Blackmoor Vituperative

Just thought I’d pass along a few security-related links which I thought were interesting…

• Advice for reading about security
• Code for ultimate rootkit to be released on 2009-03-19
• Recession: a chance to deploy open source security solutions

In particular, I think this comment strikes at the heart of what’s wrong with IT in many companies:

Open source software in general, and Linux in particular, also has an undeserved reputation for poor security in some circles. Part of the reason for this is the fact that many people simply don’t understand how software security, and open source development, works. They hear “open source”, and think “Hell, if anyone can get the source, then anyone can modify it. How do we know we aren’t getting software modified by some malicious ‘hacker’ who wants to steal our sensitive data?” Another part of the reason is that many people with limited technical skills — and a dismaying number of supposed technology “experts” — simply don’t understand that there’s more to security than counting vulnerabilities.

(from Recession: a chance to deploy open source security solutions, TechRepublic)