Server Security - Page 40 - Results from #780

Discover Server Security News

Escalating Risks of Denial Of Responsibility Attacks on Software Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A recent report from the National Association for Security and Trust Evaluation warns of an increase in serious security breaches known as Denial of Responsibility (DoR) attacks. "Each attack is much more dangerous than traditional security flaws," says Warren N. Veighn of the Association, "because the extent of the vulnerabilities is so great, the time they affect deployed systems can stretch out to decades, and getting the source of the problem to react appropriately is by definition very difficult." . . .

LinuxSecurity.com Team
Jun 03, 2002

Generate Policies Using Systrace for Enhanced App Security

Systrace enforces system call policies for applications. The policy can be generated interactively. Systrace can constrain the access that an application gets to the system. Operations not covered by the policy raise an alarm and allow an user to refine the currently configured policy.. . .

LinuxSecurity.com Team
May 31, 2002

Polymorphic Simile.D Virus Affects Linux And Windows Systems

{Win32,Linux}/Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It is the first known polymorphic metamorphic virus to infect under both Windows and Linux. The virus contains no destructive payload, but infected files may display messages . . .

LinuxSecurity.com Team
May 31, 2002

PerlMx 2.0 Email Security Enhancements: Filtering and Compliance

ActiveState has released a new enterprise version of PerlMx 2.0, our email security and filtering software for sendmail. PerlMx operates at the gateway and is over 98 percent effective in identifying spam. It now has virus, spam, and corporate communications compliance . . .

LinuxSecurity.com Team
May 28, 2002

SQL Injection Techniques Through Real-World Penetration Testing

When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of . . .

LinuxSecurity.com Team
May 28, 2002

Sendmail: Risk Mitigation for File Locking Local DoS Threats

This article discuss how sendmail currently handles file locking and how it will change in future versions. "Any application which uses either flock() or fcntl() style locking or other APIs that use one of these locking methods (such as open() with O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users may be susceptible to local denial of service attacks.". . .

LinuxSecurity.com Team
May 24, 2002

Web Applications: Significant Security Risks for Corporate Sites

Most, if not all, of corporate web sites are fundamentally insecure. And this insecurity can allow attackers to access databases, delete or change information, and cause absolute chaos with very little effort or technical know how. . . .

LinuxSecurity.com Team
May 22, 2002

Superworm Threats and Defense Strategies for Linux Admins

Give an exploit to script kiddies, and they'll hit every vulnerable host in weeks. Build a worm with it, and it could take days. How long would a superworm take? Try 30 seconds. Brandon Wiley explains superworms and some possible self-defense . . .

LinuxSecurity.com Team
May 15, 2002

Crucial Security Tips to Safeguard Your Apache Web Server Effectively

If you just put your Apache web server online, and are thinking into making the first step in your system security, this brief article will help you do that. By having your own server, you must understand the responsibility behind it. . . .

LinuxSecurity.com Team
May 14, 2002

Unveiling Gulf War UNIX Breach And Its Cybersecurity Implications

During the Gulf War, computer hackers in Europe broke into a UNIX computer aboard a warship in the Persian Gulf. The hackers thought they were being tremendously clever -- and they were -- but they were also being watched. . . .

LinuxSecurity.com Team
May 02, 2002

XP Users Complain About Frequent Updates and System Instability

As many as three times a week, on average, XP users see a little window pop-up at the bottom of their computer screens announcing the availability of another new update for their system. This plethora of patches has left many users wondering whether their hard drives are big enough to handle "Trustworthy Computing.". . .

LinuxSecurity.com Team
Apr 29, 2002

CORE Advisory: 20020409 Critical Stack Protection Issues Explored

"Stack shielding" software have been developed on the promise of preventing exploitation of buffer overflow vulnerabilities that make use of the stack smashing techniques. We discovered that all of them present basic design limitations as well as some implementation flaws.. . .

LinuxSecurity.com Team
Apr 24, 2002

Web Security Alert: Risks From Spyware And Cookies For IT Management

As if IT managers didn't have enough security headaches, the rise of Web site-based intrusions has risen over the last year, with aggressive cookies and pop-up-spawned spyware leading the charge. Products like the Gator password manager utility are reported to include a Web-user monitoring component, which may even cause Web browsers to crash or behave erratically.. . .

LinuxSecurity.com Team
Apr 17, 2002

LIDS 1.1.1 Advisory: Critical CAP_SETUID Exploitation Risk

There is a possibility to use a capability from LIDS protected binaries for arbitrary users. For example if some binary has the CAP_SETUID capability granted, a general user can execute this binary under a arbitrary user ( could be the root ).. . .

LinuxSecurity.com Team
Apr 10, 2002

Understanding DoS Attacks and Effective Detection Strategies

Denial-of-service (DOS) attacks continue to present a significant security threat to corporations two years after a spate of incidents brought down several high-profile sites, including those of Yahoo Inc. and eBay Inc., users and analysts report. Since then, several technologies . . .

LinuxSecurity.com Team
Apr 10, 2002

Exploring Rising Cyber Threats Since 2001 and Business Security Challenges

THE INTERNET HAS become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday. . . .

LinuxSecurity.com Team
Apr 04, 2002

Cyrus IMAP Setup Guide: Configuring Postfix and Procmail for Mail Filtering

This is the second in a series of articles about how to install and configure the Cyrus IMAP mail server, Postfix SMTP, and Procmail for server-side mail filtering. Last week, we covered the installation and basic configuration for Cyrus IMAP.. . .

LinuxSecurity.com Team
Apr 02, 2002

Overview of Web Security Issues and Modern Solutions for E-Services

The World Wide Web (WWW) was initially intended as a means to share distributed information amongst individuals. Now the WWW has become the preferred environment for a multitude of e-services: e-commerce, e-banking, e-voting, e-government, etc. Security for these applications is an important enabler. This article gives a thorough overview of the different security issues regarding the WWW, and provides insight in the current state-of-the-art and evolution of the proposed and deployed solutions.. . .

LinuxSecurity.com Team
Mar 23, 2002

Implement User Authentication Using PHP And Apache for Secure Access

There are a number of reasons why you might want to add user authentication to your Web site. You might want to restrict access to certain pages only to a specific group of privileged users. You might want to customize the content on your site as per user preferences.. . .

LinuxSecurity.com Team
Mar 20, 2002

Mastering Logging Techniques For Efficient System Administration

"Welcome to yet another article in the series of articles dedicated to basic system maintenace and security. This time, I plan to cover the topic of logging, and why is logging a must for every serious admin, or for any system . . .

LinuxSecurity.com Team
Mar 20, 2002

Community Poll

More Polls

Server Security - Page 40

Misuse of Cron Jobs for Long-Term Access in Linux Environments

Securing Remote Access to Linux Servers: Best Practices for 2026

Linux AI Tools Require Enhanced Observability for Security