Server Security - Page 9
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Though database security best practices have circulated the conference circuit for years now and existing database security tools are now mature, today's typical enterprise is still far behind in shoring up its most sensitive stores of data.
The more apps companies deploy, the more complicated vulnerability management becomes. In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through. That's especially true if you're an IT administrator juggling several tasks of which security is one.
Your website may not be as secure as you once thought... Most people take the Internet for granted. When it comes to the Internet as we know it
Thanks to Phil Van Treuren for sending this one. I
A number of Linux distributors have issued patches for fixing a widely used program that fetches Web pages, called Wget, so it can not be misused by attackers.
Rapid growth in the market for x86 servers over the past year brought good news for both Linux and Windows, as research firm IDC reported last week.
A critical vulnerability in the Linux kernel that gives attackers access to root via X server has been patched by Linus Torvalds. Meanwhile, kernel developer James Morris reports on the first-annual Linux Security Summit (LSS), which covered topics including usability, hardening the kernel, and API standardization.
Afilias, which operates .info and more than a dozen other Web site extensions, will announce on Monday plans to deploy an emerging standard known as DNSSEC that adds a layer of encryption to the Internet's Domain Name System. Will security worries propel DNS into the cloud?
"Security through obscurity" may be a catchy phrase, but it's not the only thing that's catching among Windows users. The expression is intended to suggest that proprietary software is more secure by virtue of its closed nature. If hackers can't see the code, then it's harder for them to create exploits for it--or so the thinking goes.
Tired of having to memorise several usernames and passwords for every secure website you visit? Don't fret. A recent study confirms what IT security experts have been saying all along--it is wiser to have different usernames and passwords to protect identities and information not meant to be public.
Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time!
Mozilla is increasing the amount it pays security researchers for bugs from $500 up to $3,000. I personally think that's a very good thing. There has long been a debate about whether or not vendors should pay for security flaws. In my view, the flaws are going to be discovered whether or not a vendor is paying for them. The question is how they will be disclosed and whether or not those flaws will end up putting millions of users at risk - or not. By paying for flaws, what Mozilla is doing is providing an economic model for both security researchers and for itself. For security researchers, a $3,000 payment is not an unreasonable sum in my view and it's more than the $1,337 that Google pays. HP's TippingPoint also pays for security flaws as well though they seem to have a floating scale on payments as far as I can tell.
Whether it be insecure Web applications, poor password management, or a lack of database policies and monitoring, the average database today is at risk of exposure through a host of different threat vectors that many organizations are not even aware of -- let alone are addressing. Already in 2010, the number of database breaches as a result of such mistakes is mounting.
There's more to network security than just penetration testing. This chapter discusses software tools and techniques auditors can use to test network security controls. Security testing as a process is covered, but the focus is on gathering the evidence useful for an audit.
A new open-source operating system will come with the option of creating one-time, disposable virtual machines on the fly as a way to protect against malicious files.
The Financial Times reported last night that Google was going to phase out internal use of Microsoft Windows due to security concerns. The migration away from Windows is reported to have started in January, motivated by the Chinese Aurora attacks on the company that exploited a flaw in Internet Explorer 6.
William wrote in to let us know that the changelog to upcoming release to MySQL, version 5.1.47, has been released, and it appears this release fixes several critical vulnerabilities and probably should be applied as quickly as is reasonable.
When facing off against a WebDAV enabled server, there are two things to find out quickly: can you upload files, and if so, can you execute code?