Vendors/Products - Page 66.7
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
OpenSSH was trojaned yesterday. There is not little authoritative information on the situation. What is known is that the original file was exchanged with a trojaned file and was discovered because it had a different MD5 checksum. . .
DeScan.net claims that its port scanning service for companies uses a unique system of blind packet monitoring, heuristics and statistical analysis to identify abusive scanning behavior and the offending PC. . .
A Japanese start-up has come up with a mutant piece of hardware that it says may deliver "perfect security" for Web servers: a two-headed hard disk drive. Tokyo-based Scarabs has developed a prototype of the hard drive, which has a read-only. . .
There's been considerable discussion this weekend of the recent sale of SecurityFocus to mega-corporation Symantec for a sweet $75 million. At issue in particular is SF's BugTraq mailing list, which has for years been the most popular full-disclosure vulnerability list going.. . .
"[With the acquisitions we are] going to just leapfrog over [security competitors] with a commanding lead in the marketplace," said a confident Hamilton. "Our intent is not to be number two or three. We want to be number one." However, fallout from Symantec's feeding frenzy is drawing criticism that the task of integrating the triage of dissimilar security technology into a cohesive and affordable unit for customers will prove difficult to pull off.. . .
The long-running dispute over when to release vulnerability information escalated last month into a bitter turf war among several security companies, all of which claimed to have their customers' best interests at heart. And while it might have started by coincidence, . . .
The latest version of the Web Services Security (WS-Security) specification is being submitted to international standards body Organization for the Advancement of Structured Information Standards (OASIS) for it to oversee the development. . .
A new virus that targets Web servers running open-source Apache software hasn't succeeded in making an impact. But it could have a sting in its tail. A program designed to infect vulnerable. . .
Security watchers are warning that a security flaw affecting Domain Name System servers running Unix could prove difficult to fix. A buffer overflow vulnerability in DNS. . .
A program designed to infect vulnerable computers running the open-source Apache Web server application apparently hasn't made it very far, security experts said Monday. As first reported. . .
Last week, Internet Security Systems announced that it had found a security hole in the open source Web server Apache. That wasn't a huge surprise. Claims of such problems appear from time to time, and usually. . .
A Columbia company that invented what it calls the world's most widely deployed technology to detect computer hackers announced yesterday that it received $7.6 million in venture capital to develop and market a commercial version of its product. Sourcefire, a 30-employee, privately held company, uses Snort, a detection technology developed by the company's founder, Martin Roesch.. . .
In the wake of the Apache Chunk Encoding vulnerability, the fun just doesn't seem to end. There seems to be another worm on the loose. The details of it are still being investigated. Currently, there is a thread on . . .
In my line of work it is inevitable, but always shocking, to see the number of high-risk security flaws developers have left behind. Most worryingly, a major proportion of vulnerabilities are due to a basic misunderstanding of the internet protocol and . . .
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Please see the ISS advisory, or OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. . . .
Update:Another follow up statement was written by ISSAtlanta also issued through Bugtraq. Apparently ISS is still recieving emails about this issue.. . .
The recent situation regarding the Apache chunk encoding vulnerability has caused plenty of controversy in the security industry. It initially began with the community dislike of the release of information. Then it was debated as to weather or not this was really an exploitable. . .
When designing Web sites, developers usually focus on the appearance and the back end. And they generally rush to get their e-commerce sites to production, often at the expense of adequate security and testing. In fact, Web applications are the weak . . .
Setting up a secure server isn't necessarily for the faint of heart. To make it easier for IT administrators, Guardian Digital Inc. has released EnGarde Secure Linux Version 1.2, offering a secure server operating system for mail, Web and other servers without the hassle of an intricate customization.. . .
IBM has developed software which it claims can effectively prevent drive-by hacking. Software developed by IBM Research in the US apparently turns servers into wireless auditing sniffers that alert administrators if a network has misconfigured wireless access points. The . . .