Server Security - Page 46.5

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

Financially motivated hacking groups are increasingly exploiting newly disclosed vulnerabilities to deploy custom malware on public-facing servers. The threat actors are known as Magnet Goblin, and they have been quick to leverage one-day flaws, vuln...
Mar 11, 2024
  0

New Bifrost Malware Evades Detection, Threatens Linux Server Security

A new variant of Bifrost, a remote access Trojan (RAT),...
Mar 02, 2024
  0
11.Locks IsometricPattern Esm H115

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers

A new malware dubbed “Migo” that is targeting Linux Red...
Feb 21, 2024
  64
22.Lock ScreenEffect Esm H115

Discover Server Security News

LS Hmepg 337x500 34 Esm H200

Apache Guide: Apache Authentication, Part II

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are basically three reasons to use a database, rather than a text file, to store data. The first reason is speed. Accessing data stored in a database is much faster than accessing data stored in a text file. A database is designed for rapid location of information. A text file, you have to read through each record until you find what you are looking for.. . .

LS Hmepg 337x500 34 Esm H200

Maximizing Apache Server Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An extensive article on Apache security. ... However, does "free" come at a price when it comes to security? It doesn't have to. The diligent network manager will quickly recognize the advantages of choosing a platform that is field-tested on . . .

LS Hmepg 337x500 34 Esm H200

Smart card accepted at portal

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Pulsar Data Systems Inc. on Tuesday unveiled its secure e-commerce portal, PulsarData.com, which uses smart cards to enable agencies to purchase information technology products. Pulsar, a wholly owned subsidiary of Internet data security company Litronic Inc., announced the smart card feature, . . .

LS Hmepg 337x500 34 Esm H200

Unix Security Holes

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The hottest trend these days in network intrusion is to exploit buffer overruns, a technique where-by you feed a program more data than it has allocated, overwriting the memory in the hope of making the program do something it would normally . . .

LS Hmepg 337x500 34 Esm H200

Securing Sendmail

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This two-part series on securing sendmail, based on the tutorial given by Eric Allman and Greg Shapiro at the recent USENIX technical conference in San Diego, begins by detailing the measures you can take to secure any sendmail installation. It continues . . .

LS Hmepg 337x500 34 Esm H200

Securing Apache for AllCommerce

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tips on securing apache for use with virtual hosts. "There is no best way to do this except to be paranoid about every detail, pay attention to security alerts and trust no one. Fortunately, Apache has some recommendations. Here is how . . .

LS Hmepg 337x500 34 Esm H200

Securing Your Web Pages with Apache

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article discusses the various security mechanisms for apache. "... But what's all this noise about 'discretionary' and 'mandatory,' you ask? Put simply, discretionary control (DAC) mechanisms check the validity of the credentials given them at the discretion of the . . .

LS Hmepg 337x500 34 Esm H200

BIND 8.2.x Overflow Vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Here is an information bulletin that was issues by CIAC last Tuesday. It covers a BIND buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains how the exploit works, "The exploit requires two systems to be . . .

LS Hmepg 337x500 34 Esm H200

Linux Kernel Security Bug Discovered

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A serious bug has been discovered in the Linux kernel that can be used by local users to gain root access. The problem, a vulnerability in the Linux kernel capability model, exists in kernel versions up to and including version 2.2.15. According to Alan Cox, a key member of the Linux developer community, "It will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded."To ensure that this vulnerability cannot be exploited by programs running on Linux, Linux users are advised to update to kernel version 2.2.16 immediately. Information on "capabilities" are discussed in the Capabilities FAQ We also recently ran a story on a capabilities-based operating system that is worth reading.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved