EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Community 3.0.5 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.5 (Version 3.0, Release 5). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Distributed Computing Cracks Enigma Code | ||
6th, March, 2006
More than 60 years after the end of World War II, a distributed computing project has managed to crack a previously uncracked message that was encrypted using the Enigma machine. The M4 Project began in early January, as an attempt to break three original Enigma messages that were intercepted in 1942 and are thought never to have been broken by the Allied forces. |
||
| Thinking Out Loud: In The Age Of Cybercrime | ||
8th, March, 2006
A few weeks ago, I attended a meeting of university presidents and representatives of the CIA and FBI convened to discuss campus issues related to national security. The goal of the meeting was to establish a dialogue between the federal government and our major universities concerning topics such as immigration policies, export of sensitive technology, the protection of intellectual property and so forth. This was the second meeting of our group that I was able to attend, and I found the discussion to be both positive and hopeful. We are trying to find the proper balance between important national security concerns and our ability to attract the best and brightest talent from around the world, share information internationally and maintain on our campuses an open environment for information exchange. |
||
| 10 of the Best for Security | ||
9th, March, 2006
It must have taken vast amounts of self-discipline to avoid radiating smugness: When American Water was infected by the Sasser worm last year its exposure was limited to just 19 hosts out of a potential 10,000, thanks to early detection and active intervention. During the same period, a sister company suffered 4000 infected machines - virtually its entire infrastructure. "The remediation alone, much less the business interruption quantification, was in excess of a half a million [US] dollars value to us," says American Water director, security, Bruce Larson. |
||
| Febuary's Security Streams | ||
11th, March, 2006
It's about time I summarize all my February's Security Streams, you can of course go through my January's Security Streams as well, in case you're interested in what was inspiring me to blog during January. |
||
| The Value Of Vulnerabilities | ||
8th, March, 2006
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public? |
||
| Virus Names Likely A Lost Cause | ||
10th, March, 2006
In early February, antivirus firms warned customers about a computer virus programmed to delete files on the third of each month, but almost every company called the program by a different name. A month later, the companies still use a hodge-podge of monikers for the program: Blackmal, Nyxem, MyWife, KamaSutra, Blackworm, Tearec and Worm_Grew all describe the same mass-mailing computer virus. The slew of names underscore that--while antivirus companies have been able to agree on the name for some threats, such as the recent Mac OS X worms--at other times, the companies instead go their own way and race to get public acceptance of their name for a particular threat. |
||
| Where's My 0day, Please | ||
10th, March, 2006
A site I was recently monitoring disappeared these days, so I feel it's about time I blog on this case. I have been talking about the emerging market for software vulnerabilities for quite some time, and it's quite a success to come across that the concept has been happening right there in front of us. Check out the screenshots. |
||
| Avoiding The Spam Trap | ||
6th, March, 2006
It was a typical first-thing activity. I'd turned my computer on, run the spam filter, and was checking through it for e-mails that shouldn't be there. As sometimes happens, there were a couple, and a couple of clicks later, McAfee SpamKiller sent them on their way to my e-mail. This is a habit that I've formed over the years because I've learned that despite the technology, false positives do exist and sometimes the e-mail that's on the kill list is important. |
||
| Tips to Secure Linux Workstation | ||
8th, March, 2006
While waiting for ADSL to be enabled in my area, which (I've been told) will happen soon, I did some tinkering with my Gentoo Linux workstation to make it more protected against remote attacks, and I thought of compiling a list of security measures against the dangers of full-time Internet connection. Obviously the list is not complete, but it has tips that can surely help. |
||
| Cyber Criminals Attempt To Dodge Phishing Site Shutdowns | ||
8th, March, 2006
Online fraudsters have developed a new phishing technique in response to increasingly aggressive moves to identify and shut-down traditional phishing sites. Dubbed "smart redirection attacks," the new threat is designed to ensure that potential phishing victims always link to a live website. |
||
| Security The Priority For Mobile Workforce | ||
8th, March, 2006
Putting in place an organisation-wide mobility strategy will rise up the IT department agenda in 2006 and this, I am afraid, will cause pain. In many large enterprises, about 20% of the workforce has a company-provided mobile device ... That figure will rise during the next few years. According to research firm Forrester, CIOs in Europe and the US rate mobile workforce issues as a top five priority and CIOs worldwide expect mobile workforce issues to increase in importance. |
||
| Securely deleting files with shred | ||
9th, March, 2006
Deleting a file with the rm command merely adds a file's data blocks back to the system's free list. A file can be restored easily if its "freed" blocks have not been used again. shred repeatedly overwrites a file's space on the hard disk with random data, so even if a data recovery tool finds your file, it will be unreadable. By default, shred does not delete a file, but you can use the -u or --remove switch to delete it. |
||
| Firefox To Get Phishing Shield | ||
9th, March, 2006
An upcoming version of Firefox will include protection against phishing scams, using technology that might come from Google. The phishing shield is a key new security feature planned for Firefox 2, slated for release in the third quarter of this year, Mozilla's Mike Shaver said in an interview Tuesday. |
||
| 19 Ways to Build Physical Security into a Data Centre | ||
9th, March, 2006
Protecting data is not just a job for technologists. It also takes physical security and business continuity experts. At information-intensive companies, data centres don't just hold the crown jewels; they are the crown jewels. Protecting them is a job for whiz-bang technologists, of course. But just as important, it's a job for those with expertise in physical security and business continuity. That's because all the encryption and live backups in the world are a waste of money if someone can walk right into the data centre with a pocket knife, a camera phone and bad intentions. |
||
| Anti Phishing Toolbars - Can You Trust Them? | ||
12th, March, 2006
A lot of recent phishing events occured, and what should be mentioned is their constant ambitions towards increasing the number of trust points between end users and the mirror version of the original site. The use of SSL and the ease of obtaining a valid certificate for to-be fraudelent domain is a faily simple practice. Phishing is so much more than this, and it even has to do with buying 0day vulnerabilities to keep itself competitive. How should phishing be fought? Educating the end user not to trust that he/she's on Amazon.com, when he just typed it, or enforcing a technological solution to the problem of digital social engineering and trust building? |
||
| Hey Neighbor, Stop Piggybacking on My Wireless | ||
9th, March, 2006
For a while, the wireless Internet connection Christine and Randy Brodeur installed last year seemed perfect. They were able to sit in their sunny Los Angeles backyard working on their laptop computers. But they soon began noticing that their high-speed Internet access had become as slow as rush-hour traffic on the 405 freeway. |
||
| Sniffin Packets | ||
10th, March, 2006
There are very few open source tools I’ve yet to see that are more useful then Ettercap. What is Ettercap, you may ask? I’ll tell you. Ettercap is a Ethernet/LAN Sniffer. It allows you to sniff packets on a LAN network, but that’s not the kicker. Ettercap can sniff packets on a switched network. | ||
