If gentlemen prefer blondes then, it would appear, intelligence agencies prefer Linux. Or at least so it would seem judging by downloads on offer at OnSecure, a joint portal of the highly secretive signals intelligence collection agency the Defence Signals Directorate and the spam-busting National Office of the Information Economy.
Launched a fortnight ago as a secure gateway for federal public servants to electronically submit reports on government related e-security and hacking incidents, the portal notably includes a direct link to a Linux Kernal site under the heading of Downloads/Operating Systems.
Amusingly, the penguin flavoured OS also rates 9/10 DSD biohazard stars for e-security under the site's user rating system [one user], and comes with rave review from one DSD insider.
"Linux is a very advanced server operating system with exceptional stability and security features. It is now even starting to penetrate the desktop market with an excellent desktop environment (KDE) and a great office suite (OpenOffice)," said the DSD user.
Notwithstanding such platitudes, another part of the site carries an advisory of a critical Linux vulnerability stemming from the recent hack of servers belonging to the Debian project. The advisory states that forensics on the intrusion "indicated that the vulnerability used was a kernel vulnerability in the brk function", and that patches have now been issued.
While the primary function of DSD is military signals collection and code breaking (on par with the US National Security Agency or British GCHQ), the agency is also charged with vetting and clearing the security of all federal computer systems and equipment.
Although the OnSecure project is backed by the security credentials and some content from DSD, the agency is understood to be keen to allow NOIE to push the more public educative aspects of the scheme as part of its mandate of greater services to government. Defence insiders told Computerworld DSD's workload has also increased substantially over the last 12 months in line with Australia's recent overseas military deployments.
Part of the OnSecure idea is to provide shelter for public service users to canvass public sector IT security in an effort to raise awareness - away from the predatory charms of vendors and predatory eyes of the media at large.
DSD is also understood to have appointed an intra-governmental marketing and communications manager to promote the merits of better IT security, and the various products, services and training from DSD to the public service which are available on a cost recovery basis.
In a rare public appearance, DSD director Steve Merchant cut the ribbon on the project in Canberra last week, giving it his blessing. Enquiries reveal the OnSecure site runs Apache Linux with a netblock registered to the Department of Defence.