Linux Network Security - Page 11

Discover Network Security News

Warning: Undefined property: stdClass::$helix_ultimate_image in /var/www/www.linuxsecurity.com-443/html/templates/newsberg/html/com_content/category/blog_item.php on line 54

Warning: Undefined property: stdClass::$helix_ultimate_image in /var/www/www.linuxsecurity.com-443/html/templates/newsberg/html/com_content/category/blog_item.php on line 55

DHS Advocates RPKI For Secure Internet Routing Against Threats

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The U.S. Department of Homeland Security has spent $3 million over the past few years on research aimed at bolstering the security of the Internet's routing system. Now, as this research is being deployed across the Internet, DHS wants government agencies and their carriers to be among the earliest adopters of the new Resource Public Key Infrastructure (RPKI) system that it helped create.

Alex
Dec 15, 2010

Mozilla Firefox 4: Security Advisory on WebSocket Protocol Design Flaw

Due to a vulnerability in the design of the WebSocket protocol, the Mozilla Foundation has decided to disable support for this protocol in the forthcoming Firefox 4 Beta 8 release. The vulnerability in the code for transparent proxies can potentially be exploited to poison the proxy cache and inject manipulated pages.

Anthony Pell
Dec 09, 2010

Cloud and Outsourcing Challenges for Application Security Control

The cloud -- and outsourcing in general -- breaks off pieces of the stack beneath any given application. That removes the stack from an enterprise CISO's control, and that's not good.

Alex
Dec 08, 2010

VeriSign Launches Cloud-Based DNSSec Signing Service for Registrars

VeriSign has announced the rollout of its cloud-based DNSSec Signing Service for registrars, which allows DNSSec provisions to be added to second-level domain names. Pat Kane, assistant general manager of naming services at VeriSign, told V3.co.uk that progress being made is at the registry and root levels.

Alex
Dec 02, 2010

Exploring Resource Management in Linux and Cloud Development

Imagine a world where you can develop software unconstrained by the normal rules of software, which requires a local installation. CPU, memory, security...each of these issues are now someone else's problem.

Alex
Nov 26, 2010

Firmware Rootkits and Their Concealment Techniques by Guillaume Delugr

Security expert Guillaume Delugr

Alex
Nov 24, 2010

Rethinking Security Strategies for IPv6 Networks and Open Access

The switch from IPv4 to IPv6 will force many organizations to rethink the way their networks are defended. The result will be a shift away from the "guilty until proven innocent" attitude to incoming network traffic, toward one of "paranoid openness."

Anthony Pell
Nov 23, 2010

Exploring Techniques For Rootkit Implantation On Network Cards

Security researchers have demonstrated how it might be possible to place backdoor rootkit software on a network card. Guillaume Delugr

Alex
Nov 23, 2010

SANS Security Warning on IPv6 Migration Risks and Challenges

IT security teams must start preparing now for the increased security risks that may arise from implementation of the forthcoming IPv6 protocol, warned security training and research organisation the SANS Institute.

Alex
Nov 16, 2010

How Amazon GPU Instances Facilitate Rapid SHA1 Password Cracking Techniques

As we reported earlier today, Amazon is now offering a Cluster GPU Instance. Security blogger Thomas Roth decided to find out how quickly the system could be used to crack SHA1 hashes. He was able to crack 14 hashes with passwords ranging in length from one to six characters in 49 minutes. "This just shows one more time that SHA1 is deprecated," he writes.

Anthony Pell
Nov 16, 2010

Phreebird DNSSEC Toolkit Launch By Dan Kaminsky At Black Hat Abu Dhabi

Renowned researcher Dan Kaminsky tomorrow at Black Hat Abu Dhabi will release a free toolkit that lets organizations test-drive DNSSEC deployment and also demonstrates his claims that the protocol is simple to implement.

Anthony Pell
Nov 11, 2010

Survey Finds Confusion Over Data Responsibility in Cloud Environments

A recent survey of 384 business managers from large enterprises revealed that confusion abounds about cloud data security. More than three-quarters of the respondents couldn't say who they believe should be responsible for data housed in a cloud environment, while 65.4% said that the company from which the data originates, the application provider and the cloud service provider are all responsible, and another 13% said they were not sure.

Alex
Nov 05, 2010

Denial-Of-Service Attacks In Cloud: Impact On Business Operations

An old standby of cyber criminals--the denial-of-service attack--has become a new worry for data center operators. As companies increasingly use virtualized data centers and cloud services, new weaknesses have opened up in enterprise infrastructure.

Alex
Nov 03, 2010

VeriSign DNSSEC Implementation For Enhanced Domain Security

At the end of last week, US company VeriSign announced the roll-out schedule for the authentication of.com and .net zones. From the 9th of December, .net domains are to be authenticated via keys that are based on the new DNSSEC (Domain Name System Security Extensions) protocol and stored in the Domain Name System (DNS).

Alex
Nov 02, 2010

Overcoming Cloud Security Concerns in Multi-Tenant Applications

Here's to the multi-tenant application, an invention of the Internet age and without which many of the low-cost services, such as search and travel reservations, would be impossible. And here's to the multi-tenant doubters, such as Oracle's Larry Ellison, who recently questioned its "weak security model" and its "co-mingling of competitors' data."

Alex
Oct 28, 2010

Comcast Launches DNSSEC: Secure Web Traffic Against Scam Redirects

Comcast has begun migrating its customers to a new Internet security mechanism that will help protect them from being inadvertently routed to phony Web pages for pharming attacks, identity theft and other scams.

Anthony Pell
Oct 20, 2010

Facebook Introduces One-Time Passwords For Public Access Securely

Moving to enhance online security, Facebook on Tuesday said that it will soon offer users the ability to receive one-time passwords on their mobile phones and that it has already enabled the ability to sign out of Facebook remotely.

Alex
Oct 13, 2010

Top 6 Security Challenges for Enterprises and Their Respective Solutions

In modern enterprises, there's a similar perception of invulnerability. Yet, for every large organization that glides through the year without any mishaps, there are many stories about perilous break-ins, Wi-Fi sniffing snafus and incidents where Bluetooth sniper rifles were used to steal company secrets.

Anthony Pell
Oct 12, 2010

MySQL 5.1.51 Security Advisory: Critical DoS And Escalation Issues

Oracle has released version 5.1.51 of MySQL, a security update that addresses a Denial of Service (DoS) vulnerability in the open source database. According to security specialist Secunia, an error in the processing of arguments passed to the LEAST() or GREATEST() functions could be exploited by a malicious user to cause a server crash, leading to a DoS condition. All versions up to and including 5.1.50 are reportedly affected.

Alex
Oct 05, 2010

OAuth 2.0 Security Risks and Hacker Exploitation Insights

The emerging OAuth 2.0 web API authorisation protocol, already deployed by Facebook, Salesforce.com and others, is coming under increased criticism for being too easy to use, and therefore to spoof by malicious hackers.

Anthony Pell
Sep 23, 2010

Community Poll

More Polls