Security Projects - Page 44.2

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines, designed to be as ...
Apr 08, 2024
  0

New GitHub Actions Enhancements Boost Security & Power

Recent enhancements have been made to GitHub Actions, a...
Apr 03, 2024
  0
31.Lock DigitalRoom Esm H115

Tails 6.1 Released with Security, User Experience Enhancements

Tails 6.1 has been released as the latest version of th...
Mar 27, 2024
  0
10.FingerPrint Locks Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

Security hole found in Mozilla browser

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The flaw, known as the "shell" exploit, was publicized Wednesday on a security mailing list, along with a link to a fix for the problem. Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released. Developers said the flaw affects only Windows users, not computers running the Macintosh and Linux operating systems. . . .

LS Hmepg 337x500 34 Esm H200

Hacker college

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"It's an amazing thing how insecure the big corporations are," said Echemendia during a break in the weeklong seminar. "It's just amazing how easy it is." Hackers are believed to cost global businesses billions of dollars every year, and the costs to defend against them are soaring. . . .

LS Hmepg 337x500 34 Esm H200

Latest Web services spec tackles application flaws

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OASIS addressed another layer of security concerns around Web services Wednesday when it ratified the Application Vulnerability Description Language (AVDL) 1.0 as a standard, the organization's highest level of ratification. AVDL is an XML schema that enables security products to communicate information about new and existing Web application vulnerabilities between themselves, according to AVDL Technical Committee co-chairman Kevin Heineman. . . .

LS Hmepg 337x500 34 Esm H200

Secure Development Framework

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This whitepaper deals with developing a secure framework, both for internal and outsourced development. Within this context, secure development is considered to be the process of producing reliable, stable, bug and vulnerability free software. . . .

LS Hmepg 337x500 34 Esm H200

Metasploit Framework v2.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Metasploit Framework is an advanced open-source exploit development and testing environment. Version 2.1 fixes many issues that users have reported since the release of 2.0 and adds several new features. The bug fixes alone are more than worth the time to upgrade. . . .

LS Hmepg 337x500 34 Esm H200

Summer Webinars look at embedded Linux security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Free Webinars will be offered separately by Wind River; by TimeSys; and by Mocana and its partners MontaVista and Wind River this summer. The events explore getting started with embedded Linux development, graphical embedded Linux development tools, and embedded device security, respectively. . . .

LS Hmepg 337x500 34 Esm H200

More flaws foul security of open-source repository

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development. According to a representative of the project that oversees the program, known as the Concurrent Versions System, the vulnerabilities include a flaw that could let an attacker take control of a CVS server from the Internet, putting the code repository's contents at risk. . . .

LS Hmepg 337x500 34 Esm H200

Secure Development: A Polarised Response

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Through fuller integration of security and development activities, the effectiveness and efficiency of security assessment will be increased and streamlined, the associated costs greatly reduced and organisations will enjoy the return on security investments (ROSI) at a greater rate. Until then, however, those organisations that are already using secure development implementation early in their development cycles will be able to continue to reap greater advantages over their competition. . . .

LS Hmepg 337x500 34 Esm H200

OpenBSD revisited

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the goals for the OpenBSD project is to try being the most secure operating system. The OpenBSD developers say the open software development model allows them to take a "more uncompromising view towards security than other vendors are able to". To this end the developers have been auditing OpenBSD components on a file-by-file basis since 1996, and continue the process to this day. . . .

LS Hmepg 337x500 34 Esm H200

Microsoft's Charney Talks Up Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article is mostly about Microsoft and their security woes. Unexpectedly, however, Linux security tools make a significant cameo. Check out this money-quote:Two IT administrators of Windows-centric shops said they're using Snort, a Linux-based intrusion technology, to secure their infrastructures. Sourcefire, a commercial security offering, also makes use of Snort technology in its offerings. "There are better tools in the Linux world for this stuff, not just for intrusion detection but also for antivirus," said Vernon Butler, an IT manager at CWCapital, Needham, Mass. . . .

LS Hmepg 337x500 34 Esm H200

Hardened-PHP

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Hardened-PHP project team is pleased to announce the release of version 0.1.1 of our PHP security hardening patch. This new Hardened-PHPrelease is the first one that is publicly announced and is consideredstable on atleast linux systems. . . .

LS Hmepg 337x500 34 Esm H200

Prelude IDS Framework: "Open Source Security's Best Kept Secret"

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Everyone both involved in information security and many that are not have heard of Snort NIDS (Network Intrusion Detection System). But not many have heard of a little jewel by the name of Prelude. Prelude is an open source framework for building distributed Hybrid Intrusion Detection Systems (HIDS). The reason it is called 'Hybrid' is that it utilizes sensors which are network based (NIDS). But also allows for hosts logs to be transmitted to a central 'Manager' for correlation and storage in a database (mySQL, Postgres, Oracle). . . .

LS Hmepg 337x500 34 Esm H200

What is gpgdir?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is a very interesting new open-source tool, which encrypts and decrypts entire directories using the CPAN GnuPG module. We heartily encourage anyone who wishes to give it a whirl and tell us about it! We are especially interested to know about the user experience, and about any issues that involve speed and scalability. Is it very limiting in these respects that the code is in Perl? . . .

LS Hmepg 337x500 34 Esm H200

Linux: unfit for national security?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Days after an embedded-industry CEO stirred up a firestorm by charging that Linux poses a threat to U.S. security, two prominent computing-security experts said last week that some developers are already inappropriately using Linux in critical security applications where it isn't suitable. . . .

LS Hmepg 337x500 34 Esm H200

Security Flaws Database Goes Live

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In the interest of spreading the security message to as wide an audience as possible, a group of volunteer security professionals has compiled one of the largest, most complete and most freely accessible databases of vulnerabilities on the Internet. . . .

LS Hmepg 337x500 34 Esm H200

Joint Statement about GNU/Linux Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

GNU/Linux vendors Debian, Mandrake, Red Hat, and SUSE have joined together to give a common statement about the Forrester report entitled "Is Linux more Secure than Windows?". Despite the report's claim to incorporate a qualitative assessment of vendor reactions to serious vulnerabilities, it treats all vulnerabilities as equal, regardless of their risk to users. . . .

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved