Security Projects - Page 31
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and used a non-Ubuntu-traditional Window Manager, with no DM.
Both types of attack have increased in the past year, according to the 2010 Verizon Data Breach Investigations report in partnership with the US Secret Service. This is the first time private and commercial data has been combined in a data breach report, said Matthijs Van der Wel, head of the EMEA forensics team at Verizon Business.
Rackspace announced the OpenStack project today, open sourcing much of the software it uses to run its own cloud. I spoke with Rackspace
Just before the Black Hat security conference begins, Google has patched seven security holes in its stable version of Chrome and has begun an effort to speed up the software industry's response to such vulnerabilities.
A Norwegian startup is assuming responsibility for maintaining an open source web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January. The company, ForgeRock, has released a new version of Sun's Open Single Sign On (OpenSSO) Enterprise software, called OpenAM, that adheres to the OpenSSO roadmap established by Sun.
Yahoo is considering investing in hackers with good ideas and technologies, a company executive said on Saturday. "We are open to many ways of having a stake in creative young companies," said Jeff Kinder, Yahoo
Symantec has released the July 2010 MessageLabs Intelligence Report which contains the usual interesting and relevant facts regarding trends in spam and malware. Of particular interest in this report, though, is the fact that attacks exploiting shortened URLs have skyrocketed, and that a new approach is needed to protect against the rising threat.
Just four days after Mozilla announced it was increasing the bounty paid for critical security bugs in its software to $3,000, Google has upped the ante, saying that it will now pay $3133.70 for the most severe bugs researchers find in Chromium.
In a corner of a Panera Bread store, amid the clatter of dinner plates and orders recited over a warbling sound system, a group of men and a woman gathered last week, laptops open. They threw around terms like "botnets" and "onion routers" with ease, talked about microcontrollers and how to crack into a computer database should the need arise to test their own computer defenses.
The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month here.
Wu Shi, a security researcher in Shanghai, has become one of the world's top browser bug hunters. If tough love is the best way to fix the world's software, then Wu Shi may be one of the information security industry's unsung heroes.
Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.
The Google Chrome browser allows the installation of third-party extensions that are used to extend the browser to add new features. The extensions are written in JavaScript and HTML and allow manipulation of the DOM, amongst other features.
According to U.S. government estimates, incidents of enterprise data loss cost businesses more than $100 billion in a single year. As threats to enterprise data grow more sophisticated, it's imperative for businesses to implement a comprehensive data security strategy. But where to start?
Security is very old in most respects, yet very young in others. As a corporate discipline, security unfortunately languished for years in the basement. Today, as organizations come to grips with a wide swath of risks, the 2010 State of the CSO survey shows those organizations are rapidly adopting more sophisticated view of security. Of course, there's more work to be done--most prominently in the areas of security metrics and awareness programs.
Tom Bicer wrote in to tell us about some interesting development amongst the SSL certificate providers. Comodo made a press release announcing that they found some vulnerabilities related to Verisign's certificate and had advised Verisign on the vulnerabilities.
The Public Interest Registry, which operates the .org generic top-level domain, announced today that it has completed deployment of Domain Name System Security Extensions, which provide an additional level of security to the DNS. The full deployment tops off a two-year deployment and testing period of DNSSEC in 18 live
The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP
Firefox users worried about Internet eavesdropping are being offered a new way to encrypt their interaction with a range of popular websites, including Facebook and Twitter.