We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The developer behind the grsecurity project, Brad Spengler, has pointed out that most of the privilege control capabilities implemented under Linux carry a significant potential for compromising a system and wreaking other havoc.
Every developer knows the importance of issuing security patches. Unexpected bugs that lead to software vulnerabilities are virtually unavoidable; the key is to acknowledge them when they're discovered and issue fixes before they can be widely exploited. But what do you do when you believe vulnerabilities may have been introduced into your code base intentionally?
As 2010 drew to a close, I received a note from a colleague reflecting on the year part and thanking me for my mentorship and counsel. Reading his note reminded me that often the best path forward starts by looking back. As we welcome a new year full of ambition and opportunity, this is the perfect time to reflect on the previous year(s) to set the stage for a productive and successful 2011.
Security of industrial Open Source software starts at establishing trustworthy sources from the outset - this small effort will not provide 100% security but, nevertheless, a clear increase. The Stuxnet virus incident should remind us that we need to know what is going on inside the software that we trust not only our economic livelihood on but also our safety. Open Source is not exempted in any way from use with malicious intent.
Are you running Linux just because you think it's safer than Windows? Think again. Sure, security is a built-in (and not a bolt-on) feature and extends right from the Linux kernel to the desktop, but it still leaves enough room to let someone muck about with your /home folder.
This describes how to set up ssl certificates to enable encrypted connections from PgAdmin on some client machine to postgresql on a server machine. The assumption is that postgresql (compiled with ssl support) and openssl are already installed and functional on the server (Linux). PgAdmin is already installed on the client (either Windows or Linux).
If Marcus Ranum were your CISO, this would be his resolution for 2011: To plan a "War Games" style exercise. "It's very enlightening for everybody," says Ranum, a noted security thought-leader, :and it actually helps a great deal in helping sell the need for security to the entire executive team."
So far, the analyses of OpenBSD's crypto and IPSec code have not provided any indication that the system contains back doors for listening to encrypted VPN connections. The OpenBSD developers started the code audit to investigate allegations made by Gregory Perry, the former CTO of crypto company NetSec. In an email to OpenBSD founder Theo de Raadt, Perry had accused developer Jason Wright and others of having built back doors into the IPSec stack. De Raadt made the email public and presented Perry's allegations for discussion.
Marking nearly 10 years of Openwall GNU/*/Linux, the Openwall Project developers have released version 3.0 of Openwall. Openwall GNU/*/Linux, also known as Owl for short, is a small, security-enhanced distribution of Linux aimed at servers, appliances and virtual appliances.
The Ethical Hacker Network (EH-Net) is more than a free online magazine for security professionals as it also acts almost like an educational portal for newbies interested in security. Every year like a Christmas tradition, EH-Net features a holiday hacking challenge written by security attack and defense guru Ed Skoudis. The 2010 skills challenge is The Nightmare Before Charlie Brown's Christmas.
Exploitation of just ONE software vulnerability is typically all that separates the bad guys from compromising an entire machine. The more complicated the code, the larger the attack surface, and the popularity of the product increases the likelihood of that outcome. Operating systems, document readers, Web browsers and their plug-ins are on today
Google has released the Android 2.3 Gingerbread source code, one day after Samsung's Nexus S smartphone went on sale in the US. The Nexus S is the first device to run the new Android operating system and comes equipped with Near Field Communications technology used to make micro-payments via the smartphone.
WikiLeaks has gone down, returned, gone down again, returned and other sites have been taken down by supporters of WikiLeaks like Visa.com. From a technical standpoint, what is happening exactly and what will happen next in this ongoing cyberspace saga? HuffPost Tech asked SafeCentral CTO Ray Dickenson to help us break it all down based on his Internet security expertise.
Joseph Idziorek, graduate in electrical and computer engineering, has been researching computer security. The study conducts research on sites that have been experiencing denial of service attacks, in which hackers try to get unauthorized access and hinder them.
A disproportionate number of people downloading the open source DIY tool being used to launch DDoS attacks on companies deemed hostile to Wikileaks appear to be based in the UK, new figures have suggested.
German mail service Deutsche Post recently launched a contest called Security Cup in which teams of hackers compete for money to find the company
With Red Hat Enterprise Linux 6 now cutting its way into the enterprise-calibre open source operating systems space, there is much to talk about as the terms security and virtualisation are increasingly used to highlight its key new features.
You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?
Google has released a test version of its Chrome browser that extends its renowned security sandbox to Adobe's heavily abused Flash player.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
