Skip Links

Security rundown for the week ending Sept. 2

Linux kernel break-in, virtualization protection, copper theft security and Mac OS X breaks dominate security news

By , Network World
September 02, 2011 12:01 PM ET

Network World - A mish-mash of security issues came up this week, everything from how to protect virtualized environments to a system that protects copper in utility sites from robbery and a story about digital certificate thefts.

First though, this week brought news that hackers broke into the Kernel.org website that is home to the Linux project, according to Kernel.org's owners. With the barbarian hordes of the Internet having breached this bastion of Linux, Kernel.org's owners say they have contacted law enforcement in the U.S. and Europe as they try to figure out what happened.

Linux lovers should be asking how well the crown jewels of open source are being guarded and whether the best possible security controls are in place. 

Other hacking incidents became public last week as well. WikiLeaks, which collects and disseminates information it gets from those who hack places like businesses and government, admitted it was hacked and a large cache of information it thought it held secret was disclosed, according to The Wall Street Journal. Just proves when you live by the sword you often die by the sword.

REPORT: Top cybersecurity concerns: Malicious code, employees run amok

And it's becoming increasingly obvious that hackers are prying open the door of older security technologies, such as certificates used for authentication, as it was discovered last week occurred when certificate authority DigiNotar, which is owned by Vasco Data Security, admitted a large number of its certificates had been stolen.

DigiNotar said it's halting sales of its certificates as browser makers Google, Mozilla and Microsoft seek to revoke the stolen ones. Does this make certificates once again look like a broken system?

VMworld: Security has to get virtual

If there was ever a disruptive force, it's virtualization. It's becoming clear to both the security industry and enterprise managers that it's not sufficient to exist with the same old security stuff used in the non-virtualized networks. At VMworld, the annual conference put on by VMware, which has the lion's share of the virtualization software market right now, a number of announcements related to security.

Not only were new products on display, but VMware, which has struggled with trying to bring security vendors into its vShield development efforts, got new backing from McAfee, Symantec, Kaspersky Lab, Lumension, Sophos and BitDefender. But there's still a lot of debate over whether agentless anti-malware is really going to fly, with Symantec saying it has doubts a fully agentless approach will work.

Kaspersky Lab says it expects to have at least one product specific to VMware ready by early next year. So far, Trend Micro has been the most aggressive in developing vShield-based anti-malware products for vSphere.

VMware, with help from Cisco, unveiled what's called "virtual extensible LANs (VXLAN)" that seek to retain the benefits of VLANs while also adding a virtual machine on the fly, according to VMware Chief Technology Officer Allwyn Sequiera, who says it will be supported in vSphere in the near future. Citrix points out this not just a VMware thing but that VXLAN is intended to be an IETF standard.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News