Security Projects
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
This is the first in a series of posts detailing the journey and experiences of Joseph Sokoly as a first time speaker in InfoSec. Continuing on the
The IT security job market is booming -- but that doesn't mean everyone is automatically getting a job, or the right job. And just like the threat landscape is rapidly evolving, so are the qualifications and qualities needed for positions in the security profession.
Mozilla launched a tool that lets users of rival browsers, including Internet Explorer (IE), Chrome, Safari and Opera, determine whether important add-ons may be vulnerable to attack.
When Oracle bought Sun, there were many unanswered questions about Sun's open-source portfolio of programs. Over a year later, we still don't know, for example, if OpenSolaris is going to have Oracle's support. We now know, however, that OpenSSO, an open source access management and federation server platform, will live on as a product under the new open-source company ForgeRock.
Security Consultant and Trainer Joe McCray has been hacking into the Department of Defense (DoD), Federal Agencies, Financial Institutions, and other big companies for years - legally of course. He's a Penetration Tester, a term used to describe a computer security consultant that hacks into companies in order to demonstrate security weaknesses.
Do SQL injections turn you on? How about double SQL injections? If the answer is
Google's online tutorial for web developers includes a server which demonstrates typical vulnerabilities for them to virtually exploit. The tutorial consists of two elements: an intentionally unsafe mini-blog web application
The Apache Software Foundation runs its open source projects on a hierarchy of principally three levels, top-level projects (TLPs), sub-projects and incubated projects. Achieving the TLP status is a major milestone for an open source effort and this week Apache announced that six projects were being graduated to TLP status.
The Apache Software Foundation, developer of open source software, on Tuesday is announcing the creation of six Top-Level Projects, including the Apache Traffic Server for caching and Apache Mahout, implementing machine-learning algorithms atop the Apache Hadoop distributed computing platform.
Last week, I got on the phone with HD Moore to ask him how things have been going since he sold Metasploit to Rapid7, sending the open source security world into a frenzy some six months ago. Rapid7 had just released the commercial version, dubbed Metasploit Express, of Moore's much beloved open source penetration testing tool.
Symantec's Francis deSouza lays out the requirements for a more practical way of addressing information security threats. The recent the Hydraq attacks were the latest example of just how radically the Internet threat landscape has changed over the past few years, and how vulnerable companies and their information stores are to cyber attacks.
An increasing number of people are asking us about the recent paper coming out of Inria in France around Bittorrent and privacy attacks. This post tries to explain the attacks and what they imply.
Our next entry for the "The $100.00 (USD) Coolest Linux Workspace Contest" was sent all the way from the Netherlands by a digital forensics student named Huseyin. He is also working as an intern at an IT-audit company and described Linux as the best OS to do research on. If ever chosen as the grand winner, he says he will use the $100 to buy another 1TB hard disk drive since the 3TB of HDDs that he already have are not enough --probably because of lots of legal evidences to store :-)
In his first column as CSO's Career Catalyst, Michael Santarcangelo outlines three essentials everyone needs to consider to make security work more than just a job. Have you ever wondered about the difference between a job and a career? I have.
My ZDNet blogging colleague Jason Perlow has switched his systems over to Linux after his Facebook account was compromised. Can plucky
With Facebook Connect being abandoned in its favor, and a new draft specification before the IETF, OAuth is shaping up as the cornerstone of identity management for cloud-based applications and services. eWEEK Labs Senior Analyst P. J. Connolly looks at what's behind the seamless access to services on social media sites such as Facebook, LinkedIn and Twitter.
Countries negotiating a major cross-border agreement to crack down on intellectual property crimes have agreed to release previously secret draft language of the controversial accord this week.
So far we have established the value of properly implementing password self-service and successfully tackled building effective password governance. The next step is to develop "challenge questions."
On October 5th, 2009, around the time of the 0.95.3 release of ClamAv, the popular Open Source anti-virus scanner, the ClamAV team announced that as of April 15th, 2010, versions prior to 0.96 would stop being able to receive pattern updates, in effect, killing the program.