Red Hat Security Blog: October 2013 archives

  • Debugging stack protector failures

    Co-contributors: Dhiru Kholia and Florian Weimer GCC upstream and Fedora 19 recently improved the stack smashing protector. Each time we add more security instrumentation, we also uncover some previously hidden bugs. This post shows how to debug stack protector failures. Our example debugging session is based on a GNOME bug report for Evolution. Vadim Rutkovsky reported that Evolution 3.9.4 in Fedora rawhide crashed during the initial setup when built with -fstack-protector-strong flag. The...
    Posted 2013-10-23T13:30:01+00:00 - 0
  • Symmetric Encryption

    So far we have looked at what cryptography is and have taken a brief look at the history of cryptography; it's time for us to take a dive into how cryptography works. Cryptography often involves two important and complimentary processes called encryption and decryption. The process of encryption and decryption involves a secret key which is known only to the sender and the receiver of the message. Needless to say, the secrecy of the message depends on the secrecy of the key. This is analogous...
    Posted 2013-10-16T13:30:23+00:00 - 0
  • Enterprise Linux 5.9 to 5.10 risk report

    Red Hat Enterprise Linux 5.10 was released this month (October 2013), ten months since the release of 5.9 in January 2013. So let's use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 5 Server. Red Hat Enterprise Linux 5 is in its seventh year since release, and will receive security updates until March 31st 2017. Errata count The chart below illustrates the total number of security updates...
    Posted 2013-10-09T13:30:29+00:00 - 0
  • We are not who we are

    In authentication, we generally talk about three "factors" for determining identity. A "factor" is a broad category for establishing that you are who you claim to be. The three types of authentication factors are: Something you know (a password, a PIN, the answer to a "security question", etc.) Something you have (an ATM card, a smart card, a one-time-password token, etc.) Something you are (your fingerprint, retinal pattern, DNA) Historically, most people have used the first of these three...
    Posted 2013-10-02T13:30:01+00:00 - 0