Security bug with the recent F-secure Linux Security 7.00

It has been discovered that Linux Security 7.00 that was released by F-secure just about three weeks ago contains a very serious bug that can have severe consequences for customer systems. Hence, F-secure has call for total withdrawal of the sode. Please if you have installed Linux Security 7.00 and you are using the Client Edition keycode, please uninstall immediately to prevent further damage to your system.

You obtain the latest code - Linux Security release 7.01 without the bug at F-secure site at: http://www.f-secure.com/linux-weblog/2008/05/23/linux-security-701-released/

Multisensor Message Exchange Mechanism

With the recent advances on data fusion as a step in the right direction for combining, correlating and fusing security evidence from myriad heterogeneous sources (such as FW, IDS, AV and Sensor) to create situational awareness. I thought it’s about time to discuss the need for a secure message exchange mechanism that assists various “sources”, such as Sensors, Firewalls, intrusion detection systems (IDSes), etc to connect, contribute and communicate their observations securely. At the International Conference on Global e-Security held in London, UK, on the 23-25 June 2008. I presented a paper on "Multisensor Message Exchange Mechanism." (MEM).

MEM is a mechanism that allows various sources on the network to securely send their observations of the network to a centralised analysis module where these pieces of evidence can be collated, correlated and combined in making decisions about the situational awareness of the network that is not possible with any single source on the network.

Recall that the intrusion detection community proposed the IDMEF - "Intrusion Detection Message Exchange Format" – RFC 4765 that specifies a message format for IDSes required in an exchange. However, the MEM is not another “standard” on how IDSes should format their messages, rather MEM outlines a high-level process for “sources” in general, to communicate and exchange their intelligence. Hence, the MEM can be seen by some as a complementary mechanism to the IDMEF framework, but not solely for intrusion detection systems.

Details of the described mechanism can be found at Springer-Verlag; however, an early version of the paper can be downloaded from my site - www.research-series.com/cyril

Your comments will be highly appreciated.