Each week (ok, mostly every week!) I'll post news items that interested me...

Security analysis of Checkpoint firewall
Of interest is the way around RedHat's ExecShield buffer overflow defense.
http://www.pentest.es/checkpoint_hack.pdf

Abusing chroot
This quote caught my attention: "If you have the ability to use chroot() you are root. If you are root you can walk happily out of any chroot by a thousand other means," Alan Cox
http://kerneltrap.org/Linux/Abusing_chroot

Made For Hacking
There is nothing you don't already know in this article, but it does explain to a laymen why we see some of the issues we see on the Internet.
http://www.forbes.com/security/2007/10/03/cerf-internet-hacking-tech-security-cx_ag_1003techcerf.html

What if We Had Vuln-Free Software?
Jeff Jones has a very jaded view of life sometimes, but he usually nails security issues, and this one is dead on the money IMO.
http://blogs.technet.com/security/archive/2007/09/29/what-if-we-had-vuln-free-software.aspx

Auditing Open Source Software
I love looking at and learning from security bugs. This blog post is interesting, but offers no remedies for integer overflow issues, which makes the article of little use to the people that don't understand the issue. If you want integer overflow remedies and defenses, I would highly recommend the excellent work of my co-author, David LeBlanc.
http://googleonlinesecurity.blogspot.com/2007/10/auditing-open-source-software.html


BlueHat
A couple of blog posts from researchers who attended Bluehat this year. It's always good to see what these guys think...


Back From BlueHat
http://dvlabs.tippingpoint.com/blog/2007/10/01/back-from-bluehat

Back from the Microsoft Blue Hat conference
http://wabisabilabi.blogspot.com/2007/09/back-from-microsoft-blue-hat-conference.html

Apple Mac OSX - Leopard (Security. Safer by Design)
It's always fascinating to see how companies attack (no pun intended) the security problem on their platforms, and the Mac is no exception. A couple of points from the security web page took my interest (emphasis, mine):

Tagging Downloaded Applications
Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent — telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.
[MH] hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista - asking for user consent? :)

Sandboxing
Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do
[MH] Really? I doubt it.

http://www.apple.com/macosx/features/300.html#security