Security Projects - Page 40.75

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines, designed to be as ...
Apr 08, 2024
  0

New GitHub Actions Enhancements Boost Security & Power

Recent enhancements have been made to GitHub Actions, a...
Apr 03, 2024
  0
31.Lock DigitalRoom Esm H115

Tails 6.1 Released with Security, User Experience Enhancements

Tails 6.1 has been released as the latest version of th...
Mar 27, 2024
  0
10.FingerPrint Locks Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

SCADA system makers pushed toward security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Idaho National Laboratory and the New York State Office of Cyber Security and Critical Infrastructure have teamed up with utilities and makers of distributed control system software to offer advice on how to make system security a major part of the critical infrastructure.

LS Hmepg 337x500 34 Esm H200

OSSEC HIDS v0.9 Available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows.

LS Hmepg 337x500 34 Esm H200

Visa, MasterCard Unveil New Security Rules

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said last week. The rules will be the first major update to the one-year-old Payment Card Industry data security standard, which analysts said is slowly but surely being adopted.

LS Hmepg 337x500 34 Esm H200

Protecting Sensitive Data: Researchers Develop Fail-Safe Techniques for Erasing Magnetic Storage

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

After a U.S. intelligence-gathering aircraft was involved in a mid-air collision off the coast of China four years ago, the crew was unable to erase sensitive information from magnetic data storage systems before making an emergency landing in Chinese territory. That event underscored the need for simple techniques to provide fail-safe destruction of sensitive data aboard such aircraft. Working with defense contractor L-3 Communications Corp., scientists at the Georgia Tech Research Institute (GTRI) have developed a series of prototype systems that use special high-strength permanent magnets to quickly erase a wide variety of storage media.

LS Hmepg 337x500 34 Esm H200

Security Onus Is on Developers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

During last month's JavaOne Conference in San Francisco, Fortify Software convened a panel to discuss the role of application developers in software security and the need for appropriate development technology, without which genuine security is impossible to achieve.

LS Hmepg 337x500 34 Esm H200

John the Ripper Pro

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is to announce three things at once: 1) I have started making and maintaining commercial releases of John the Ripper password cracker, known as John the Ripper Pro. 2) A new version of the tiny POP3 server, popa3d 1.0.2, has been released adding a couple of minor optimizations specific to x86-64 to the included MD5 routines. 3) A new version of the password hashing package (for use in C/C++ applications and libraries), crypt_blowfish 1.0.2, has been released adding a minor optimization specific to x86-64.

LS Hmepg 337x500 34 Esm H200

The Intelligence Cycle for a Vulnerability Intelligence program on-the-cheap

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A Vulnerability Intelligence program should be a key component of any sound network security strategy. It should dovetail with a Vulnerability Assessment process and a patching/remediation process. While a Vulnerability Assessment process will tell you what needs to be patched, Vulnerability Intelligence should tell you what needs to be patched first and what new patches need to be evaluated.

LS Hmepg 337x500 34 Esm H200

John the Ripper 1.7.2

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

John the Ripper 1.7.2 (a "development" version) adds bitslice DES assembly code for x86-64 making use of the 64-bit mode extended SSE2 with 16 XMM registers. You can download it at the usual location: John the Ripper password cracker.

LS Hmepg 337x500 34 Esm H200

Holes in the Linux Random Number Generator

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

his new paper which is about to appear later this month (May, 2006) on the IEEE security and privacy conference describes holes in Linux's random number generator, as well as a clear description of the Linux /dev/random. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about $2500$ lines of code) is poorly documented, and patched with hundreds of code patches.

LS Hmepg 337x500 34 Esm H200

PHP.Hop - PHP Honeypot Project

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

PHP HoP is an open source project for: * Application-based low-level interaction honeypot * Dealing with web threats PHP HoP has already been used to : * Fool different kind of web attackers (audit tools, manual hax0rs...) * Create real statistics about the first top10 commands used by an intruder. * Steal malware (PHP, C, Perl) that attackers wanted to upload * Identify evil behaviours and learn about current web threats

LS Hmepg 337x500 34 Esm H200

The man behind OSSTMM

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Pete Herzog, founder of ISECOM and creator of the Open Source Security Testing Methodology Manual (OSSTMM) talks with Federico Biancuzzi about the upcoming revision 3.0 of the OSSTMM. I'm Pete Herzog, managing director of ISECOM. I live in a small town in Catalonia just outside of Barcelona. It's also where I work part of the year. The other part of the year I work in the US. ISECOM is a non-profit, registered both here and in New York State, USA, with the aggressive mission to "make security make sense".

LS Hmepg 337x500 34 Esm H200

Version 0.7 of the OSSEC HIDS is now available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OSSEC HIDS is an open source host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. This is one of the most improved versions so far. It now includes support for squid, pure-ftpd, postfix and AIX ipsec logs (in addition to a lot of improvements to the previous rules).

LS Hmepg 337x500 34 Esm H200

Computer Forensics Tool Testing (CFTT) Project

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware.

LS Hmepg 337x500 34 Esm H200

Bringing Botnets Out of the Shadows

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Nicholas Albright's first foray into some of the darkest alleys of the Internet came in November 2004, shortly after his father committed suicide. About a month following his father's death, Albright discovered that online criminals had broken into his dad's personal computer and programmed it to serve as part of a worldwide, distributed network for storing pirated software and movies.

LS Hmepg 337x500 34 Esm H200

Finding Security's Next 'American Idol'

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It's like an "American Idol" for security geeks. Students at the Georgia Institute of Technology prep, sweat and show their stuff while a panel of critics decides their fates. But unlike the popular "reality" TV show, judges aren't determining who can best carry a tune. Instead they weigh students' ideas for making information security more user-friendly, with $50,000 -- enough cash to fund a project for 12 months -- hanging in the balance.

LS Hmepg 337x500 34 Esm H200

How to Create RFID Access for Your Front Door

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are many uses for RFID such as supply chain management, but access control is one of the most relevant applications for personal use. Many people use RFID access cards to get into buildings, use elevators, or even open the doors to those special penthouse type hotel suites. Setting up your own front door (or any door for that matter) with an RFID enabled access mechanism is pretty easy.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved