A few weeks ago we brought you the story of a security firm that claimed they were unable to communicate a security flaw they had found. This resulted in their decision to release the flaw to the public to get attention. It was an ugly episode, but perhaps something good has come of it. Today, a new list has been created to help organize and give a clear channel for communicating security issues regarding the Linux kernel.

Developers of the Linux kernel created a security mailing list this week to air future vulnerability information regarding the open-source operating system's core code.

Friday = Linux Advisory Watch from Linux.com. Let's take a look at the warnings for this week...

This week, articles were released for libtiff, ethereal, xpdf, squid, xtrlock, sword, unarj, enscript, zhcon, vdr, xine-lib, libpam-radius, kdebase, f2c, cups, alsa-lib, grep, kernel-utils, hal, im-sdk, gphoto, apr, tetex, koffice, kdegraphics, kdelibs, gaim, procps, mailman, mysql, awstats, less, kernel, and xpdf. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.

So, maybe running MySQL in Windows isn't such a good idea.

Malicious hackers have launched a zero-day bot attack against default Windows installations of the MySQL database engine, infecting vulnerable systems at the rate of 100 per minute, security experts warned on Thursday.

Oh no, now Apple is following Microsoft's lead, complete with gaping security holes.

Apple Computer Tuesday posted patches to fix numerous bugs in the Mac OS X operating system, and for the first time, mimicked Microsoft's naming system for its security updates.

Linux.com gives us a brief history of SELinux and then demonstrates how to use it. Fedora Core 3 is the example implementation used for this discussion.

One of the much-talked-about features in Fedora Core 3 (FC3) is Security-Enhanced Linux, which some people believe will make Linux a truly military-grade secure operating system. But SELinux is available to secure many other distributions as well.

TGIF, that can only mean one thing...you guessed it, the weekly Linux Advisory Watch from Linux.com. :)

This week, advisories were released for twiki, xine, libtiff, mc, gatos, playmidi, chbg, cups, imagemagick, mysql, xpdf, xtrlock, mysql, sword, squid, gimp, dovecot, dhcp, bind, vixie-cron, sysklogd, alsa-lib, grep, kernel-utils, ethereal, mpg123, playmidi, and krb5. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.

Those of you paranoid about security will find this tutorial very interesting. Linux.com introduces us to A.I.D.E. , a GPL'd project, that uses a database to monitor changes to your files.

If an intruder penetrates your system, it will not be long before they upload and replace key system files. This is done to hide malicious programs and cover up the intrusion. For example, the ls program may be replaced with a trojaned version, which hides files that have been uploaded to your system. The ps program is also often replaced to hide the fact that malicious programs have been installed. Installing an intrusion detection system (IDS) can give you a heads up on whether or not filesystems have been modified.

This is a story we covered a while ago. The results are STILL the same. However, this time we have more details on how these tests were conducted, including which distro's were used. The most interesting part of the article is the inclusion of the methods used to compromise the few Linux machines that were successfully attacked.

The Honeypot Project has added fuel to the debate over which is more secure—Linux or Windows—with findings that unpatched Linux (news - web sites) systems can be on the Internet for months before being successfully attacked while Windows systems have been compromised in as little as hours.

It's Friday, that means the weekly security advisory list from Linux.com.

This week, advisories were released for php, ethereal, krb, kerberos, lintian, kdelibs, linpopup, bmv, exim, libc6, exim-tls, gopher, libtiff, gtk, selinux-policy-targeted, epiphany, kernel, yum, samba, cups, subversion, vim, samba, gdpdf, dillo, tikiwiki, pdftohelp, mpg123, imlib2, poppassed_pam, kde, nfs-utils, hylafax, fcron, lesstif, and unarj. The distributors include Contectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and TurboLinux.

Secunia has found a flaw in mpg123.

The software vulnerability may lead to an exploit in which a specially crafted MP2 or MP3 file could cause a memory problem called a "buffer overflow" that could allow an attacker to run malicious code.

We have written a range of guides highlighting excellent free books for popular programming languages. Check out the following guides: C, C++, C#, Java, JavaScript, CoffeeScript, HTML, Python, Ruby, Perl, Haskell, PHP, Lisp, R, Prolog, Scala, Scheme, and SQL.