LinuxSecurity.com - Latest News

Tools To Delete Files Securely In Ubuntu Linux

Wed, 07 Jan 2009 08:00:00 +0000

LinuxSecurity.com: Deleting a file or reformatting a disk does not destroy your sensitive data. The data can easily be undeleted. That's a good thing if you accidentally throw something away, but what if your trying to destroy financial data, bank account passwords, or classified company information. In this article you will learn number of tools to delete files securely in ubuntu Linux. Did you ever need to reformat your hard drive? Are you sure that your data can't be recovered by anyone? If not this article looks at some tools to make sure what you deleted can't be recovered using Ubuntu.

Security Changes In The 2.6.28 Kernel

Tue, 06 Jan 2009 08:31:24 +0000

LinuxSecurity.com: Version 2.6.28 of the Linux kernel was released during Christmas, so I thought it'd be worthwhile waiting until after typical vacation days to post a summary of changes to the security subsystem. As always, thanks to the Kernel Newbies folk who track major kernel changes. Serge Hallyn added a dummy policy for SELinux to the kernel tree. This is useful for testing SELinux and a base for building minimal and experimental security policies. Have you noticed some of the security changes to the latest upstream Linux kernel? Read on for more information on these changes.

MD5 - The Internet has a Major Problem

Mon, 05 Jan 2009 08:44:16 +0000

LinuxSecurity.com: Firstly, allow me to recap. A couple of days ago, I reported a presentation at the Chaos Computer Club conference in Berlin which outlined a major problem with the way Certificate Authorities handle message hashing, essentially this attack relied on well-known problems with the MD5 hash algorithm. Problems based on hash collisions, which were previously considered to be theoretical having been discovered in 2004, were now well-lodged within the domain of reality. Have you heard about the news about the reported problem with how Certificate Authorities are handling message hashing? Read on for more information on some security issues with the current Certificate Authorities.

Helping Protect Cookies With HTTPOnly Flag

Mon, 29 Dec 2008 09:20:26 +0000

LinuxSecurity.com: The bottom line is this - while this cookie option flag does absolutely nothing to prevent XSS attacks, it does significanly help to prevent the #1 XSS attack goal which is stealing SessionIDs. While HTTPOnly is not a "silver bullet" by any means, the potential ROI of implement it is quite large. Notice I said "potential" as in order to provide the intended protections, two key players have to work together. This article looks at one way you can make your Web cookies more secure by using the Apache's extension called modsecurity. If you are interested in this please read on for more information and how you set this up on your own Apache web server.

Red Hat / CentOS: Chroot Apache 2 Web Server

Fri, 26 Dec 2008 10:00:00 +0000

LinuxSecurity.com: A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system. Chroot is great security practice to isolate an attack to only one part of ones system. If you are interested in using chroot check out this article it that will show you all the commands that you need.

LinuxSecurity.com - Latest News

Tools To Delete Files Securely In Ubuntu Linux

Security Changes In The 2.6.28 Kernel

MD5 - The Internet has a Major Problem

Top 5 Cybersecurity News Stories of 2008

Helping Protect Cookies With HTTPOnly Flag

Red Hat / CentOS: Chroot Apache 2 Web Server