SEAndroid Made Available by NSA

In an earlier post on open-source defense, I talked briefly about SELinux, a version of the Linux operating system modified for greater security by the US National Security Agency [NSA].   Recently, the NSA has expressed an interest in developing a more secure smart phone, and has now announced the release of SEAndroid, a set of modifications for the Android mobile operating system, analogous to SELinux. Android is a Linux-based system, produced by the Open Handset Alliance, led by Google.

As the project page for SEAndroid points out, the work builds on already-existing SELinux facilities.

Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps.

Going forward, the project will develop additional Android-specific capabilities.   SEAndroid is available in source code.  Th eproject page has access instructions, as well as information on the public SEAndroid mailing list.

 

OUCH! Security Awareness Newsletter

The folks over at the SANS Institute , as part of their Securing the Human project, have a free monthly newsletter on security awareness, called OUCH!.  It is aimed at computer users in general, not just security geeks, and is written in plain language — in fact, in twelve of them.

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.

This month’s issue,. for example, focuses on “Securing your WiFI Network”, and covers:

• Administration
• Your Network Name
• Encryption & Authentication
• OpenDNS

Previous issues have covered “Browser Security and Privacy”, “Backup and Recovery”, and “Social Networking Safety”.   There is a complete archive of past issues on the site.

The newsletter is presented as a PDF document, so you can easily download it if you wish.  It is published under a Creative Commons BY-NC-ND 3.0 license, which allows you to copy it without alterations, as long as you credit the source and do not distribute it for commercial purposes.  (Obviously, if this is of any concern, you should consult the terms of the actual license, and perhaps your attorney.)

This is a good free resource, especially for small organizations and home users.