3 - 6 min read
Jun 30, 2008
This week, perhaps the most interesting articles include "Intrusion Detection For PHP Applications With PHPIDS," "A Report From the Debian Testing Security Team," and "Ruby Creators Warn of Serious Flaws."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Review: The Book of Wireless - "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
|
EnGarde Secure Community 3.0.19 Now Available! (Apr 15) |
|
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. news/vendors-products/engarde-secure-community-3019-now-available
|
|
Linux Security: Easy as 1-2-3 (Jun 27) |
|
But you can certainly beef up the security of a given Linux system to make it more secure than it would otherwise be - while still enabling it to do its job - and it's that process, known as hardening, that is the subject of this article. Without going in to the finer details, we'll be looking at the general steps you should take to harden any system under your control that warrants extra security beyond what you believe is necessary for your "normal" systems.
This article is a good start to improving a Linux user's security. It does not take a lot of work to harden any Linux system, so take a look at different security practices with this article. Do you have any basic steps to harden a Linux machine?
|
|
Intrusion Detection For PHP Applications With PHPIDS (Jun 26) |
|
This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user's session.
Have you ever hear of the web application called "PHPIDS"? According to the article it helps make your php web applications more secure, what do you think? news/network-security/intrusion-detection-for-php-applications-with-phpids
|
|
A Report From the Debian Testing Security Team (Jun 26) |
|
The Debian Testing Security team is very near to providing full security support for the testing distribution. At the time of the last email, two blockers for full security support were present. However, we now are able to process embargoed issues (more on that below), so we are happy to announce that only one blocker remains. The only remaining blocker for full security support at this point is the kernel. We are talking to the kernel security team about providing testing-security support, but at the moment this task lacks manpower.
This posting talks about the current state of the Debian Testing Security Team. They are always looking for new people to help out in testing so, check it out.
|
|
Ruby Creators Warn of Serious Flaws (Jun 25) |
|
The Ruby programming language, which has become popular as the basis for web 2.0 sites such as Twitter, contains serious security flaws that could allow attackers to take over an organization's web server, according to the Ruby development team. The "disturbing" flaws, which were disclosed on Friday, could affect nearly any typical Ruby-based web application, according to Thomas Ptacek, founder of security firm Matasano.
What do you think about this newly discovered security flaw in the Rudy programming language? As ruby continues to become popular will we see more security vulnerabilities found?
|
|
Interview With Mozilla Security Team (Jun 24) |
|
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.They discussed the protection against phishing and the new malware protection, the new update mechanism for add-ons, Mozilla's security policies and processes, and the hardening of their Javascript implementation.
Check out this interview with the Mozilla's Security Team. They talk about the security features they added with their release of Firefox 3.0.
|
|
JavaScript Code Flow Manipulation (Jun 24) |
|
We recently researched an interesting DOM-based XSS vulnerability in Adobe Flex 3 applications that exploits a scenario in which two frames (parent & son) interact with each other, without properly validating their execution environment.
In our research, we have seen that in some cases, it is possible to manipulate JavaScript code flow, by controlling the environment in which it runs. Specifically, we managed to return hacker-controlled boolean values to conditional statements, and by that force the application to be vulnerable to an existing DOM-based XSS, which was otherwise unexploitable. news/hackscracks/javascript-code-flow-manipulation
|