We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.6 (Version 3.0, Release 6). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation.
This is a partial list of new features and systems included in OpenBSD 3.9. For a comprehensive list, see the changelog leading to 3.9. * Improved hardware support * New Tools * New Functionality * Assorted improvements and code cleanup See the Changelog for more information.
As computers and consumer electronics devices become more connected, platform security becomes increasingly important for everyone from consumers to businesses. For consumers, privacy of data such as credit card numbers and social security numbers have always been of concern, but now new technologies such as voice-over-IP and personal video blogs bring new privacy concerns. And for entertainment content owners, piracy is a major concern as they move toward a virtual form of TV and movie content delivery (see Resources).
A startup funded by the U.S. government's Defense Advanced Research Projects Agency is ready to emerge from stealth mode with hardware and software-based technologies to fight the rapid spread of malicious rootkits. Komoku, of College Park, Md., plans to ship in the summer a beta of Gamma, a new rootkit detection tool that builds on a prototype used by several sensitive U.S. government departments to find operating system abnormalities that may be linked to malicious rootkit activity. Rootkits modify the flow of the kernel to hide the presence of an attack or compromise on a machine. This gives a hacker remote user access to a compromised system while avoiding detection by anti-virus scanners.
A new cyber-security 'network' hopes to speed up the development of products that could plug dangerous gaps in businesses' IT defences. By bringing together experts from industry, universities and government, the Cyber Security Knowledge Transfer Network (KTN), funded by the Department of Trade and Industry, hopes to close the gap between research and successfully deployed security systems.
As a product tester, I always tell people: The product speaks for itself. White papers, customer wins, marketing spin: None of that counts. I don't have to be convinced by a public relations person that the product is good, because good products prove themselves in our lab. In 2004, when I last tested mail security appliances, CipherTrust's IronMail was on our short list as a top finalist. It's a good product, and it proved itself in our labs.
Once again, the OpenBSD project is asking for donations to keep its operations in motion. It doesn't ask for much -- U.S. $100,000 (small potatoes in the operating system development industry) -- yet it provides so much to the software world. Even if you don't use OpenBSD, you're likely to be benefiting from it unknowingly. If you're using Solaris, SCO UnixWare, OS X, SUSE Linux, or Red Hat Enterprise Linux, chances are you're using the OpenBSD-developed OpenSSH for secure shell access to remote machines. If so many are using this software, why are so few paying for it? Official responses (and non-responses) from Sun Microsystems, IBM, Novell, and Red Hat are below, but if you're one of the freeloaders who hasn't contributed to OpenBSD or OpenSSH, what's your excuse?
Amanda is the world's most popular open source backup and recovery software. Amanda allows system administrators to set up a single server to back up multiple hosts to a tape- or disk-based storage system over the network. It uses native dump and/or GNU tar facilities and can back up a large number of workstations or servers running various versions of Linux, Unix, Mac OS-X or Microsoft Windows operating systems. On March 23rd, 2006, the Amanda team released a major version (2.5) of the software. Overall the focus of the release is on security of the backup process & backed up data, scalability of the backup process and ease of installation & configuration of Amanda.
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.5 (Version 3.0, Release 5). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation.
ORACLE, the world's third- biggest software maker, has begun selling software that allows users to search only personal data on their work computers such as email, word documents and calendar appointments. Chief executive Larry Ellison says the California company's new search program "is one of the biggest products in years," and may help draw users away from Google, which also offers software for searching content on computers and operates the world's most-used internet search site.
Four months after announcing that it would no longer ship LC5 (better known as L0phtcrack) to non-US locations, Symantec has officially dropped the entire L0phtcrack product line. L0phtcrack was first produced by L0pht, who merged with @stake in 2000, and was then acquired by Symantec in 2004. When asked why L0phtcrack was being discontinued Symantec replied, "The LC product line no longer fits into Symantec's future product strategy. As a result, Symantec will not be applying any future development resources to this product line and will discontinue all sales."
Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability. On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.
SiteAdvisor was founded by a group of MIT engineers who realized there was a gaping hole in existing Web security products. While traditional security companies had gotten relatively good at addressing technical threats like viruses, they were failing to prevent a new breed of "social engineering" tricks -- scams that trick users into downloading malicious software or signing up at Web sites that send unwanted e-mail or steal personal information.
At first blush, the past two weeks have not been good for the image of Apple's Mac OS X: Public descriptions of two worms and a trivial exploit for a serious software issue in the operating system appeared on the Internet.
This is probably the most overdue release in the history of open source software. It has been more than 2 years since the previous release. The most notable changes since version 0.10 are bug fixes, updated automake/autoconf scripts, use snprintf by Mark Martinec if not in C library, support for more (legacy) Unix systems and cygwin, open files with O_NOATIME on supported Linux systems, and added I/ANF/ARF directives.
Not content to rest on its laurels, Linux leader Red Hat is advancing its security aresenal with a number of enhancements and certifications. Red Hat Certificate System (RHCS) will be updated this year with support for smartcards and automated log-ins on Red Hat, as well as other platforms including Windows servers, desktop and Internet Explorer. RHCS, which evolved from technologies acquired from Netscape in 2004, triggers the deployment and maintenance of user identities via a Public Key Infrastructure (PKI) (define).
The folks running the annual RSA Conference here this week will tell you that the show is bigger than ever and security is at the top of every CIO's list of concerns. And while all of that may well be true, if heavyweights such as Sun Microsystems, Cisco Systems and Microsoft have their way, enterprises soon will have little use for the wares that most of the security vendors here are hawking.
A group of graduates from the Massachusetts Institute of Technology (MIT) aim to change that by crawling the web with hundreds, and soon thousands, of virtual computers that detect which websites attempt to download software to a visitor's computer and whether giving out an e-mail address during registration can lead to an avalanche of spam.
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.
If you are an old school Linux or Unix user, you probably remember the System Administrator's Tool for Scanning Networks (SATAN). In 1995, SATAN brought browser-based network auditing to the world. Despite its initial splash, SATAN fell to the wayside due to lack of updates. Thanks to the kind folks at the Advanced Research Corp., SATAN is back, in the form of the Security Auditor's Research Assistant (SARA), a kinder, gentler, easier to use, and more updated auditing tool.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
