This week, perhaps the most interesting articles include "Ten Tips for Securing Linux Desktops," "10 Best Hacking and Security Software Tools for Linux," and "Web Application Security: Input Validation."
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Review: The Book of Wireless - "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
|
EnGarde Secure Community 3.0.19 Now Available! (Apr 15) |
|
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. news/vendors-products/engarde-secure-community-3019-now-available
|
|
Unpatched Web Browsers Prevalent on the Internet (Jul 8) |
|
Only 59.1% of people use up-to-date, fully patched Web browsers, putting the remainder at risk from growing threats from diligent hackers, according to a new study published by researchers in Switzerland. The study, published Tuesday, is one of the most comprehensive analyses of what versions of Web browsers people are using on the Internet. The study was conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM Internet Security Services.
It really does not surprise me that only 59.1% of user's browsers are up-to-date. But, what do you think is causing this? Are user's not taking updating their machines seriously? news/network-security/unpatched-web-browsers-prevalent-on-the-internet
|
|
Who Is Running the Most Secure Browser? (Jul 7) |
|
Many users are undoubtedly not updating their browsers as quickly as they should, but you can't conclude any specifics about that from the recent study of Google logs. The researchers who published a large study of Web browser security this week had a great idea and excellent data to work with. Too bad they overreached with their conclusions. A lot more is being made of this paper than is warranted.
What do you think is the most secure browser? This article looks at a study that tries to answer this question. news/network-security/who-is-running-the-most-secure-browser
|
|
Google Open Sources RatProxy Security Tool (Jul 6) |
|
Google has released the source code for its internal RatProxy security tool. The software analyses web pages for potential security risks and reports back to the site administrator. RatProxy can pick up cross-site scripting flaws and incomplete cross-site defence mechanisms, as well as potential data leak sources and risky code that retrieves data from outside domains.
Have you tested out Google's RatProxy software on your Linux machines? The software seems to offer a lot to Open Source security community, but what do you think?
|
|
Ten Tips for Securing Linux Desktops (Jul 3) |
|
Out of the box, a Linux desktop is far more secure than most others. However, this level of security is not necessarily attained through typical security-focused software or techniques. Sometimes, the easiest means to security are those that are the easiest to forget. You might find these suggestions to be pure common sense, but maybe you'll see a means of security you never thought of before. If you're a new Linux user, these tips are a great place to start to ensure that your Linux experience is a good one.
Do you have any favorites security tips that you do every time you setup a new Linux desktop? The tip that says that users should mount /home on it's own partitions is something that I don't do. What do you think?
|
|
Google Calendar a New Target for Phishing (Jul 3) |
|
It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info. It seems to the same old style as normal e-mail phishing but utilising the Google Calendar interface. It comes bundled with the usual spelling and grammatical errors that plague phishing e-mails.
I found this to be a interesting article about how e-mail phishing is on utilizing Google Calendar. What do you thin, is there any way that Google can combat this? news/hackscracks/google-calendar-a-new-target-for-phishing
|
|
Reference Policy 20080702 Released (Jul 3) |
|
Chris PeBenito has announced the latest release of Reference Policy. Notable changes in this release include the ability to specify SELinux roles in loadable policy modules, improved labeled networking support, and new policy modules for virtualization packages.
This release improved the functionality of SELinux loadable policy modules. With this update SELinux seems to be in the right direction, what do you think?
|
|
10 Best Hacking and Security Software Tools for Linux (Jul 2) |
|
Linux is a hacker's dream computer operating system. It supports tools and utilities for cracking passwords, scanning network vulnerabilities, and detecting possible intrusions. I have here a collection of 10 of the best hacking and security software tools for Linux.
What do you think about this top 10 security tools list? Most of the popular security tools are on this list but, do you have any other favorites? news/security-projects/10-best-hacking-and-security-software-tools-for-linux-70993
|
|
Security Vulnerabilities as Defects? (Jul 1) |
|
Count vulnerabilities as defects. Programmers understand that for sure. Of course, you can't leave it all on them, because secure code development is not exactly taught in school (even today unfortunately), so go out and get them some training. Give them some lead in time to understand security vulnerabilities.
Vulnerabilities in software has many similarities to defects but should they be treated the same? What do you think?
|
|
Web Application Security: Input Validation (Jul 1) |
|
In this installment, I will cite an example of automated email code designed for another purpose. Nonetheless, I see it is a critical step to confirm the validity of the form's input. Moreover, unless and until I have received the expected human confirmation, that input is left in limbo [1.]. This is another means to prevent spurious, but uncaught data inputs. Thus, this limited human energy expenditure is a high return investment.
This article looks at the important security practice of web application input validation. Every time you take input from your web application check needs to be executed before your software does anything to that data. Do you have any tips for checking your user's input data for malicious data? news/network-security/web-application-security-input-validation
|
|
Security Update: Ruby (Jun 30) |
|
Slackware security team has released an advisory containing ruby updates which fixed security problem leading to DoS (Denial of Service) condition or allow execution of arbitrary code. Here's the latest -Current changelog:
Quickly after the ruby creators released a warning of finding serious security flaws in their programming language the Slackware Security Team released an update to fix the security problems. I applaud the team for releasing a update as fast as they did.
|
|
Take a look at NetLabel Tools 0.18 (Jun 30) |
|
Paul Moore of HP has announced the release of version 0.18 of NetLabel Tools, a suite for managing explict labeled networking (i.e. attaching labels to packets via IP options) under Linux. This release adds support for static and fallback labels in the 2.6.25 kernel, in addition to several bugfixes and enhancements.
Do you use SELinux for on your system to improve it's security and use NetLabel? If so what do you think about it? Does it help make managing a SELinux installed machine?
|
|
Fight Phishing From The Unix Or Linux Command Line (Jun 30) |
|
This weekend, we're going to look at a little something (actually a HUGE something) that we all seem to have to deal with now (through email, IM, etc). It's called phishing and, for lack of a better explanation, it's a fraudulent way for a malicious individual, or group, to get username and password information from you using deceptive practices (was that redundant? ;) It's most commonly used to get information regarding a person's online bank accounts, credit card/mortgage management information, etc. In other words, stuff that could really screw up their lives if someone else had it.
Phishing attacks are all too common, this article looks at tips to help combat this type of attack. news/network-security/fight-phishing-from-the-unix-or-linux-command-line
|
Jul 08, 2008
•
Anthony Pell
PREVIOUS
NEXT
