Security Projects - Page 37Security Projects - Page 37.5

Discover Security Projects News

Pirate Bay Co-Founder Steps Down as Spokesman

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Peter Sunde, a co-founder of the Pirate Bay, said Monday that he

LinuxSecurity.com Team
Aug 04, 2009

Open-source project aims to makes secure DNS easier

Very cool. It would be really nice to see a review of this project, and follow it as it progresses. Is anyone interested in reviewing it and letting us know how you make out?A group of developers has released open-source software that gives administrators a hand in making the Internet's addressing system less vulnerable to hackers.

LinuxSecurity.com Team
Jul 30, 2009

Wireshark 1.2.1 fixes security vulnerabilities

The Wireshark developers have announced the release of version 1.2.1 of Wireshark, the popular open source, cross-platform network protocol analyser. In addition to over 30 bug fixes, the security update addresses seven vulnerabilities that could crash the application remotely or lead to a buffer overflow. The denial-of-service (DoS) vulnerabilities affect the IPMI, AFS, Infiniband, Bluetooth L2CAP, RADIUS, MIOP and sFlow dissectors. Versions from 0.9.2 up to and including 1.2.0 of Wireshark are affected and all users are advised to update.

LinuxSecurity.com Team
Jul 21, 2009

Hacker attack techniques and tactics: Understanding hacking strategies

This tutorial on hacker attack techniques and tactics will provide insight inside the mind of a hacker and help you to understand a malicious attacker's motives. You will receive advice on how hackers target specific information and what polices and procedures every organization should have in place to protect sensitive data.

LinuxSecurity.com Team
Jul 02, 2009

Blog Security Stats - Taking almost 2k blogs to a security

Sucuri submitted a great research document they created that details the security of random blogs on the Internet for their attention to security factors.Research to determine if bloggers are taking the security of their sites seriously. We randomly selected 1747 blogs from the blog catalog and scanned them to see how secure they are... The results are interesting... Check it out. It is indeed very interesting. I'd like to hear more from this security team in the future.

LinuxSecurity.com Team
Jun 09, 2009

Virtualisation and security

All new innovations in IT are a double-edged sword

LinuxSecurity.com Team
Jun 09, 2009

No Reboot Required

This article talks about Ksplice, a program developed by an MIT grad student to perform security updates on a Linux server without having to reboot it:The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute's $100K Entrepreneurship Competition. Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system--which is commonly used to control server machines--although Daher says that the technology could work on other operating systems too.In my experience, it's not necessary to reboot a Linux server unless you're doing a kernel update or some change to a filesystem. Do you see any purpose for this?

LinuxSecurity.com Team
May 20, 2009

Cloud Security: Danger (and Opportunity) Ahead

Have you thought about the security implications of cloud computing? This article explains the cloud, and talks extensively about what the author proposes be done to address the security issues. The dramatic change in the rate of adoption and the amount of discussion taking place regarding cloud computing demands that this technology, or rather a set of related technologies, continue to evolve utilizing a security-sensitive design.

LinuxSecurity.com Team
May 19, 2009

Software Problems with a Breath Alcohol Detector

This is an excellent lesson in the security problems inherent in trusting proprietary software: After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc. Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible.

LinuxSecurity.com Team
May 14, 2009

The Rocky Road To More Secure Code

I thought a national discussion about secure programming was important, despite that it's not specifically about open source. Homeland Security's Build Security In, Microsoft's Software Development Lifecycle (SDLC), BSIMM, and now OpenSAMM: Secure application development programs are spreading amid calls for more secure code. The practice of writing applications from the ground up with security in mind remains in its infancy, even with software giant Microsoft leading the charge by sharing its internal Software Development Lifecycle framework in the form of free models and tools for third-party application developers and customers in the spirit of promoting more secure software.

LinuxSecurity.com Team
May 06, 2009

Open Source Metrics On Tap For Security Patch Management

Securosis, Microsoft team up to solicit input for building a metrics model that measures efficiency and costs of security patching. Security consulting firm Securosis is spearheading a new effort to create metrics to quantify the cost and efficiency of an organization's security patching process.

LinuxSecurity.com Team
Apr 23, 2009

New Version of Nmap Remotely Detects Conficker

The Nmap team has released an updated version that lets you remotely scan for machines Conficker-infected machines: Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the download page, including official binaries for Windows and Mac OS X.

LinuxSecurity.com Team
Apr 03, 2009

OpenSSL 1.0.0 beta 1 Released!

After many, many years of 0.9 status, the OpenSSL team has finally released a beta of version 1.0 of their software: Please download and test them as soon as possible. This new OpenSSL version incorporates 107 documented changes and bugfixes to the toolkit. Click-through to read the rest of the announcement!

LinuxSecurity.com Team
Apr 01, 2009

Security Subsystem Improvements in 2.6.29

James Morris has a good summary of the changes introduced into 2.6.29 up over at his blog, go take a look!

LinuxSecurity.com Team
Mar 26, 2009

PostgreSQL Team Soliciting Security Insight

This message came across my INBOX this weekend: The PostgreSQL community is considering including security enhancements in Postgres 8.4, e.g. row-level permissions and SE-Linux security. However, to evaluate the patch and its usefulness, we need security experts who want to use this capability or have used it in other databases. If you use PostgreSQL and are interested in contributing in the discussion, click-through to read more!

LinuxSecurity.com Team
Jan 26, 2009

James Morris: sVirt slides from LCA

James Morris just gave a presentation on sVirt at linux.conf.au this year and just posted his slides: The talk seemed to go reasonably well, and had a larger audience than I expected given that Tridge and Willy were talking at the same time. A video of the talk should appear online soon. If you're unfamiliar with the sVirt project this is a great way to get introduced to it, and if you're following the sVirt project this is still a good read!

LinuxSecurity.com Team
Jan 23, 2009

Remote access using NX and OpenSuse 11.1

Frank Neugebauer submitted the following: NoMachine NX is a solution for secure remote access, desktop virtualization, and hosted desktop deployment using compression, session resilience and resource management. It integrations a powerful audio, printing and resource sharing capabilities and makes it possible to run any graphical application (e.g KDE, Gnome etc.) across the network connection. Click-thru to see the rest of his tip!

LinuxSecurity.com Team
Jan 22, 2009

RSBAC 1.4.0 released

Amon Ott says: Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both Linux kernels 2.4.37 and 2.6.27.10. RSBAC 1.4 mainly introduces the new Virtual User Management feature which allows to isolate complete sets of users in so-called "virtual sets". Every user in every set can have individual passwords and access rights. Click-through to see the whole announcement, and to leave your opinions of RSBAC. Do you use it? If so, why?

LinuxSecurity.com Team
Jan 16, 2009

Four Password Lockers To Keep Your Web Logins Secure

It is good practice to use a different password for each Web site you need to log in to. Good passwords tend to be long and contain a wide selection of characters. That can make remembering all your passwords difficult. But you can make things easier on yourself by storing passwords for various Web sites in an encrypted file on your computer. I'll take a look at a four programs that give you easy access to your passwords when you need them and protect the password file itself against compromise. Do you use any software to manage your passwords? This article looks at four of the more popular ones and reviews them.

LinuxSecurity.com Team
Oct 21, 2008

Fwknop - Port Knocking Tool with Single Packet Authorization

Port Knocking came about in around 2003, but it has various weaknesses. There are plenty of implentations though (some quite advanced). Most of the problems are fixed however by fwknop! fwknop stands for the

LinuxSecurity.com Team
Oct 08, 2008

Security Projects - Page 37.5

How Debian 12 is Redefining Stability and Innovation in Open-Source OSes

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

New GitHub Actions Enhancements Boost Security & Power