Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Use a wiki to integrate your information systems | ||
2nd, April, 2007
Managing documentation and support requests and collaborating effectively are difficult tasks for many organizations. Most companies have separate systems to track customer information, handle support, and manage a general knowledge base, but when someone needs a 360-degree view of a project, or needs to find all of the information on a client, the task can be next to impossible. Why not glue all of your separate systems together using wiki software? |
||
A Quantum Leap in Information Security | ||
5th, April, 2007
Pioneering physicist aims to lock out data hackers with speed-of-light cryptography. |
||
Bad Web Habits Risk Our Security | ||
4th, April, 2007
Security experts have blamed the continued prevalance of older viruses such as the Netsky and Mytob worms on people's bad habits. |
||
The Rise of SSL VPNs | ||
9th, April, 2007
The growth of Secure Sockets Layer virtual private networks (SSL VPNs) has accelerated in the last 12 months due to greater awareness among users of the commercial advantages, better marketing which focuses on benefits rather than technology, and improved security features. |
||
2006 Operating System Vulnerability Summary | ||
3rd, April, 2007
Computer security is a precarious business both from a product development and administrative standpoint. Operating system vendors are forced to constantly patch their software to keep consumers protected from the latest digital threats. But which operating systems are the most secure? A recent report by Symantec hints that Windows currently presents fewer security holes than its commercial competitors. |
||
What's FireGPG? | ||
4th, April, 2007
FireGPG is a Firefox extension which brings an interface to crypt, decrypt, sign or verify the signature of a text in any web page, using GPG. It will support some webmails. Right now, only GMail1 is supported, some useful buttons are added in the interface of this webmail. news/security-projects/whats-firegpg |
||
Fortify Identifies JavaScript Vulnerability in AJAX Apps | ||
2nd, April, 2007
Security vendor Fortify today said it has identified a JavaScript-related vulnerability that lets an attacker hijack a Mozilla or Microsoft Internet Explorer Web browser session. |
||
Securing a New Age Workforce | ||
3rd, April, 2007
Computer security professionals should be more proactive in protecting corporate networks, in light of business employees today being more mobile than ever. |
||
Schneier says full disclosure of vulns a 'damned good idea' | ||
4th, April, 2007
Full disclosure -- the practice of making the details of security vulnerabilities public -- is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure. Unfortunately, secrecy sounds like a good idea. Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of the hackers. The problem, according to this position, is less the vulnerability itself and more the information about the vulnerability. |
||
Shaping the future of secure Ajax mashups | ||
5th, April, 2007
Current Web browsers weren't designed to easily and securely get content from multiple sources into one page. Discover how developers have stretched the available tools to fit the task and how doing so has put strain on the resulting applications with respect to security and scalability. Also, learn about several browser improvements being proposed to remedy the situation and how to become part of the conversation that will bring Web development beyond this hurdle to a new level of interoperability. |
||
How Can We Take Domains Down Faster? | ||
6th, April, 2007
Often the best way to thwart an Internet attack is to take down the domain names involved in it, but this is a hard thing to do under current rules. Shortly before the revelation of the .ANI bug and the inevitable development of attack sites that it engendered, a prescient discussion was beginning about better ways to bring these sites down. |
||
Developers Warned to Secure AJAX Design | ||
7th, April, 2007
Security firm Fortify Software has stepped forward to warn Web site developers that most frameworks for deploying interactive functionality use JavaScript in a way that could lead to their applications leaking user data. |
||
Virtualisation Race Could Risk Security | ||
8th, April, 2007
Companies have been warned not to rush into adopting virtualisation technology as hurrying could leave them at risk of security threats. |
||
The Final 'Final' Nail in WEP's Coffin? | ||
9th, April, 2007
Researchers have discovered a new way of attacking Wired Equivalent Privacy that requires an amount of data "more than an order of magnitude" less than the best known key-recovery attacks. In effect, the cracking can be done within a minute, as the title of the paper suggests: Breaking 104 bit WEP in less than 60 seconds. |
||