Server Security - Page 26 - Results from #500

Discover Server Security News

Elm and Mplayer Exploits: Critical Security Flaws Affecting Linux Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Elm (Electronic Mail for Unix), a venerable e-mail client still used by many Linux and Unix sysadmins, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux. The Elm flaw involves a boundary error when the client reads an e-mail's "Expires" header. A specially crafted e-mail could exploit the bug to cause a buffer overflow and execute malicious code on a system, according to security researchers.

LinuxSecurity.com Team
Aug 26, 2005

Essential MySQL Security Practices for Data Integrity on Linux

The most popular open source database for Linux, is MySQL. It's easy to install and configure, runs light, and is quite fast. You'll commonly see it harnessed to Apache serving up site content and authenticating users and offering a tempting target to those with more time than sense or conscience.

LinuxSecurity.com Team
Aug 18, 2005

IIS vs Apache: Security Analysis and Server Configuration Comparison

Not long ago, Web administrators didn't have a great deal of input into their organization's Web server platform. If they worked in a Windows shop, they ran Microsoft's Internet Information Server (IIS), while those in Linux/Unix shops were tied to Apache, and never the twain did meet. However, times have changed and the Apache HTTP Server Project has broken down the walls by releasing a Windows distribution of the Web server that traces its historic roots to the original NCSA httpd server. There are now two "big kids on the block" and Windows administrators, at least, have some flexibility. (Don't expect Microsoft to release IIS for Linux anytime soon!)

LinuxSecurity.com Team
Aug 16, 2005

Confidentiality And Integrity In Storage Management Strategies

In the first part of our Storage Security Basics series, we looked at authentication, authorization, accountability and access control. In this installment, we examine confidentiality and integrity. If you manage a storage network, one of your primary goals is to ensure that the data is secure. As the administrator, the confidentiality and integrity of information is your responsibility. (Data confidentiality refers to the process of encrypting information to prevent it from being read by users who weren't intended to have access to it. Data integrity means that information has not been changed or modified during transit.)

LinuxSecurity.com Team
Aug 15, 2005

Exploring Security Challenges in Open Source Software and Networks

Security breaches in software applications and networks are one of the biggest threats organizations currently face. But unless you pack your computers into boxes and go back to pencils, paper, and typewriters, being mindful of electronic security is an unavoidable reality and business expense. Because security vulnerabilities are such a high stakes issue, the subject has become a political hot potato between open source and commercial software advocates, with each pointing a finger at the other. Some commercial software vendors claim that their model promotes security while the open source model weakens it; some open source developers claim the exact opposite.

LinuxSecurity.com Team
Aug 12, 2005

Linux 2.6.12 Advisory: Critical Bugs Fixed, New Defects Found

Serious security bugs in key parts of the latest Linux code have been fixed, but some small glitches have been introduced, according to a recent scan. In December, Coverity looked at version 2.6.9 of the Linux kernel, the heart of the open-source operating system, and found six critical defects in the core file system and networking code. In July, the code analysis company scanned the latest version of the Linux kernel, version 2.6.12, and found no such programming errors, Coverity CEO Seth Hallem said.

LinuxSecurity.com Team
Aug 04, 2005

Linux Kernel 2.6.12 Enhancements Highlighted In Coverity Study

Coverity, Inc., makers of the world's most advanced and scalable source code analysis solution today announced results from a new study on the security and quality of the Linux kernel. Six months ago Coverity analyzed Linux kernel 2.6.9, the same version used in Red Hat Enterprise Linux 4.0, and found six potentially critical defects in the core filesystem and networking code. Today's findings on the newest Linux kernel 2.6.12 show that all critical defects have been fixed.

LinuxSecurity.com Team
Aug 03, 2005

Enhancing Data Protection Through Trusted Servers Standards

The Trusted Computing Group has announced an open specification for trusted servers to allow manufacturers to offer better data and transaction security. The specification launched by the industry standards body defines the architecture of a trusted server including its management, maintenance and communication between servers and clients.

LinuxSecurity.com Team
Jul 27, 2005

Apache 2.0.x Advisory: Moderate Risk from Request Smuggling Attack

All versions of Apache previous to 2.1.6 are vulnerable to a HTTP request smuggling attack which can allow malicious piggybacking of false HTTP requests hidden within valid content. This method of HTTP Request Smuggling was first discussed by Watchfire some time ago. The issue has been addressed by an update to version 2.1.6.

LinuxSecurity.com Team
Jul 08, 2005

Implementing Active Directory SSO For Linux Desktops And Servers

I am an advocate of centralized identity management and I think Active Directory makes a great repository for user account information. Interoperability can be a challenge, though. For example, you may work in a mixed environment of Linux/Unix and Windows and want users to take advantage of their Windows accounts when logging on at a Linux/Unix machine. This provides single sign-on for users who otherwise would need to maintain two different sets of passwords.

LinuxSecurity.com Team
Jun 23, 2005

Evaluating Linux And Windows Server Security And Support Costs

Both Linux and Windows are here to stay. The decision to deploy a Linux or a Windows server should be based on a careful evaluation of both technical and business needs. For smaller companies with in-house Windows skills, moving to Linux or implementing Linux alongside Windows could cause more headaches and staff issues than value. For larger companies with sufficient staff and training budgets, implementing Linux-based servers may prove cost-effective in the long-term.

LinuxSecurity.com Team
Jun 22, 2005

Comprehensive Guide To Efficient Patch Management Practices

Patches are small, sometimes temporary “quick fixes

LinuxSecurity.com Team
Jun 21, 2005

Exploring Open Source Benefits For Enhanced Business Security

Do you think there are security benefits businesses could reap by simply switching to open source solutions? Greenberg: Yes. A great number of security holes are because of Windows having glaring security holes in its browser and mail agent. Use Windows and Firefox, for example, instead of Windows and IE, and 80 percent of the security concerns vanish. The number of security threats in an OS-to-OS face off is about equal, from what I see. As — and if — Linux usage increases, the Linux threat level may increase.

LinuxSecurity.com Team
Jun 17, 2005

Strategies For Securing And Integrating Linux Systems Effectively

The difficulty in integrating Linux with legacy systems and securing IT systems are two of IT managers' most common complaints about Linux, says Peter Harrison, who canvassed many IT pros while writing The Linux Quick Fix Notebook, a new book from Prentice Hall PTR. In this tip, Harrison doesn't offer a quick fix, but he does offer sage advice about security and integration.

LinuxSecurity.com Team
Jun 10, 2005

Secure Authentication with CryptoCard for Linux and Mac OS X

CryptoCard (.com) makes a variety of secure authentication and ID management tools, and they just released support for OS X Tiger (they already did Panther). For the rest of you PC alternative fans, Linux support includes Red Hat, SuSE, and an easy compile option for Debian.

LinuxSecurity.com Team
Jun 08, 2005

Securing Linux: Protection Strategies For Apache, ProFTPd, And Samba

While the vast majority of Linux users are hard-core techies, some may be using Linux because they want to try something new, are interested in the technology, or simply cannot afford or do not want to use Microsoft Windows.

LinuxSecurity.com Team
Jun 02, 2005

Exploring Linux's Impact on Data Center Reliability and Innovation

Businesses certainly profit by using high-quality software that is freely available, and unencumbered by restrictive licensing, so they must keep an eye towards its sustainability. That might mean an occasional donation of equipment, funds, employees' time and know-how, whatever it is you have to offer.

LinuxSecurity.com Team
May 24, 2005

Exploring Linux Process Security and Public Vulnerability Disclosure

In his latest entry, Dana asks whether the Linux process is insecure, because it’s not possible to warn the "vendor" before warning the general public about security flaws in Linux. He also notes that "Microsoft has theoretical control of this situation." There are several problems with this line of reasoning. I’m not going to argue that the open source model of development is perfect, but it offers several advantages over the proprietary model. Let’s start with the most obvious.

LinuxSecurity.com Team
May 19, 2005

Intel Hyperthreading: Timing Attacks Expose Security Keys

Intel's hyperthreading technology could allow a hacker to steal security keys from a compromised server using a sophisticated timing attack, a researcher has warned. Hyperthreading allows software to take advantage of unused execution units in a processor. It essentially allows two separate processes, or software threads, to execute on a single processor at the same time, improving performance.

LinuxSecurity.com Team
May 17, 2005

Microsoft's Virtual Server 2005 SP1 Brings Linux Support for VMs

Microsoft head Steve Ballmer has promised to add Linux support for the first time in one of its products because, he explained, users need to manage heterogeneous networks. Support for the software giant's open-source rival and greatest threat will come in Virtual Server 2005 Service Pack 1, due to ship by the end of the year, Ballmer said as part of his keynote speech at the company’s annual summit.

LinuxSecurity.com Team
Apr 21, 2005

Community Poll

More Polls

Server Security - Page 26

Misuse of Cron Jobs for Long-Term Access in Linux Environments

Securing Remote Access to Linux Servers: Best Practices for 2026

Linux AI Tools Require Enhanced Observability for Security