With npm v12, dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change ...
"[With the acquisitions we are] going to just leapfrog over [security competitors] with a commanding lead in the marketplace," said a confident Hamilton. "Our intent is not to be number two or three. We want to be number one." However, fallout from Symantec's feeding frenzy is drawing criticism that the task of integrating the triage of dissimilar security technology into a cohesive and affordable unit for customers will prove difficult to pull off.. . .
The long-running dispute over when to release vulnerability information escalated last month into a bitter turf war among several security companies, all of which claimed to have their customers' best interests at heart. And while it might have started by coincidence, . . .
The latest version of the Web Services Security (WS-Security) specification is being submitted to international standards body Organization for the Advancement of Structured Information Standards (OASIS) for it to oversee the development. . .
A new virus that targets Web servers running open-source Apache software hasn't succeeded in making an impact. But it could have a sting in its tail. A program designed to infect vulnerable. . .
Security watchers are warning that a security flaw affecting Domain Name System servers running Unix could prove difficult to fix. A buffer overflow vulnerability in DNS. . .
A program designed to infect vulnerable computers running the open-source Apache Web server application apparently hasn't made it very far, security experts said Monday. As first reported. . .
Last week, Internet Security Systems announced that it had found a security hole in the open source Web server Apache. That wasn't a huge surprise. Claims of such problems appear from time to time, and usually. . .
A Columbia company that invented what it calls the world's most widely deployed technology to detect computer hackers announced yesterday that it received $7.6 million in venture capital to develop and market a commercial version of its product. Sourcefire, a 30-employee, privately held company, uses Snort, a detection technology developed by the company's founder, Martin Roesch.. . .
In the wake of the Apache Chunk Encoding vulnerability, the fun just doesn't seem to end. There seems to be another worm on the loose. The details of it are still being investigated. Currently, there is a thread on . . .
In my line of work it is inevitable, but always shocking, to see the number of high-risk security flaws developers have left behind. Most worryingly, a major proportion of vulnerabilities are due to a basic misunderstanding of the internet protocol and . . .
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Please see the ISS advisory, or OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. . . .
Update:Another follow up statement was written by ISSAtlanta also issued through Bugtraq. Apparently ISS is still recieving emails about this issue.. . .
The recent situation regarding the Apache chunk encoding vulnerability has caused plenty of controversy in the security industry. It initially began with the community dislike of the release of information. Then it was debated as to weather or not this was really an exploitable. . .
When designing Web sites, developers usually focus on the appearance and the back end. And they generally rush to get their e-commerce sites to production, often at the expense of adequate security and testing. In fact, Web applications are the weak . . .
Setting up a secure server isn't necessarily for the faint of heart. To make it easier for IT administrators, Guardian Digital Inc. has released EnGarde Secure Linux Version 1.2, offering a secure server operating system for mail, Web and other servers without the hassle of an intricate customization.. . .
IBM has developed software which it claims can effectively prevent drive-by hacking. Software developed by IBM Research in the US apparently turns servers into wireless auditing sniffers that alert administrators if a network has misconfigured wireless access points. The . . .
Feeling a bit insecure these days? Boy, do we have a cure for you! Just read this issue cover to cover, and I guarantee a secure feeling will wash over you. Of course, it'll then be your responsibility to use this newfound knowledge to apply security in just the right amounts for your IT infrastructure. If you use wireless technology, run Linux or are considering an MPLS-based VPN service, read on. . . .
IBM is delivering new capabilities across its Tivoli security management software portfolio, including IBM Tivoli Access Manager, IBM Tivoli Risk Manager and IBM Tivoli Identity Manager, that enable organizations to make secure access, threat and identity management more effective in heterogeneous environments.. . .
EnGarde walked away with our Editor's Choice award thanks to the depth of its security strategy, which covers nearly all the bases. Everything from the low-level mechanisms (binary integrity checking and stack protection) to high-level usability issues (including an excellent patching interface) demonstrate the serious effort the Guardian Digital crew has invested in EnGarde. . . .
Yankee Group senior analyst Anil Phull told NewsFactor that the best practice for companies using biometric devices is to deploy them with other identification tools. Biometrics have long been the basis of the ultimate security technologies in science fiction -- but can these safeguards, which rely on fingerprints, eyeballs and other personal traits to authenticate users, really secure the enterprise?. . .
