difficulty of exploiting this is greater than the potential gain. Right now it looks like the trend will continue for several years.

Who in the Linux world would be responsible for a worm

Last week OSNews asked a rather interesting, but easily answered question: OSNews Asks: Who'd Be Responsible for a Linux Conficker? [2] The world of Open Source security is mostly a process that happens behind the scenes, but is quite effective. There is a wiki called OSS-Security [3] that provides a number of links to various groups. In the event of something like a worm, the vast majority of the effort would end up happening on the Vendor Security (vendor-sec[4]) mailing list. This is a group of trusted Open Source distributors that communicate in private in an effort to keep the end users of Open Source software secure. To date this group has been working out quite well, and the members are very used to solving security flaws in a cooperative manner. In the event of a widespread Linux worm, there would be many tired people, and quite a lot of vendor-sec emails.