From Fedora Project Wiki

< FWN‎ | Beats

No edit summary
No edit summary
Line 6: Line 6:
Contributing Writer: [[JoshBressers]]
Contributing Writer: [[JoshBressers]]


=== OSS-Security ===
=== Verizon Data-Breach Study ===
The existence of the OSS-Security Community was [http://www.bress.net/blog/archives/115-Announcing-oss-security.html announced] last week.  If you're interested in the unique challenges that Open Source software faces with respect to security, feel free to join the discussions within the group. As all communities go, the idea here is to grow a self sustaining community, not something that's just a few people doing all the work.
Verizon Business released a very interesting report on [http://www.verizonbusiness.com/about/news/displaynews.xml?newsid=25135&mode=vzlong&lang=en&width=530 data breaches in the enterprise].
Their findings are quite interesting, but two things especially stand out:


=== Flash Player ===
* Insider threat has decreased substantially.
There were rumblings of a 0day Flash Player flaw in the wild.  It turned out to be unpatched copies of Flash Player as noted on the
* 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.
[http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html Adobe Product Security Blog].  This is just another example of why it's very important to keep your system updated properly.


=== Samba ===
It seems that the single most important thing an administrator can do is to keep their system updated.
A quite serious Samba flaw was [http://us1.samba.org/samba/security/CVE-2008-1105.html released] last week.
 
Initially this was thought to be quite minor, until it was noticed that it's possible for a Samba server to connect back to a client when doing certain printing actions.  This means that this particular Samba client issue also affected the server.  Quite tricky.

Revision as of 02:47, 15 June 2008

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Verizon Data-Breach Study

Verizon Business released a very interesting report on data breaches in the enterprise. Their findings are quite interesting, but two things especially stand out:

  • Insider threat has decreased substantially.
  • 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.

It seems that the single most important thing an administrator can do is to keep their system updated.