Server Security

Discover Server Security News

openSUSE kernels on 1&1 root servers may be out of date

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

According to a German IT service provider, users running 1&1 servers with openSUSE 11 as their distribution should check the version number of their Linux kernel. In order to guarantee full support for the hardware it uses, for openSUSE, 1&1 installs its own homemade kernel. Unfortunately this kernel disables the YAST auto-update function, with the result that, despite regular updates, the kernel (2.6.27.21) remains several months old

LinuxSecurity.com Team
Nov 27, 2009

Practical Analysis: The Fastest-Growing Security Threat

SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them? Few things make a CIO's eyes glaze over like the mere mention of SQL injections. Unless they cut their teeth in security or SQL programming, chances are that the folks who control the purse strings don't understand these increasingly common attacks. That's a real issue because you're probably making decisions that could exacerbate the problem.

LinuxSecurity.com Team
Nov 11, 2009

Does Wine Make Linux Too Loose?

For those Wine aficionados out there, beware of the remote possibility that your Linux system could be infected by Windows-seeking malware. "WINE running a Windows virus is nothing more than a 'stupid Linux trick' ... for now," said Slashdot blogger hairyfeet. But if the year of the Linux desktop ever arrives, he wonders, can Linux hold up to a "tidal wave of stupidity"?

LinuxSecurity.com Team
Nov 06, 2009

Hole in the Linux kernel allows root access

A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The hole is reportedly contained in pipe.c and can occur in certain circumstances when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early

LinuxSecurity.com Team
Nov 04, 2009

Thwarting SQL Injection Threats

New Dark Reading report explores what database developers and database administrators can do about the pervasive SQL injection attack.

LinuxSecurity.com Team
Nov 03, 2009

Email Security: Top 10 E-mail Blunders Of 2009, So Far

E-mail, the Internet's first killer app, can injure companies and individuals when not used with care. In its attempt to document the risks of electronic messaging and to make the case for the value of its services, Proofpoint, an e-mail security company, has assembled a list of what it considers are the "Top 10 Terrifying E-mail Blunders of 2009."

LinuxSecurity.com Team
Oct 30, 2009

WordPress Hardening

Today one of our readers sent an interesting post from the developers of WordPress. It is about a just released version 2.8.5. This version is called as the "Hardening Release", which I thought was quite great! According the post, these were new security features from the new 2.9 series that they decided to backport to the 2.8.x tree.

LinuxSecurity.com Team
Oct 22, 2009

Six Steps Toward Better Database Security Compliance

In a sea of compliance initiatives, database security is often overlooked. But experts say no matter what the regulations say, securing the database is a critical part of any compliance effort.

LinuxSecurity.com Team
Oct 12, 2009

First root server provides a DNSSEC-signed zone as of December 1st

Joe Abley of ICANN and VeriSign manager Matt Larson announced, at the 59th meeting of the "R

LinuxSecurity.com Team
Oct 07, 2009

Databases' Most Serious Vulnerability: Authorized Users

In all of their frenzy to protect sensitive data from hackers and thieves, many organizations overlook the most likely threat to their databases: authorized users.

LinuxSecurity.com Team
Oct 02, 2009

Get network versatility with SSH tunneling and netcat

Vincent Danen explains how to use netcat with SSH tunneling when you need to create a secure connection to a server from a remote location.

LinuxSecurity.com Team
Sep 29, 2009

Websense warns of web-based malware epidemic

The growing threat to businesses from the web was put into sharper focus today, after security vendor Websense reported a whopping 671 per cent rise in the number of malicious sites during the past year.

LinuxSecurity.com Team
Sep 16, 2009

FreeBSD bug grants local root access

A security researcher has uncovered a security bug in the FreeBSD operating system that allows users with limited privileges to take full control of underlying systems.

LinuxSecurity.com Team
Sep 14, 2009

Linux kernel vulnerability fixes - Update 2

The Linux developers have released kernel versions 2.6.27.30 and 2.6.30.5 which fix a critical vulnerability revealed last week. The vulnerability, which is found in all 2.4 and 2.6 series Linux kernels since 2001 and for which there is already an exploit, allows users with restricted privileges to obtain root privileges. The developers urgently recommend users update to the new versions.

LinuxSecurity.com Team
Aug 19, 2009

How Safe Is Your Mail Server?

Great article that talks about the effectiveness of Sender Policy Framework approach to stopping spam, and how effective it is.IT shops have thrown everything but the kitchen sink at the issue and more times than not, come up empty on long-term solutions. Lately we

LinuxSecurity.com Team
Aug 13, 2009

WordPress issues new version, closes password flaw

WordPress, the popular blogging software platform, has been updated to fix a flaw that could have enabled a hacker to change an administrator password. The bug enables a specially crafted URL to evade a password reset security verification check, Matt Mullenweg, founding developer of WordPress, said Wednesday on the organization's blog.

LinuxSecurity.com Team
Aug 13, 2009

Database Administrators Playing Increasingly Crucial Role In Security

In the past, database administrators weren't expected to do much with security. Their focus was on the speed, performance, and accuracy of the data. Security was a relatively low priority. Recently, however, that prioritization has begun to shift.

LinuxSecurity.com Team
Aug 07, 2009

Security update for WordPress

The 2.8.3 security update for WordPress fixes several privilege escalation vulnerabilities, similar to the problems fixed in a previous update to version 2.8. The developers had overlooked some of the loopholes which 2.8.3 now closes. The security service provider Core Security had warned of various security problems in WordPress before, after finding errors in processing certain URLs. For example, unprivileged, but registered users, are reportedly able to examine the configuration pages of plug-ins and to change their options.

LinuxSecurity.com Team
Aug 04, 2009

BIND name server vulnerable to DoS attacks

A vulnerability in the popular open source BIND9 name server allows attackers to remotely trigger a server crash. According to the error report, a single specially crafted "dynamic update" packet is all that is required to prevent IP addresses from being translated into server addresses. Authorised name-servers use dynamic updates to add, or remove, resource records to, or from, a zone.

LinuxSecurity.com Team
Jul 29, 2009

Top 20 OpenSSH Server Best Security Practices

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

LinuxSecurity.com Team
Jul 27, 2009

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

New Bifrost Malware Evades Detection, Threatens Linux Server Security

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers