Server Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
According to a German IT service provider, users running 1&1 servers with openSUSE 11 as their distribution should check the version number of their Linux kernel. In order to guarantee full support for the hardware it uses, for openSUSE, 1&1 installs its own homemade kernel. Unfortunately this kernel disables the YAST auto-update function, with the result that, despite regular updates, the kernel (2.6.27.21) remains several months old
SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them? Few things make a CIO's eyes glaze over like the mere mention of SQL injections. Unless they cut their teeth in security or SQL programming, chances are that the folks who control the purse strings don't understand these increasingly common attacks. That's a real issue because you're probably making decisions that could exacerbate the problem.
For those Wine aficionados out there, beware of the remote possibility that your Linux system could be infected by Windows-seeking malware. "WINE running a Windows virus is nothing more than a 'stupid Linux trick' ... for now," said Slashdot blogger hairyfeet. But if the year of the Linux desktop ever arrives, he wonders, can Linux hold up to a "tidal wave of stupidity"?
A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The hole is reportedly contained in pipe.c and can occur in certain circumstances when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early
New Dark Reading report explores what database developers and database administrators can do about the pervasive SQL injection attack.
E-mail, the Internet's first killer app, can injure companies and individuals when not used with care. In its attempt to document the risks of electronic messaging and to make the case for the value of its services, Proofpoint, an e-mail security company, has assembled a list of what it considers are the "Top 10 Terrifying E-mail Blunders of 2009."
Today one of our readers sent an interesting post from the developers of WordPress. It is about a just released version 2.8.5. This version is called as the "Hardening Release", which I thought was quite great! According the post, these were new security features from the new 2.9 series that they decided to backport to the 2.8.x tree.
In a sea of compliance initiatives, database security is often overlooked. But experts say no matter what the regulations say, securing the database is a critical part of any compliance effort.
Joe Abley of ICANN and VeriSign manager Matt Larson announced, at the 59th meeting of the "R
In all of their frenzy to protect sensitive data from hackers and thieves, many organizations overlook the most likely threat to their databases: authorized users.
Vincent Danen explains how to use netcat with SSH tunneling when you need to create a secure connection to a server from a remote location.
The growing threat to businesses from the web was put into sharper focus today, after security vendor Websense reported a whopping 671 per cent rise in the number of malicious sites during the past year.
A security researcher has uncovered a security bug in the FreeBSD operating system that allows users with limited privileges to take full control of underlying systems.
The Linux developers have released kernel versions 2.6.27.30 and 2.6.30.5 which fix a critical vulnerability revealed last week. The vulnerability, which is found in all 2.4 and 2.6 series Linux kernels since 2001 and for which there is already an exploit, allows users with restricted privileges to obtain root privileges. The developers urgently recommend users update to the new versions.
Great article that talks about the effectiveness of Sender Policy Framework approach to stopping spam, and how effective it is.IT shops have thrown everything but the kitchen sink at the issue and more times than not, come up empty on long-term solutions. Lately we
WordPress, the popular blogging software platform, has been updated to fix a flaw that could have enabled a hacker to change an administrator password. The bug enables a specially crafted URL to evade a password reset security verification check, Matt Mullenweg, founding developer of WordPress, said Wednesday on the organization's blog.
In the past, database administrators weren't expected to do much with security. Their focus was on the speed, performance, and accuracy of the data. Security was a relatively low priority. Recently, however, that prioritization has begun to shift.
The 2.8.3 security update for WordPress fixes several privilege escalation vulnerabilities, similar to the problems fixed in a previous update to version 2.8. The developers had overlooked some of the loopholes which 2.8.3 now closes. The security service provider Core Security had warned of various security problems in WordPress before, after finding errors in processing certain URLs. For example, unprivileged, but registered users, are reportedly able to examine the configuration pages of plug-ins and to change their options.
A vulnerability in the popular open source BIND9 name server allows attackers to remotely trigger a server crash. According to the error report, a single specially crafted "dynamic update" packet is all that is required to prevent IP addresses from being translated into server addresses. Authorised name-servers use dynamic updates to add, or remove, resource records to, or from, a zone.
OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.