• United States



by CSO Contributor

Security Group Warns of Hole in Linux Kernel; No Direction from Bush in Leak Probe; AOL to Add Spyware Detection to Service; Hacker Lamo Says Hell Accept Plea Bargain

Jan 06, 20043 mins
CSO and CISOData and Information Security

Security Group Warns of Hole in Linux Kernel

According to an IDG News Service story posted on InfoWorld, computer security researchers are again warning about a critical vulnerability in the Linux kernel that could be used by malicious hackers to take control of systems using the popular open source operating system. ISEC, a noncommercial security research group based in Poland, discovered the problem in kernel code for a component called “mremap,” used to manage virtual memory on Linux systems. Attackers could use the vulnerability to create an invalid virtual memory area (VMA), which could destabilize the Linux operating system or allow a malicious user to run attack code on the system, the report says. No Direction from Bush in Leak ProbeThe Washington Post today. The forms could put pressure on White House officials as well as journalists, the Post reports, who would be told that the source wants reporters to answer the FBI’s questions rather than assert any journalistic privilege. The formal investigation began Sept. 30, aimed at pinning down who in the government revealed Plame’s identity, which was printed by columnist Robert D. Novak on July 14. Bush has expressed doubt that the leaker will be found, citing the number of people who could fit Novak’s description of his source: a “senior administration official.”

White House press secretary Scott McClellan declined to say yesterday whether President Bush thinks his aides should sign forms that would release reporters from any pledges of confidentiality regarding the leak of the identity of CIA operative Valerie Plame, according to

AOL to Add Spyware Detection to ServiceNew York Times, America Online will give its customers built-in software to detect and remove “spyware,” hidden tools that can monitor Web surfers’ online habits for marketing purposes, company executives said yesterday. The spyware-removal program is actually made by another company, Aluria Software, and will be bundled with the next version of AOL’s software. It will work automatically on the customer’s computer, scanning it once a week and identifying the adware and spyware packages it finds, AOL said.

According to a story in todays

Hacker Lamo Says Hell Accept Plea BargainThe New York Times‘ network and running up the bill on a subscriber-only news-archiving service, surrendered to the FBI in September and is out on bail. According to a CNET News story, he will appear in court Thursday to accept a plea bargain. In a telephone interview Monday, Lamo said the plea bargain could include a sentence of six months of home detention.

Adrian Lamo, who is facing a pair of federal felony charges for allegedly breaking into