We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Nearly five months after the release of PHP 5.3.0, the PHP developers have released the first maintenance update to the 5.3 branch of their popular programming language. The PHP 5.3.1 update focuses on stability and includes approximately 100 bug fixes, some of which are security related.
News Analysis: Google is new to the operating system market, so it has to demonstrate that it understands how to build and maintain a secure Web OS. The history of Windows security has shown there are many avenues of attack against a desktop operating system. There are even more potential attack strategies for an online OS. But whether Google has learned the many hard lessons of Web security is very much in doubt at this point.
Check out the info for links to the Google Chrome security blog, and other great information on keeping Chrome secure. Google has released an update to Google Chrome Frame that fixes several crashes and other bugs and one High-severity security issue.
Good news for devotees of ponytailed crypto guru of all our hearts Bruce Schneier: it's now possible to buy an officially endorsed "Bruce Schneier action figure". The action figure, which can be purchased here, comes with a range of costumes ("casual Bruce", "smart Bruce" and "head only"), and also features "scalp" options ("bald", "ponytail" or "cyborg").
Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.
The sale of the Metasploit Project, and its highly respected pen-testing platform to vulnerability management vendor Rapid7 in October signals change for yet another major open-source project to a commercial company. In a wide-ranging interview, Metasploit founder H.D. Moore speaks about the evolution of the Metasploit Project, the threat environment it has grown in and what the acquisition means for the future of the project. Moore also talks about the latest Metasploit framework release (version 3.3), the project's open source exploit development and penetration-testing platform.
Microsoft said Friday that its inquiry confirms that a tool aimed to make it easier to load Windows 7 on a Netbook does in fact contain open-source code. "After looking at the code in question, we are now able to confirm this was indeed the case, although it was not intentional on our part," Microsoft's Peter Galli said in a blog posting.
CritoTech's new product, ezNcrypt, provides "Transparent Data Encryption for MySQL" which solves security and regulatory compliance challenges for the world's most popular open source database.
In the software business, quality is often left behind in the rush to be latest and greatest. Security products are no exception, according to a study released Monday by ICSA Labs. ICSA Labs, a unit of Verizon Business, provides third-party testing and certification of security products. The company examined 20 years of its testing data to create the "ICSA Labs Product Assurance Report". The report indicates that nearly 80 percent of security products fail to perform as intended when first tested, and generally require two or more cycles of testing before achieving certification.
I'd sure like to see something like this for Linux. Could be very useful for secure helpdesk troubleshooting. Are you already doing something like this with a secured VNC? Nowadays, it's easy for developers to build fully fledged applications that run inside the browser. Keeping these applications safe from hackers is another matter. With this in mind, scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user's browser and running it remotely.
News, today, of the release of the latest security update for Wordpress, now revved to 2.8.6. Specific re-mediated issues are related to yet another cross site script flaw, as well as file sanitization challenges. More information direct from the developers makes an appearance after the jump. Update now.
Microsoft has been granted a patent on a privilege escalation system which appears to cover the functionality of PolicyKit, which is used for fine grain authorisation on Ubuntu, Fedora, openSUSE and other Linux systems. The patent claims in 7,617,530 appear to be for system software which, when an application needs a higher privilege level, displays a graphical list of users with the privileges required to perform the task. Selecting one of the users and entering that user's password allows the task to be performed with that users privilege.
CA today unveiled key-management software that helps automate the storage and distribution of encryption keys for multi-vendor tape encryption purposes.
Hot on the heels of the ikee worm, a second piece of iPhone-related malware has appeared, which enables hackers to connect to any device that has been jailbroken and still has an unchanged root password. Jailbreaking is a term used to define iPhones that have been hacked by users to enable software other than that available through the App Store to be installed.
The virtualization platform is the newest product set in the Red Hat enterprise virtualization portfolio built on its leading Red Hat enterprise Linux operating system platform, which offers the proven security, performance, scalability and cost advantages of open source virtualization technology.
The Internet prank known as "Rickrolling" has made its way to iPhones in the form of a worm that infects jailbroken versions of the device. The worm is more annoying than harmful -- it even appears to lock the door behind it, preventing similar attacks from slipping in. However, security pros are concerned that a hacker with malicious intentions may exploit the vulnerability the worm highlights.
IT professionals looking to boost their high-tech careers in the coming five years are betting on security certifications and skills to help them stand out to potential employees, according to a new survey.
Application security vendor Cenzic today released its security trends report for the first half of 2009 application. In it, Cenzic claims that the Mozilla's Firefox browser led the field of Web browsers in terms of total vulnerabilities.
GFI Software has confirmed the purchase of sometimes controversial spam blocklist provider SORBS for a reported $451,000.
This tempts us to say that besides its GUI and billing service, Skype doesn't own much of its application. Secondly, an open source Skype will nurture potentially serious security issues. With thousands of hands able to make surgery into the app, the prejudice to Skype might potentially stem from simple network attacks to stealing calling credit. In the best case, it's going to be harder for Skype to manage the application.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
