Server Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Ever wanted to know which operating systems and applications have the most reported security vulnerabilities? Are there more known vulnerabilities in Windows NT or Linux? To find out check out the BUGTRAQ Vulnerability Database statistics page. . . .
"... Transport Layer Security (TLS) is now in open source sendmail. As the official announcement explains, "Ever since the easing of crypto export regulations in the United States, we have been working on releasing the STARTTLS and SMTP Authentication Security . . .
LWN has written up an article describing the "redirect" security difficulty found by the folks at Digital Creations while tracking down a security problem with the Zope application server. "Given the way the web and authentication-based sites work, a suitably . . .
Tim Perdue writes about a new PHP library he's written. "When I started seeing spam messages posted to the new column annotation system, I knew I would have to create some sort of user authentication system that helps weed out . . .
This second part of our two-part series on webserver security explores the problem of keeping private data in publicly accessible areas of you server and keeping data from untrustworthy sources from entering your system. Covers Apache, FTP server, PHP and . . .
Internet appliance-hacker Ken Segler has struck again. The Las Vegas engineer -- who created a cult hit when he discovered that a cable tweak would transform the $99 I-Opener Internet appliance into a fully operational PC -- has found . . .
A potent new software tool has emerged for launching attacks similar to, but more lethal than, the ones that took down Yahoo and other major Web sites in February. The new tool, called "Mstream," joins Trinoo, TFN2K, Stacheldraht, Shaft . . .
Ann Arbor, Mich.-based Cybernet Systems today announced its Linux-based NetMAX VPN Server Suite, a software package designed to set up a virtual private network. The VPN Server Suite, scheduled for a June release, includes a graphical user interface for simpler, . . .
Cybernet Systems Corporation today announced its plan to introduce the industry's first low-cost Linux-based software for creating a Virtual Private Network (VPN). The new NetMAX VPN Server Suite is expected to be the first product to bring secure VPN Internet . . .
Here's information on implementing ACLs using Linux. Access Control Lists (ACLs) support more fine-grained permissions. Arbitrary users and groups can be granted or denied access in addition to the three traditional classes of users. ... The main advantage of . . .
"Apache Week visited the RSA Security conference in Munich last week to see the latest trends in cryptography and how they affect Apache users. ... Over the last year there have been a number of changes that affect users wishing . . .
As Linux continues to gain momentum in the application server arena, so does the need for robust utilities such as backup programs. . . .
Introduction If you examine the security problems reported with stolen credit card numbers or web server defacements in the last few months, it becomes obvious that many web applications have been slapped together with little care or planning for security. . . .
Here's an article that talks about keeping your site safe. It is a discussion of some commercial security products, some of which run on Linux. "Still, there's a more insidious threat that such technologies don't guard against: actions . . .
"Establishing a Web presence can be crucial to a company's success, but the wrong moves can tarnish your image." This article "... gives tips on how to safely develop and deploy websites and how a comprehensive information technology policy . . .
A pair of House lawmakers on Wednesday introduced legislation that would exempt private companies from liability for sharing information with the federal government and each other on ways to beef up computer security. . . .
This new version of bind (not for production use yet) includes support for IPv6, many security improvements, protocol and operational improvements and especially support for DNSSEC. The quicklist of security improvements include: Support for DNSSEC, Support for TSIG, Auditability . . .
The provider of the Sendmail Internet Mail platform, which drives most of the Internet's mail servers, last week debuted the Sendmail Secure Switch, routing software that provides server-level encryption for E-mail transmissions. The software automatically encrypts the Simple Mail Transfer . . .
Updated. This is an analysis of the "Shaft" distributed denial of service (DDoS) tool. Denial of service is a technique to deny access to a resource by overloading it, such as packet flooding in the network context. Denial of service . . .
A company that makes popular software to block children from Internet pornography is suing two computer experts for distributing a method for children to deduce their parents' password and access those forbidden Web sites. . . .