We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Security researchers have discovered a serious vulnerability that may be present in many Ethernet device drivers that is causing the devices to broadcast sensitive information over networks. . .
Theft happens. And in the case of notebook computers, it happens a lot. When preventive measures fail and a notebook is stolen, the focus then becomes recovery. One breed of recovery products tracks the machine via an agent that notifies . . .
Frank submits IP Security Validator is an experimental tool that allows validation of Virtual Private Network (VPN) configurations between two network interfaces. As with testing connectivity using the Ping program, IP Security Validator enables verification and validation of VPN . . .
Security researchers have discovered a set of vulnerabilities in several vendors' implementations of the SSHv2 protocol that could give an attacker the ability to execute code on remote machines. The new flaws are especially dangerous in that they occur before authentication . . .
Several vulnerabilities have been found in the MySQL database system, a light database package commonly used in Linux environments but which runs also on Microsoft platforms, HP-Unix, Mac OS and more. . .
Sigaba Corp. has extended a test of a secure instant messaging product to include more financial services, health care and government organizations. The company will unveil its Sigaba Secure Instant Messaging software in April 2003 but wants to make sure the . . .
I report on a lot of software vulnerabilities, and I try to weed out the unimportant ones. But there's no real way to know in advance which ones will be exploited and which ones cybervandals will essentially ignore. . .
T/bone SecureMail Gateway is a central, server based software solution which provides encryption and digital signatures for the entire email traffic of an organization. It works with a single organizational certificate and transparently provides its services to end users. T/bone automatically . . .
The OpenSSL project team is pleased to announce the release of version 0.9.6h of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release. This will be the last release in the 0.9.6 series. . .
The Security Technologies group at the San Diego Supercomputer Center (SDSC) is pleased to announce the early availability of "SDSC secure syslog" (), a replacement for the standard Linux/UNIX syslog daemon that adds security and performance features, while . . .
Newly formed PGP Corp. took a big step Monday toward endearing itself to cryptography enthusiasts and privacy advocates by releasing the source code for its flagship line of encryption products. The code for the entire PGP 8.0 line--which was also introduced . . .
Internet Security Systems, which has been criticized for publicly releasing information about security problems in software before giving application developers time to deal with holes, has issued a revised set of guidelines for how it will handle security warnings. . .
With the development of smart cards technology mirroring that of the PC development, Linux is also beginning to appear as a contender on the smart card frontier as well. According to Wang Jiping, chief technology officer of China MobileSoft Ltd., Linux . . .
Internet Security Systems Inc. on Monday released to the public the vulnerability disclosure guidelines that its internal X-Force research team uses in identifying flaws and notifying vendors and the public. The guidelines are fairly standard and include a provision that is becoming more and more common among security vendors that also do vulnerability research.. . .
Comdex Fall 2002 was far from previous year's heights, but still continues to function as a smorgasbord for the information technology world. No surprise, then, that some security companies were there serving up products. . .
Steve Grubb submits: Env_audit is a program that ferrets out everything it can about the environment. It is ideal for looking for security problems due to misconfiguration or software bugs. Software developers that write any program that shells out to . . .
An apparent delay in the availability of patches for the vulnerabilities in BIND that were disclosed earlier this week is once again highlighting the seemingly endless debate over when and to whom vulnerability data should be. . .
Agere Systems Inc. is demonstrating at Comdex this week a wireless LAN technology capable of transmitting data at 162 Mbits/second in the 5-GHz frequency band, three times the throughput achieved with an 802.11a device. The technology is targeted at home networking and entertainment as well as enterprise desktop PC applications. . .
ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. . . .
VeriSign Inc hopes to give its digital certificate business a boost with next year's launch of enterprise instant messaging systems from AOL Time Warner Inc. VeriSign is providing security for the software, and expects to see "hundreds of thousands, if not . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
