We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
As I write this, yet another e-mail worm is spreading among non-Linux computers and incidentally filling my mailbox with "YOU HAVE A VIRUS" bounces from dumb software that somehow doesn't yet get the concept that worms forge mail. There's nothing like a worm attack that spares Linux to bring out the smug superiority in Linux users. . . .
Linux advocates often take pride in the operating system being more secure than Windows but this claim may have attracted unwanted attention from the hacking community. An analysis of hacker attacks on online servers in January by UK-based security consultancy mi2g found that Linux servers were the most frequently hit, accounting for 13,654 successful attacks, or 80 percent of the survey total. Windows came in a distant second with 2,005 attacks. . . .
Dan Geer lost his job but gained his audience. The very idea that got the computer-security expert fired has sparked serious debate in information technology. . . .
Other goodies in the v2.6 kernel include integrated IPSec support, with the inclusion of the Kame Project; enhanced support for network file systems, including support for mounting Novell NetWare shares; initial NFSv4 (Network File System Version 4) support; and performance and compatibility enhancements with SMB (Server Message Block) shares, including support for CIFS (Common Internet File System). . . .
A few years back, I was working on getting investment into our business. We had big problems with the lawyer from the other side, who kept raising objections. The issue wasn't that her points were invalid; they just weren't material. In other words, they were unlikely to cause problems for their investor. . . .
The document defines some 300 capabilities for Linux usage, which OSDL has arranged into a number of categories: scalability, performance, reliability/availability/scalability, manageability, clusters, standards, security and usability. OSDL said it plans to create a DCL requirements document based on the guidelines to be used in developing a public reference for Linux distributions, business users, and developers of the Linux kernel--the heart of the operating system. . . .
Most application developers underestimate the risk of SQL injection attacks against web applications that use Oracle as the back-end database. This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable. . . .
Key open source advocates point to databases, security and storage as the next big categories ripe for commoditization. At a panel exploring open source issues at Harvard Business School's annual Cyberposium, executives from IBM, Hwwlett Packard, Red Hat, Sun Microsystems and Microsoft debated a variety of issues related to the future of open source, including growth areas and controversial procurement issues. . . .
Web applications have become a popular way to provide global access to data, services, and products. While this global access is one of the Web's underlying advantages, any security holes in these applications are also globally exposed and frequently exploited. It is extremely easy to write applications that contain unintentional security holes. This is demonstrated by the range of common web applications, including PHPMyAdmin, PHPShop and FreeTrade, that have contained major security holes.. . .
The National Institute of Standards and Technology has approved an open-source library of encryption algorithms for use on sensitive government networks, the Open Source Software Institute announced this month. The cryptographic module of OpenSSL (https://www.openssl.org:443/ ), an open-source version of Secure . . .
Perhaps one of the most challenging situations in an IT organisation is to let a systems administrator go. This individual has the proverbial keys to the kingdom as a trusted member of your corporate team. If the time comes to part . . .
The worldwide market for security server appliances grew by 22 percent in the third quarter, and is expected to continue increasing next year, a market research firm said Thursday.. . .
With network device vulnerabilities being discovered all the time, should you be monitoring patch management yourself, or is outsourcing the best option? If the IT industry was subject to the same restrictions as the car industry, the number of equipment recalls . . .
Are data-privacy regulations and dreams about stolen employee data keeping you up at night? It may be time to protect your data where it lives--in your database.. . .
Don't even get me started on security vendors peddling "Intrusion Prevention Systems" (IPS) like they're some kind of silver bullet cure for all security ills. I'd like to see some of those vendors taken to court on a Trade Practices Act . . .
"We see people looking for a tool that will solve all their problems, but what you need is a process; it's not just about the tool," says Felicia Nicastro, senior network systems consultant for International Network Services, a consulting firm that . . .
Nobody knows when the first patch was issued, but it was almost certainly shortly after the first release of the first software package. No matter how much testing is done in-house, the real world and real users always exercise applications in . . .
The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the forensic evidence we have is incomplete, we have pieced together the most likely way that this attack was conducted and we are releasing this advisory as a result of our investigations to date.. . .
Michael S. Mimoso submitted, "A dangerous vulnerability in the Linux kernel is at the heart of a recent attack on the Debian Project's development servers. The flaw, an integer overflow in the brk system call, enabled an attacker to compromise . . .
For those of you who don't know the acronym, XSS stands for Cross-Site Scripting. It is the term that has been given to web pages that can be tricked into displaying web surfer supplied data capable of altering the page for . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
