Security Projects - Page 36
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. Boot to the CD and you have Knoppix-STD. That would include a customized linux kernel (2.4.21 with ntfs rw, openmosix, and superfreeswan patches), Fluxbox windows manager, incredible hardware detection and hundreds of applications. Boot without the CD and you return to your original operating system. Aside from borrowing power, peripherals and some RAM, Knoppix-STD doesn't touch the host computer. . . .
It seemed like a good idea at the time. Set up a Web site that allows users and developers alike to check which pieces of Linux code have been checked for security holes. The project, dubbed Sardonix, was a classic open source solution to a clear problem. . . .
Here is the newest Linux distrobution on the block, Netwosix. It is a source based distro, like Gentoo and Sorcerer, and it seems to be explicitly modelled after the BSD base/package-source tree. It is the brainchild of 17 year old self-described hacker Vincenzo Ciaglia. It stands out a little because its based completely on kernel 2.6. . . .
Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. Initially funded by a research grant from the Pentagon's Defense Advanced Research Projects Agency (DARPA), the Sardonix project aspired to replace the loosely-structured Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. . . .
Embedded webserver specialist Mbedthis Software has released AppWeb, a new "mini-Apache" for embedded Linux focusing on high security and designed for "embedding in applications and devices." AppWeb can be configured with a memory footprint of only 110K, and targets web services, offline applications, and embedded device management, according to Mbedthis. . . .
A few comments. The Database poll was once again the closest race (decided by a single vote last year) while the web server poll remained the most lopsided. It's clear in most polls that there is not a single app that dominates, which I think is a major strength opensource offers. Thanks again to everyone that voted. . . .
A new integrity checker software (open source) is available! But wait, it is not like the others, because it allows you to check the md5sum of your files against a remote database (acessible via web), making the monitoration of the files much more secure and simple, specially when you have more than one Unix system to protect. . . .
Yes, it's true, it's finally here! We're proud to announce the release of the new stable branch of snort, 2.1, and the first release, 2.1.0. This release can be found at the usual place, / . . .
As you know, savannah.gnu.org and savannah.nongnu.org have been down for a number of weeks due to a system crack. Thanks to the contributions of many people -- most notably Mathieu Roy, Jim Blair, and Paul Fisher -- the system is working again for existing projects.. . .
For those few who don't know yet, Openwall GNU/*/Linux (or Owl) is a security-enhanced operating system with Linux and GNU software as its core, intended as a server platform.. . .
A handful of recent on-line attacks on free and open-source software servers has open-source developers looking over their shoulders. During the past four months, unknown intruders have breached the security around servers hosting programs and code published by the Linux kernel . . .
The Information Security Forum (ISF) has released its latest international industry benchmark, the Standard of Good Practice for Information Security. The Standard is designed to help any organisation - irrespective of market sector, size or structure - to keep the risks . . .
Five working groups formed at the National Cyber Security Summit released initial reports that focus on delivering concrete results within a year, task force leaders said Thursday.. . .
On December 1st, 2003, we discovered that the "Savannah" system, which is maintained by the Free Software Foundation and provides CVS and development services to the GNU project and other Free Software projects, was compromised at circa November 2nd, 2003.. . .
University campuses and corporate boardrooms aren't the only places that benefit from diversity -- computer networks and the Internet could stand up better to viruses and worms if they relied on more diverse software, according to computer scientists at Carnegie Mellon . . .
The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles "skin" files, or configuration files that can change the . . .
Michael S. Mimoso submits, Linux distributor Debian reported Friday afternoon that some of its servers have been compromised since Thursday. The alert, posted to several security and Linux mailing lists, stresses that its archive had not been hacked, sparing thousands of installations a potential security nightmare.. . .
A prominent security researcher this week proposed a plan to create a trade association for vulnerability researchers that would act as an advocacy organization as well as protect the legal and economic interests of the members. The plan is still very . . .
We are pleased to announce the official release of OpenBSD 3.4. This is our 14th release on CD-ROM (and 15th via FTP). We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As in our previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system.. . .
CanSecWest would like to announce the final selection of papers for the first, fall, PacSec.jp/core03 conference (below), and the beginning of the call to submit papers for the spring, fifth annual, CanSecWest/core04 network security training conference. . . .