We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Embedded systems control much of the world's critical infrastructure, which makes them a prime target for attack by everyone from hackers to terrorists. Embedded systems, however, have at their disposal an impressive set of defenses, mechanisms and procedures that are in . . .
So what is a "chroot jail"? Essentially it is a security method for creating a safe user enviroment on systems that allow remote access accounts. The "jail" locks users into a virtual directory structure and grants access only to applications created for the jailed users by the administrator.. . .
Is open source software more secure? To most Linux enthusiasts, the answer is obvious: open source means more people can look for bugs and a faster dissemination of bug fixes. Obviously, yes. But noted security expert Gene Spafford says that this may not necessarily be true. According to the Purdue professor of computer science and co-author of Practical Unix & Internet Security, good security begins with good design and neither Windows nor Linux have much to brag about in that category.. . .
This version fixes multiple security vulnerabilities including a SysV a SysV shared memory-based scoreboards attack, a XSS vulnerability in the default 404 page handling hosted on a domain that allows wildcard DNS lookups, and some possible overflows in ab.c which could be exploited by a malicious server.. . .
As open source software becomes increasingly popular it is being targeted by virus writers and proving to be at least as vulnerable as Microsoft. The virus-monitoring laboratory of Network Associates' Antivirus Emergency Response Team (Avert) has logged over 170 viruses and Trojans for Linux, as well as an additional 30 Unix shell scripts. . . .
This article takes a look at the evolution of the spam cycle (for as Sun Tzu and every general who ever came after him said, "Know thine enemy and victory will be forthcoming"). It also takes a look at SpamAssassin, the latest in a long and venerable line of weapons in the fight against spam, as well as a look ahead. . . .
Apache web servers under attack from 'Slapper' A new worm is spreading from the US to infect Linux web servers. The Linux Slapper worm attacks Apache web servers using a hole in the Open secure sockets layer encryption module and . . .
The Slapper worm continued to spread quickly over the weekend, with some security experts putting the number of compromised servers as high as 6,000. As first reported by eWeek on Friday, the worm attacks Linux machines running the Apache Web . . .
Once upon a time, the World Wide Web was a relatively static place. The Web server's sole function was to simply deliver a requested Web page, written in HTML, to a client browser. Over time, developers started looking for ways to . . .
A Cannes-based private investigator, Alain Stevens, recently switched computer operating systems from Windows to Linux. "It's a security issue," Stevens said. "Viruses which target Windows could send confidential documents from my machines to random people - and that could send me to prison.". . .
If computers that cannot be hacked revolutionize the Internet next year, you can thank two guys named Eric who were just looking to get some sleep. They come from a cyberspace neighborhood on the wrong side of the tracks--where the dull . . .
Efficiency and automation: one can argue that they are two of the most valuable by-products of any technology. There is little doubt that the electronic tools of today allow us to get more done in less time. We use software to . . .
Welcome to the home stretch, my last [2] ITworld article on installing DJBDNS. I'll cover two things here. First, I'll show you how to 'import' your existing BIND zones into tinydns data format so you don't need to convert those files by hand. Lastly, I'll show you how to start up the axfrdns server, which will allow DNS secondaries running BIND to mirror your DNS zones.. . .
xinetd version 2.3.7 was released that addresses a mior file descriptor leak present in 2.3.4 - 2.3.6. Steve Grubb, co-maintainer of xinetd, sent in a note stating, "At the most, if everything is in just the right configuration...which is probably rare, all they can do is terminate xinetd." . . .
Today, application integration is the single biggest challenge facing IT organizations. With business imperatives driving an increasing need for cross-organization integration, this challenge is getting ever more complex. XML Web services is a term referring to a set of related . . .
Secure site seals handed out to sites by certificate authorities and lock icons shown by browsers can often mislead consumers into believing that a site is more secure than it actually is, according to the latest Netcraft Web Server Survey.. . .
When a standard is deployed as openly as XML, businesses are bound to have security concerns. The need to control content's distribution and ensure its integrity keeps many companies from deploying XML without an extranet. Proposed standards will address security . . .
This article discusses implementing Mandatory Access Control in the SE Linux system. "The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. Mandatory access control (MAC) is needed to address such requirements, . . .
TechWeb summarizes the recent articles they have published on security Linux distributions including EnGarde, the Editor's Choice, HP Secure Linux and Immunix. " IT pros navigating a minefield of insecure software and systems are finding safe ground in Linux. That's . . .
Vendors have not issued updates yet for a vulnerability just reported by the Squid Project. "Under some conditions Squid may forward the proxy authentication credentails. This can happen if you normally require your users to log in to use the proxy, but allow some sites to be reached without needing to log in.". . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
