We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
In today's internet there is a lot of spam, forged mails and people who make use of this. It is importatnt to be secure, secure your users and the rest of the community from your users as well. It's better to be secure than to be sorry if an accident happens.. . .
Guardian Digital's EnGarde Secure Linux in the news. "Many of the programs included in Linux distros have programming errors that lead to things like privilege escalation, whereby a common user tricks a program into thinking it has more privileges than it does, says Guardian Digital CEO Dave Wreski.. . .
The Sendmail buffer overflow exploit announced in March will almost certainly be programmed into an automated worm within the next six months. Such a worm could do for UNIX systems what Code Red did to the Windows world -- simply because there are so many potentially vulnerable UNIX systems on the network today. . . .
After a lengthy QA process, PHP 4.3.2 is finally out! This maintenance release solves a lot of bugs found in earlier PHP versions and is a *strongly* recommended upgrade for all PHP users. Fixes several potentially hazardous integer and buffer overflows. LinuxSecurity will track vendor advisories and post them as vendors submit them.. . .
Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash in certain circumstances. This can be triggered remotely through mod_dav and possibly other mechanisms. The crash was originally reported by David Endler <This email address is being protected from spambots. You need JavaScript enabled to view it.> and was researched and fixed by Joe Orton <This email address is being protected from spambots. You need JavaScript enabled to view it.>. . .
The Apache Web server basks in the admiration of commercial software distributors and customers alike. According to a May 2003 survey by Netcraft, about 63 percent of all Internet sites are powered by Apache. Indeed, its open-source model seems destined to become the darling of commodity software markets. . .
In July 1997, Eugene Kashpureff, founder of AlterNIC, took advantage of an inherent security vulnerability in DNS (Domain Name Service) and carried out the first DNS spoofing attack. "It's all done with standard MIME code, right out of the box. The . . .
This document describes how to setup a spam-blocking email gateway based on open source and freely available software. This procedure is designed for a small to medium sized company with a single domain (multiple domains are possible...just not described here). I will describe how to setup a new computer that is meant to run on your network's DMZ in between the Internet and a corporate email server like Lotus Notes or Microsoft Exchange.. . .
Guardian Digital announced the next generation of the award-winning EnGarde Secure Linux Community Edition. Leveraging the best open source applications available, combined with the security expertise from Guardian Digital, EnGarde is a comprehensive platform for developing a secure Internet presence.. . .
Spam in your e-mail inbox got you down? A group of e-mail service providers and Internet marketers wants to create a way to differentiate bona fide bulk e-mailers from spammers.. . .
It depends upon the motive of the attacker. If you were targeted specifically, its possible the attacker will first attempt to hide their presence on the system, and then remain there quietly observing, altering files or using it as a . . .
On a normal system, if an attacker gains root or administrator access, he or she can run rampant. Not so on a trusted system -- at least so long as it is properly configured. Another hardened OS is EnGarde Linux, which is sold by Guardian Digital. EnGarde uses the same applications one might find in another Linux distribution, but the approach to building the final product is a bit different. Dave Wreski, CEO of Guardian Digital, told NewsFactor that the average Linux distribution "tries to be all things to all people," which makes it difficult to secure the system.. . .
An anonymous user can gain remote root access due to a buffer overflow caused by a StrnCpy() into a char array (fname) using a non-constant length (namelen). An exploit named trans2root.pl has been posted on the Digital Defense, Inc. website. A quick udp based based scanner named nmbping.pl has also been posted to assist you in identifying Samba servers on your network.. . .
Debian has a package manager (DPKG) that resolves dependency problems automatically. It help us to automatically keep up to date programs looking for new versions on the internet, resolving and completing the files and libraries dependencies which a package requires, making system administration easy and keeping us up to date with the new security changes.. . .
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.9. It contains a fix for a critical security problem discovered by Michal Zalewski whom we thank for bringing this problem to our attention. Sendmail urges all users to either upgrade to sendmail 8.12.9 or apply a patch for your sendmail version that is part of this announcement.. . .
Multiple bugfixes relating to Bayes support and other fixes new in this version. SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to . . .
The open-source community is pushing customers to patch their systems to close a hole in a software component that allows Windows programs to store and retrieve files on Linux and Unix servers. . .
The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.. . .
A serious buffer overflow vulnerability announced last week in Sendmail is ripe to be exploited by targeted attacks, but it is also possible for a worm writer to write malicious code that exploits the security hole. No one can say whether a worm writer will create malware that targets the Sendmail flaw, but it is possible, experts said. The pervasiveness of the flaw and of Sendmail usage are strong reasons to be wary of the potential for such a worm. . . .
Buffer overflow problems always have been associated with security vulnerabilities. In the past, lots of security breaches have occurred due to buffer overflow. This article attempts to explain what buffer overflow is, how it can be exploited and what countermeasures can be taken to avoid it. . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
