Server Security - Page 47 - Results from #925

Discover Server Security News

WireX Announces the Release of Immunix OS 6.2 and StackGuard 2.0

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"Immunix" is a family of tools designed to enhance system integrity by hardening system components and platforms against security attacks. The Immunix OS is a Linux platform hardened with the Immunix tool set. Immunix works by hardening existing software . . .

LinuxSecurity.com Team
Jun 22, 2000

BIND 8.2.x Overflow Vulnerability

Here is an information bulletin that was issues by CIAC last Tuesday. It covers a BIND buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains how the exploit works, "The exploit requires two systems to be . . .

LinuxSecurity.com Team
Jun 16, 2000

The Soothingly Seamless Setup of Apache, SSL, MySQL, and PHP

This article discusses the use of mod_ssl, OpenSSL, RSARef, MySQL and PHP to develop a secure web server. "Our objective is to install a web server that will allow us to host sites, that would be secure for e-commerce . . .

LinuxSecurity.com Team
Jun 09, 2000

Building an E-Commerce Site Part 3: Catalogs and Shopping Carts

In this installment, we add scripts to let the user browse our product catalog and we let them order our products. After completing this installment, you will have experience navigating the product catalog, viewing product details, managing the shopping cart, . . .

LinuxSecurity.com Team
Jun 09, 2000

Linux Kernel Security Bug Discovered

A serious bug has been discovered in the Linux kernel that can be used by local users to gain root access. The problem, a vulnerability in the Linux kernel capability model, exists in kernel versions up to and including version 2.2.15. According to Alan Cox, a key member of the Linux developer community, "It will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded."To ensure that this vulnerability cannot be exploited by programs running on Linux, Linux users are advised to update to kernel version 2.2.16 immediately. Information on "capabilities" are discussed in the Capabilities FAQ We also recently ran a story on a capabilities-based operating system that is worth reading.

LinuxSecurity.com Team
Jun 08, 2000

BSD Based Operating Systems: IPCS Vulnerability

This advisory is for all 386BSD-derived OSes, including all versions of FreeBSD, NetBSD and OpenBSD. "An unprivileged local user can cause every process on the system to hang during exiting. In other words, after the system call is issued, no . . .

LinuxSecurity.com Team
Jun 08, 2000

Security scare as outsiders get access to NetBSD software password

Developers of the NetBSD open source operating system say a recent security breach did not compromise the software's source code. NetBSD developer and project spokesman Charles Hannum has confirmed that a key developer's password was "discovered" by outsiders.

LinuxSecurity.com Team
Jun 07, 2000

Hardening Linux Machines For Web Services

This is a introductory article on securing your Linux server. It starts with physical security then briefly discusses network security. "Your objective is to add as many rings or layers as possible, making the potential cracker take more . . .

LinuxSecurity.com Team
Jun 06, 2000

Web security ups ante, goes nuclear

British Internet companies are increasingly turning to complexes capable of withstanding a nuclear onslaught in the battle against computer hackers and other threats, according to one security consultant. . . .

LinuxSecurity.com Team
Jun 01, 2000

E-Commerce Solutions: An Apache Overview

This ApacheToday article discusses what issues are involved with Apache to configure an E-Commerce site. "So, E-Commerce is the buzzword, but how do you actually produce an E-Commerce site? ... Here's a quick guide to some of the issues . . .

LinuxSecurity.com Team
May 31, 2000

Update: Blocking "Killer Resume"

Jose Nazario has updated the .cf/.mc patch on his mirror site to include "Killer Resume" and was kind enough to share the fix with us. The patch, designed to block the ILOVEYOU worm and related worm/virus medleys, works . . .

LinuxSecurity.com Team
May 31, 2000

NIPC Tool to Detect the mstream DDoS

The potential represented by the "mstream" Distributed Denial of Service (DDoS) exploit is a serious and continuing threat. This advisory provides an update to a previously delivered NIPC DDoS detection tool that now allows users to identify the presence of . . .

LinuxSecurity.com Team
May 26, 2000

Secure Deletion of Data

With the use of increasingly sophisticated encryption systems, an attacker wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack is the recovery of supposedly erased data from magnetic media or random-access . . .

LinuxSecurity.com Team
May 25, 2000

Cracked! Part 3: Hunting the Hunter

Noel continues the story of when some Unix boxes that he helped admin were cracked. This article talks about some of the efforts made to track down the cracker and some surprises. This is the third part of the story . . .

LinuxSecurity.com Team
May 22, 2000

Building An E-Commerce Site - Part 2 - Users and Sessions

This is the second article in a three-part series dealing with using PHP 4 and MySQL to make a comprehensive e-commerce storefront solution. This article covers session management within the store, user privileges, and a few security concerns. . . .

LinuxSecurity.com Team
May 19, 2000

BUGTRAQ Vulnerability Database Statistics

Ever wanted to know which operating systems and applications have the most reported security vulnerabilities? Are there more known vulnerabilities in Windows NT or Linux? To find out check out the BUGTRAQ Vulnerability Database statistics page. . . .

LinuxSecurity.com Team
May 15, 2000

Sendmail 8.11.0 Beta Release Includes TLS

"... Transport Layer Security (TLS) is now in open source sendmail. As the official announcement explains, "Ever since the easing of crypto export regulations in the United States, we have been working on releasing the STARTTLS and SMTP Authentication Security . . .

LinuxSecurity.com Team
May 10, 2000

The trouble with redirects

LWN has written up an article describing the "redirect" security difficulty found by the folks at Digital Creations while tracking down a security problem with the Zope application server. "Given the way the web and authentication-based sites work, a suitably . . .

LinuxSecurity.com Team
May 09, 2000

A Complete, Secure User Login System

Tim Perdue writes about a new PHP library he's written. "When I started seeing spam messages posted to the new column annotation system, I knew I would have to create some sort of user authentication system that helps weed out . . .

LinuxSecurity.com Team
May 09, 2000

Webserver Security (Part II)

This second part of our two-part series on webserver security explores the problem of keeping private data in publicly accessible areas of you server and keeping data from untrustworthy sources from entering your system. Covers Apache, FTP server, PHP and . . .

LinuxSecurity.com Team
May 09, 2000

Server Security - Page 6

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

New Bifrost Malware Evades Detection, Threatens Linux Server Security

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers