Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Vendors/Products - Page 42

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

With npm v12, dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change ...

A major internal repository breach at GitHub has expose...

Managed Extended Detection and Response (MXDR) has beco...

Discover Vendors/Products News

LS Hmepg 337x500 34 Esm H267

Netronome 40-Core Processor Enhances Network Security Solutions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

LinuxDevices has a neat article describing a new $275 processor that works well in UTM, crypto, intrusion detection, and other security-related applications.Netronome announced new multi-core "network flow processors" that are backward-compatible with Intel's IXP28xx, but claimed to offer over twice the MIPS. The Linux-compatible NFP-32xx system-on-chips scale from 16 to 40 cores, offer 20Gbps throughput, and provide a programmable dataplane, virtualization, and security processing, says the company.

LS Hmepg 337x500 34 Esm H267

NeuStar DNS DDoS Attack Examination and Response Summary Report

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

NeuStar, a provider of highly-available DNS services, experienced a coordinated DDoS the other day: "Early this morning, our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours," the Reston, Va. company said in a statement. "While we continue to investigate the cause, the extent, and the duration of the attack, service was completely restored by 10 a.m. EST."

LS Hmepg 337x500 34 Esm H267

Enhancing Application Trust In Mashups With SSL Technology

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new startup, out of the University of Texas at San Antonio, is trying to address mashup risks: SafeMashups' new technology lets applications authenticate with one another using the Secure Sockets Layer (SSL) protocol before they "mash up" -- or basically blend their data and functionality. To date, most enterprises have been uneasy about adopting mashups given the difficulty of establishing trust among online applications sharing data and functionality via a browser.

LS Hmepg 337x500 34 Esm H267

Tackling Cybersecurity Issues For Small Businesses Using Linux Solutions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Large companies are valuable targets for cyber criminals, but what about the small fry? Software security firm McAfee took a gauge of opinions, finding that some small and medium-size businesses don't seem that concerned about potential hacks. At least that's what its recent survey suggested. Are not enough small companies taking computer security seriously? Do you think Linux can be a solution to these companies security needs? This article studies the role of computer security in small companies.

LS Hmepg 337x500 34 Esm H267

Boosting SpamAssassin with MailChannels Traffic Control Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SpamAssassin, popular open source spam-filtering software, will have deadlier aim thanks to an add-on tool that is being offered free of charge to small businesses and individuals by MailChannels. The tool -- called Traffic Control 3 -- is an e-mail traffic-shaping package that slows down the transmission of spam into corporate e-mail systems. (Compare Messaging Security products.) MailChannels officials say Traffic Control 3 will reduce spam volumes by 50% to 75% for SpamAssassin users. Traffic Control 3 uses a tarpitting technique that greatly reduces the speed at which spam can be transmitted to its target, hitting spammers at their one great vulnerability - their pockets. Reduced speed means less money, and spammers just aren't willing to make the compromise. What have you heard about Traffic Control 3 - anyone else know any good open source spam tar pits?

LS Hmepg 337x500 34 Esm H267

RSA Conference 2023: Trends, Insights And Exhibitor Feedback

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Last week was the RSA Conference, easily the largest information security conference in the world. More than 17,000 people descended on San Francisco's Moscone Center to hear some of the more than 250 talks, attend I-didn't-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff. Talk to the exhibitors, though, and the most common complaint is that the attendees aren't buying. Schneier makes an interesting comparison of anti-lock brakes to security products near the end of the article that sheds new light on how the security industry is evolving. Do you feel this is for better or worse?

LS Hmepg 337x500 34 Esm H267

Delving into Ubuntu's Role in Managed Network Security Services

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ubuntu, the fastest-growing version of Linux, is starting to attract interest from the managed services industry. One prime example: Untangle, which develops security solutions for managed service providers, is preparing to add support for Ubuntu within the next few months, MSPmentor has learned. As you can tell by the rise of popularity in Linux distributions such as Ubuntu, managed service providers pay more attention due to the advantages of open source such as fair pricing and overall community. Untangle focuses on its network gateway - what other distros or MSPs have you heard about which leverages Linux?

LS Hmepg 337x500 34 Esm H267

Exploit-Me: Firefox Tools Designed for Efficient Web Application Testing

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection. Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.

LS Hmepg 337x500 34 Esm H267

Security Risks of Virtualization in IT Environments Explored

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Interesting article over at InfoWorld on the security implications of virtualization: Almost any IT department worth its salt is deploying virtualization technology today to reduce power usage, make server and OS deployments more flexible, and better use storage and systems resources. But as virtualization technology gains in popularity, it may bring with it new risks, said Don Simard, the commercial solutions director at the U.S. National Security Agency, the electronic intelligence and cryptographic agency once so secret its very existence was a secret. At the same time, virtualization technology may bring new protections, he noted. There are a lot of people "drinking the Kool-Aid

LS Hmepg 337x500 34 Esm H267

Improving Web Services Safety Through OpenLiberty-J Framework

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenLiberty-J is based on J2SE, and open source XML, SAML, and web services libraries from the Apache Software Foundation and Internet2, including OpenSAML, a product of the Internet2 Shibboleth project. The library implements the Liberty Advanced Client functionality of Liberty Web Services standards This company provides a development architecture explicitly focusing on the deployment of secure practices for Web 2.0 Applications and development. Is this the best way to leverage web service security?

LS Hmepg 337x500 34 Esm H267

SSH Tectia 6.0 Offers Enhanced Security with TCP Tunneling

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SSH Communications is a focused provider for all types of, you guessed it, SSH corporate services. It's rare to see such a focus, but their new release of their Tectia product suite provides and interesting take on how companies could package this functionality: SSH Tectia Manager 6.0 can centrally deploy, configure, update and audit the SSH Tectia environment from a central location. Benefits of SSH Tectia version 6.0: Improved SSH Tectia Client for Windows - supports transparent TCP Tunneling and automatic tunneling, in addition to the traditional Secure Shell port forwarding, making the product the ideal choice for securing virtually any TCP/IP application without modifications to applications or existing network infrastructure, saving time and valuable IT resources. Ease-of-implementation - improved installation and self-configuration options, provide cost-saving fast and easy ways to replace FTP and other unsecure protocols with secure alternatives, and help meet regulatory compliance deadlines.

LS Hmepg 337x500 34 Esm H267

The Role Of Specialist Security Distros In Open Source Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This question is often asked - what do platforms that focus solely on security bring to the table? According to this interview with Guardian Digital by Packt Publishing, they bring quite a lot. The company develops EnGarde Secure Linux, and answers these questions and more on what makes all security platforms valuable and why is a great example Many popular distributions, community-oriented and otherwise, take security very seriously. They have dedicated security teams that go over individual packages before they're rolled into a final release. To make sure you don't have any loose ends, these distributions and many other individual Open Source projects also publish an endless stream of security advisories and updates. Add to this security mechanisms like SELinux, AppArmor, and the upcoming TOMOYO Linux, and SMACK, and you know they mean business. So what room does this leave for specialist security distros?

LS Hmepg 337x500 34 Esm H267

Mozilla Firefox Add-Ons Risk Data Exposure Due To Browser Flaw

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine. The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday. Of course, the issue is affecting certain add-ons, and it's likely it can be dealt with soon, or averted. The add-ons that are affected include Download Statusbar or Greasemonkey, becuase they store scripts in such a way that they could be found on the hard drive.

LS Hmepg 337x500 34 Esm H267

Sourcefire 3D IPS System Review: Enhancing Network Awareness Features

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Some positives, some negatives. So it goes with Sourcefire's most recent release of their 3D IPS System. This review covers the big changes with two aspects of their software: RNA (Realtime Network Awareness) and RUA (Realtime User Awareness). With this release they've upgraded RNA by including it into macro management. Two of the most important changes in 3D System Version 4.7 lie in the RNA and RUA components. When we looked at the RNA in its first releases, we found its ability to provide network visibility by passively discovering systems, applications and vulnerabilities useful. However, RNA was not integrated into IDS and IPS policy definition at that point. In this release, Sourcefire finally brings RNA into the big picture by letting the network manager easily use RNA-discovered information to refine IDS and IPS policy and build compliance policies.

LS Hmepg 337x500 34 Esm H267

Coverity Certification: Eleven Open-Source Projects Verified Secure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects. Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL. This list of projects may seem fair and equitable. And certainly, Perl, Postfix, Amanda and others can be very secure. But PHP? Granted, the project is done with a contract from DHS as well as association with Stanford University. And their certification boasts...

LS Hmepg 337x500 34 Esm H267

Master Debian's Iptables For Effective Brute-Force Attack Prevention

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Yes folks, it's time for another enticing batch of useful and amazing Linux tips and tricks! On today's menu we are serving up Debian going all volatile, the lowdown on cdrkit usurping cdrtools, and a simple way to use iptables rules to foil brute-force password attacks. Want to learn about Debian's security focused repositories? How about getting iptables to block Brute-Force Attacks? There's also information on the history of CD writing and more...

LS Hmepg 337x500 34 Esm H267

Using SysReport For Effective Diagnostics In Red Hat Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sysreport is a diagnostic utility. It collects information about the running system, which is used for Red Hat Support to analyze current problems with the system. While sysreport is generally considered non-invasive, diagnostic utilities should always be run with caution. As with all tools such as this, it requires caution. And its good to be aware of these issues, considering that this tool can allow you to make better security decisions.

LS Hmepg 337x500 34 Esm H267

Fedora New Security Features: Firewall Tool and VM Management

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mayank Sharma, the Linux and security blogger, gives a great quick overview of things to look forward to in regards to Fedora's emphasis on security: One security enhancements that users will run into is the all-new Firewall configuration tool (system-config-firewall). It's easier to use and has a polished interface compared to the old tool (system-config-securitylevel). You can also now securely manage your virtual machines from a remote host since the libvirt Xen and KVM management API in F8 use SSL/TLS encryption and x509 certificates for client authentication.

Your message here