Security Projects - Page 39.25

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines, designed to be as ...
Apr 08, 2024
  0

New GitHub Actions Enhancements Boost Security & Power

Recent enhancements have been made to GitHub Actions, a...
Apr 03, 2024
  0
31.Lock DigitalRoom Esm H115

Tails 6.1 Released with Security, User Experience Enhancements

Tails 6.1 has been released as the latest version of th...
Mar 27, 2024
  0
10.FingerPrint Locks Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

UTM Firewalls: Ready For the Enterprise

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I once saw a football game where the defensive tackle was just not holding up his game. Runs kept going through his assigned slot, and the offense hammered that side relentlessly. Fortunately for him, they shifted the defense so the middle linebackers could plug up the hole, effectively nullifying any plays going to that side. This article does go over many benefits of Unified Threat Management (UTM) firewalls - all your antivirus, malware, etc. detection and blocking in one layer. The aim of this seems to be ease of management. However, I"m reminded of UTM firewalls the same as that offensive line I previously mentioned. What's the use of an all-star lineup if there's a hole to be exploited? This is where "security in layers" shows its strengths - difficulty of setup is just one sacrifice you pay in order to have a secure system.

LS Hmepg 337x500 34 Esm H200

Open Source Security, Part 2: 10 Great Apps

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For everyone who loves lists, this article brings you a quick roundup of 10 great open-source applications that have a penchant for security in mind. What do you think of this list? See any other good open-source app you would recommend for anyone running a secure server setup?

LS Hmepg 337x500 34 Esm H200

Antivirus Tools Underperform When Tested in LinuxWorld 'Fight Club'

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

LinuxWorld hosts a battle royal of anti-virus software in an AV 'FightClub' - 10 AV products are put up against 25 viruses to see who is still left standing. Don't worry, open-source enthusiasts, ClamAV performed in the top-tier, being one of only 3 tools that detected and properly blocked those viruses. Certain tools couldn't even catch 10% of the viruses. This just goes to show just how effective open source can be especially in the world of "taken for granted" anti-virus programs.

LS Hmepg 337x500 34 Esm H200

The New Linuxsecurity.com!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As Linux and security evolves, so has Linuxsecurity.com! Since 1996, Linuxsecurity.com has been the most comprehensive resource for all things in the world of security and open source. And as open source continues its rise in securing the world's information, we are continuing our pursuit in being at the forefront of this exciting growth. So we are unveiling the new look of Linux Security.

LS Hmepg 337x500 34 Esm H200

Learn to use Metasploit - Tutorials, Docs & Videos

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It seems these days you can't get into a discussion about security tools without having Metasploit, the open-source exploit framework, being mentioned. This day is no different. Due to a recent surge of research and development by the creators of Metasploit, the author of this article decided it would be a good idea to have a compilation post of resources including history, docs, and videos of the framework in action. Read on to find out what all the fuss is aboot. Oh yea, did I mention it was written in Ruby?

LS Hmepg 337x500 34 Esm H200

Detecting "Off Port" Services

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Anyone who has used Linux long enough will look at numbers such as 22 and 80 in a totally different light than everyone else. Default port numbers are expected to be hammered with tons of packets day to day, from legitimate user requests to probes sent by nmap scans. Changing services such as SSH and FTP to non-default numbers are not only a tactic for securing your server - they're a tactic for malicious users to hide these services as backdoors once a system is compromised. Read on to see how scanning tools such as Passive Vulnerability Scanner and Nessus can be used to scan for these "off port" services.

LS Hmepg 337x500 34 Esm H200

Virtual Hosting With vsftpd And MySQL On Debian Etch

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Layers upon layers of security should make anyone feel warm and fuzzy about their secured application. I like the fact that if anyone is going to root me, they're going to have to WORK for it. FTP was always an area where I felt it could use a little more work in locking down its defenses. Enter Vsftpd along with a tag team partner of virtualization, and you've got a how-to of sandboxing your FTP server into a virtual environment.

LS Hmepg 337x500 34 Esm H200

Pixy - An Open-Source Vulnerability Scanner for PHP Applications

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In the months following the PHP "Month of Bugs", we have seen all sorts of exploits developed and publicized ranging from the obscure to warnings of vulnerable WordPress-based blogs. How do you know if your PHP applications are not affected by a bug, or worse yet, already compromised? Bring in a new tool from Secure Systems Lab - Pixy, an open source vulnerability scanner for PHP applications. Get this before they get you!

LS Hmepg 337x500 34 Esm H200

With RHEL 5, Red Hat goes to bat for SELinux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

IT managers that want to secure their Linux environments and keep things running smoothly have a very powerful tool at their disposal: Security Enhanced Linux, or SELinux, an implementation of mandatory access controls originally developed by the National Security Agency (NSA) and integrated in to most mainstream Linux distributions.

LS Hmepg 337x500 34 Esm H200

Open Source Vulnerability Reporting Solution Launched

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Palamida announced that it has extended the reach of its extensive compliance library and launched a new service, the Vulnerability Reporting Solution (VRS). VRS works seamlessly with Palamida's code audit compliance solution, IP Amplifier, to identify, prioritize, and report known vulnerabilities within open source code used in customers' projects.

LS Hmepg 337x500 34 Esm H200

What's FireGPG?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

FireGPG is a Firefox extension which brings an interface to crypt, decrypt, sign or verify the signature of a text in any web page, using GPG. It will support some webmails. Right now, only GMail1 is supported, some useful buttons are added in the interface of this webmail.

LS Hmepg 337x500 34 Esm H200

OSSEC v1.1 Available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. This new version comes with numerous new features, including support for Microsoft IIS 6, Cisco VPN concentrator, Cisco PIX VPN AAA, Cisco FWSM and Solaris 10

LS Hmepg 337x500 34 Esm H200

Getting to Know the Enemy Better

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

MARCH 1, 2007 | ARLINGTON, Va. -- Black Hat DC -- Experts agree: The best way to secure applications is to build security in during the development phase. The problem is that there are few standards or templates for doing it. But that situation is about to change, according to speakers at the Black Hat conference here today. In fact, draft guidelines for specifying common security weaknesses and common attack patterns could be just weeks away.

LS Hmepg 337x500 34 Esm H200

OSSEC v1.0 available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, *BSD, Windows and Mac. This version comes with numerous new features and bug fixes, including support for registry monitoring on Windows, dynamic/nat'ed IP addresses in the server/agent communication, ASL (Apple system log), Lotus domino , Symantec AV, Windows RAR.

LS Hmepg 337x500 34 Esm H200

Free bug scan offered for Java apps

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Code auditing firm Fortify Software announced on Monday that the company is teaming up with quality-testing project FindBugs to offer a free scanning service to any Java programmer aimed at automatically detecting quality defects and security bugs. The project, dubbed Java Open Review, will allow any project written in Java to be submitted by a contributor to be scanned using both Fortify's auditing tool and the FindBugs engine. The two organizations have already scanned ten open-source projects written in Java, including the Azureus Bittorrent application, the Zimbra Web e-mail server, and the Apache Tomcat Java server.

LS Hmepg 337x500 34 Esm H200

OSSEC HIDS v0.9-3 Available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows. This new release comes with multiple features, including support for Modsecurity logs, MS exchange, MS FTPD and Windows firewall logs. It also includes a port to HP-UX and numerous bug fixes and new features.

LS Hmepg 337x500 34 Esm H200

Scalable anonymity with I2P

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Invisible Internet Project (I2P) is a work in progress whose aim is to provide a secure version of the IP protocol that addresses threats common to the standard TCP/IP networking infrastructure -- most importantly, the effortless identification and tracking of participating peers. In I2P, each participating peer keeps a secret pool of inbound, or data-receiving, and outbound, or data-transmitting, tunnels it chooses itself. A tunnel consists of a configurable number of routers in sequence, where longer tunnels mean more anonymity, at the expense of performance.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved