With npm v12, dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change ...
This is the second time TurboLinux has let security support for its US products lapse for an extended period, the first being about two years ago, when budget cutbacks resulted in the Linux distribution security staff at TurboLinux being let go. It was not until several months later that new security staff was hired (at the time only a single person) and security updates for the products were made available once again.. . .
Jim Azevedo writes, "NeoScale Systems, Inc., a provider of enterprise storage security solutions for the burgeoning network storage market, today announced the formation of its technical advisory board - comprised of accomplished and recognized contributors to the storage and security industries.. . .
Growing security concerns within the enterprise communication market are challenging chipmakers to develop advanced, silicon-based encryption techniques that will not erode processor performance.. . .
A slew of vendors this week will take the stage at NetWorld+Interop 2002 Las Vegas to highlight new products and services aimed at making networks safer. Vendors are looking to simplify this important task by processing multiple security applications on a . . .
Rafael Peregrino da Silva writes, "T/bone SecureMail Gateway allows digital signature and encryption for the entire email traffic of a company with a single organizational certificate. This server based solution works transparently for end users. T/bone automatically finds certificates . . .
Biometrics vendors are doing their best to supplant passwords as the chief form of computer security, but Government Computer News Lab tests indicate that many of their products are not quite ready. Some developers have continued to improve already good devices, . . .
Angela Schwartz writes, "Netlock Technologies develops Contivity VPN Clients for Macintosh, Linux, Solaris, HP-UX, and IBM-AIX. No other company offers the breadth of VPN client operating system support that is available with the Nortel VPN Switch. . . .
Executives at Linux security company Cylant say the computer security industry is engaged in a "conspiracy of sorts," or at least a conspiracy of ignorance, in taking a reactive approach to fighting vulnerabilities. Cylant is pitching its CylantSecure server monitoring . . .
Network security is not a technological problem; it's a business problem. The only way to address it is to focus on business motivations. To improve the security of their products, companies - both vendors and users - must care; for companies to care, the problem must affect stock price. The way to make this happen is to start enforcing liabilities.. . .
Problems with Microsoft Corp.'s Windows Update are causing the automated scanning service to mismanage patches, leaving IT managers to wonder whether the systems they thought were safely patched are actually vulnerable. WU, which was originally meant for consumers but is used . . .
Ernst & Young LLP, one of the world's largest professional services firms, today announced the schedule for the seventh year of its acclaimed eXtreme Hacking courses, which allows information technology professionals to gain hands-on experience with techniques that a "hacker" might use to attack and penetrate a corporate network.. . .
Crossbeam Systems, Inc., announced general availability of version 2.0 of the Crossbeam X40S, the first "open appliance" for providing a complete, high-performance security solution composed of multiple "best of breed" applications from leading independent software vendors (ISVs). Initial enterprise and service . . .
Microsoft released the Baseline Security Analyser (MBSA), a free tool which analyses Windows systems for common security misconfigurations, earlier this week. But users have already slammed it as just a GUI version of the software giant's HfNetChk.. . .
The fact is, both sides have their share of problems--but neither side has the edge when it comes to fixing security holes. You're just as likely to encounter a security problem with open source code as you are with Microsoft Windows, and the fix is just as likely to appear quickly and be done properly.. . .
... despite the paramount importance of SSL certificates, hosting companies have had few options when it comes to purchasing them. Until late 2001, Web hosts typically had two main choices: VeriSign or Thawte. With the entrance of 2002, however, the battle to secure the Web servers of hosting companies, their clients and other large-scale enterprises finally seems to be heating up.. . .
A warning about the security flaw identified Monday in the zlib compression/decompression library affecting Linux systems (see story) has been broadened to include Windows and any other other operating systems that use the zlib code. In an update about the flaw on their Web site, the authors of the zlib library said they have learned that the code is used in far more programs than they originally believed.. . .
A security flaw in open-source software used by Linux and Unix systems for compression may affect some Microsoft products that also use the code. As reported earlier this week by CNET News.com, a flaw in the zlib software-compression library could . . .
Pretty Good Privacy will go on, despite a move by Network Associates to shelve the encryption product after it couldn't find a buyer, PGP inventor Phil Zimmermann says. Although Zimmermann sold PGP to Santa Clara, California-based NAI in 1997, the protocols for the encryption code are open to all on the Internet.. . .
A company called Bodacion Technologies is offering $100,000 to anyone who can crack their biomorphic number generator and predict the final, one-thousandth, number in a sequence of 999. The company is dong this to promote its Hydra server, which uses biomorphic . . .
Two vulnerabilities in various implementations of RADIUS clients and servers have been reported to several vendors and the CERT/CC. They are remotely exploitable, and on most systems result in a denial of service. VU#589523 may allow the execution of code if . . .
