Security Projects - Page 38

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines, designed to be as ...
Apr 08, 2024
  0

New GitHub Actions Enhancements Boost Security & Power

Recent enhancements have been made to GitHub Actions, a...
Apr 03, 2024
  0
31.Lock DigitalRoom Esm H115

Tails 6.1 Released with Security, User Experience Enhancements

Tails 6.1 has been released as the latest version of th...
Mar 27, 2024
  0
10.FingerPrint Locks Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

New Version of Nmap Remotely Detects Conficker

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Nmap team has released an updated version that lets you remotely scan for machines Conficker-infected machines: Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the download page, including official binaries for Windows and Mac OS X.

LS Hmepg 337x500 34 Esm H200

OpenSSL 1.0.0 beta 1 Released!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

After many, many years of 0.9 status, the OpenSSL team has finally released a beta of version 1.0 of their software: Please download and test them as soon as possible. This new OpenSSL version incorporates 107 documented changes and bugfixes to the toolkit. Click-through to read the rest of the announcement!

LS Hmepg 337x500 34 Esm H200

PostgreSQL Team Soliciting Security Insight

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This message came across my INBOX this weekend: The PostgreSQL community is considering including security enhancements in Postgres 8.4, e.g. row-level permissions and SE-Linux security. However, to evaluate the patch and its usefulness, we need security experts who want to use this capability or have used it in other databases. If you use PostgreSQL and are interested in contributing in the discussion, click-through to read more!

LS Hmepg 337x500 34 Esm H200

James Morris: sVirt slides from LCA

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

James Morris just gave a presentation on sVirt at linux.conf.au this year and just posted his slides: The talk seemed to go reasonably well, and had a larger audience than I expected given that Tridge and Willy were talking at the same time. A video of the talk should appear online soon. If you're unfamiliar with the sVirt project this is a great way to get introduced to it, and if you're following the sVirt project this is still a good read!

LS Hmepg 337x500 34 Esm H200

Remote access using NX and OpenSuse 11.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Frank Neugebauer submitted the following: NoMachine NX is a solution for secure remote access, desktop virtualization, and hosted desktop deployment using compression, session resilience and resource management. It integrations a powerful audio, printing and resource sharing capabilities and makes it possible to run any graphical application (e.g KDE, Gnome etc.) across the network connection. Click-thru to see the rest of his tip!

LS Hmepg 337x500 34 Esm H200

RSBAC 1.4.0 released

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Amon Ott says: Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both Linux kernels 2.4.37 and 2.6.27.10. RSBAC 1.4 mainly introduces the new Virtual User Management feature which allows to isolate complete sets of users in so-called "virtual sets". Every user in every set can have individual passwords and access rights. Click-through to see the whole announcement, and to leave your opinions of RSBAC. Do you use it? If so, why?

LS Hmepg 337x500 34 Esm H200

Four Password Lockers To Keep Your Web Logins Secure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It is good practice to use a different password for each Web site you need to log in to. Good passwords tend to be long and contain a wide selection of characters. That can make remembering all your passwords difficult. But you can make things easier on yourself by storing passwords for various Web sites in an encrypted file on your computer. I'll take a look at a four programs that give you easy access to your passwords when you need them and protect the password file itself against compromise. Do you use any software to manage your passwords? This article looks at four of the more popular ones and reviews them.

LS Hmepg 337x500 34 Esm H200

Karmetasploit

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In 2004 Dino Dai Zovi and Shane Macaulay presented All Your Layer Are Belong To Us at Pacsec in Tokyo. This presentation focused on the insecure behavior of wireless clients. Accompanying the presentation was a tool called KARMA (KARMA Attacks Radioed Machines Automatically). This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application. The services side of KARMA was written in Ruby, making it a perfect match for integration with version 3 of the Metasploit Framework. Have you heard about the new security tool called Karmetasploit? It's said to work well for integrating with the Metaspliot Framework.

LS Hmepg 337x500 34 Esm H200

nUbuntu Development Kicking Off Again - Security LiveCD

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again! With over a year of inactivity, the latest alpha of nUbuntu 8.04 has finally surfaced. With this comes many new bug fixes and updates. All of the latest security and penetration tools are included to make this you

LS Hmepg 337x500 34 Esm H200

Linux Tool Speeds up Computer Forensics for Cops

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Australian university students have developed a Linux-based data forensics tool to help police churn through a growing backlog of computer-related criminal investigations. The tool was developed by students from Edith Cowan University's School of Computing and Information Sciences and will help the Western Australian Police Computer Crime Squad process their forensic investigations. Called Simple (for Simple Image Preview Live Environment), the software allows investigators to view and acquire forensic data at the scene of the crime without compromising the integrity of data as it is collected. There are tons of Linux forensics LiveCD distributions available, but what is your favorite?

LS Hmepg 337x500 34 Esm H200

Tmin - Test Case Optimizer for Automated Security Testing

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with external UI automation harnesses. Give this fuzzer a go and let us know what you think! Included in the article is a sample "hello world" script to fuzz "hello world" code, if that makes any sense. Why not check out the article to see what I mean?

LS Hmepg 337x500 34 Esm H200

browserrecon - Passive Browser Fingerprinting

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks. This implementation of client-side fingerprinting utilizes PHP to identify browsers by http requests. See how this application fares against other fingerprinting utilities that analyze header lines and values.

LS Hmepg 337x500 34 Esm H200

sqlninja 0.2.2 Released for Download - SQL Injection Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. With features such as evasion techniques, a more sophisticated upload module, and automatic URL-encoding, why not take a look at Sqlninja and see if your DB is secure today?

LS Hmepg 337x500 34 Esm H200

Project Announcement - oCERT - Open Source CERT

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

We are pleased to announce a new project called oCERT, the Open Source Computer Emergency Response Team. The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries. If you are a small project lacking security handling resources we can aid you in tracking down the extent and nature of potential compromises and security vulnerabilities and co-ordinate with all affected parties (like projects that ship your code). If you are a big project and/or Open Source vendor we can promptly communicate with you reports and vulnerabilities that might affect your codebase and infrastructure and help you out with your security requirements. Just because a project is open source does not ensure that it is totally secure. Check out the oCERT project for an attempt to help make open source security even better!

LS Hmepg 337x500 34 Esm H200

Webshag v1.00 - Web Server Auditing Tool (Scanner and File Fuzzer)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Fuzzing is always a lot of fun - throw as much pasta against the wall and something is bound to stick (at least that's what my mom would say). This tool provides interesting capabilities such as "retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames". Why not check the article out, download the tool, and start throwing some pasta today?

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved