Security Projects - Page 34

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

run0, A Safer Alternative to sudo, Introduced in Systemd v256

German software engineer Lennart Poettering recently presented run0, a new tool in systemd v256 that aims to address the security concerns associated with the widely used sudo command. Let's explore run0's implications for Linux admins and secur...
May 04, 2024
  0

How Debian 12 is Redefining Stability and Innovation in Open-Source OSes

The latest release of Debian, one of the oldest and mos...
May 01, 2024
  0
8.Locks HexConnections CodeGlobe Esm H115

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

A significant change has been merged into the x86 fixes...
Apr 08, 2024
  0
19.Laptop Bed Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

Honeynet: Google Summer of Code 2010 Updated Ideas Page and Student Applications Open

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

On March 29th Google officially began accepting applications from students for Google Summer of Code 2010, which the Honeynet Project is very exicted to be participating in again this year as a mentoring organisation. We've recently updated our project ideas page and mentor information and students have until 19:00 UTC on Friday April 9th to apply (you can either chose one of our ideas or propose your own).

LS Hmepg 337x500 34 Esm H200

Moodle 1.9.8 Tackles Security Vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Moodle has released an update to its open source learning management system for Mac OS X, Windows, and Linux. Moodle 1.9.8 includes a number of small improvements and bug fixes but also addresses nine security vulnerabilities, including two that Moodle developers have labeled as "critical" and five as "major." Moodle has also released a parallel update to the 1.8 branch, version 1.8.12, which includes comparable changes.

LS Hmepg 337x500 34 Esm H200

Ways to Justify Security Programs: 13 Cs

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

My last post Forget ROI and Risk. Consider Competitive Advantage seems to be attracting some good comments. I thought it might be useful to mention a variety of ways to justify a security program. I don't intend for readers to use all of these, or to even agree. However, you may find a handful that might have traction in your environment.

LS Hmepg 337x500 34 Esm H200

Code Writers Finally Get Security? Maybe

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new study finds software writers increasingly intent on baking security into their code writing, and Microsoft gets high marks for helping the process along. Security practitioners often rant about sloppy software writing as the main reason attacks flourish. But newly released survey results suggest code writers are slowly starting to get it.

LS Hmepg 337x500 34 Esm H200

The Mac Hacker Strikes Again

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Charlie Miller has a habit of publicly upending Apple's security claims. Real cyberspies may be doing the same thing in private. Charlie A. Miller loves his Macbook Pro laptop. And his four other Apple PCs, the iPhone he uses daily and two older iPhones he keeps for tinkering. But his relationship with the company that created those gadgets is somewhat more complicated.

LS Hmepg 337x500 34 Esm H200

New Live Hacking Channel on YouTube; Ethical Hacking Tutorials Free For All

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Dr. Ali Jahangiri, a leading information security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, is pleased to announce that he has created a channel on the popular online video site YouTube to share his free educational videos on ethical and white hat hacking. The new videos form part of the growing 'Live Hacking' brand which includes a book, workshops and a dedicated ethical hacking Linux distribution.

LS Hmepg 337x500 34 Esm H200

7 Reasons Why Your Company Needs a Privacy Policy

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Non-attorneys are often (justifiably) baffled at why lawyers take 3,000 words to say what normal people say in 300 and a handshake. At the risk of defending verbosity, it turns out that behind each handshake contains a wide range of non-standard assumptions. Many (if not most) disputes arise when there is a misunderstanding about an unspoken assumption

LS Hmepg 337x500 34 Esm H200

Unicode Security Considerations

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ecause Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This is especially important as more and more products are internationalized. This document describes some of the security considerations that programmers, system analysts, standards developers, and users should take into account, and provides specific recommendations to reduce the risk of problems.

LS Hmepg 337x500 34 Esm H200

Ultra-secure Firefox offered to UK bank users

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

UK users are being offered a 'hardened' version of Mozilla Firefox that can secure access to online bank accounts, maker Network Intercept has announced. Although the security built into the browser is identical in its workings to the US version which has been available for some weeks, the Secure-Me browser does feature some necessary localisation.

LS Hmepg 337x500 34 Esm H200

Distributed Open Proxy Honeypots

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This project will use one of the web attacker's most trusted tools against them - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.

LS Hmepg 337x500 34 Esm H200

Five Security Missteps Made in the Name of Compliance

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Compliance pressures often push companies to make security improvements they wouldn't have tackled otherwise. More budget goes toward technology needed to protect customer data. New policies are created to rein in what employees do online with company machines. But there's a dark side to this story.

LS Hmepg 337x500 34 Esm H200

Secure software development is difficult, but tools, techniques improving, expert says

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The SANS Institute and MITRE Corp. issued an update to the CWE/SANS Top 25 Programming Errors List last week, focusing mitigation techniques that could be adopted into the security development lifecycle to help avoid multiple security bugs. But one expert says that while the programming error list helps contribute to improving software development, actually getting companies to implement a more secure software development process is a different story.

LS Hmepg 337x500 34 Esm H200

SANS Names Top 25 Programming Errors

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When it comes to programming errors, some are more common than others. A new report from the SANS Institute identifies the top 25 programming errors that have led to nearly every type of IT security threat over the last year. The report draws on the input of 28 different groups including those in government and the private sector and leverages the CWE (Common Weakness Enumeration) numbering system to label vulnerabilities.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved