EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| New Gmail Vulnerability leads to Remote Javascript Execution | ||
1st, March, 2006
A recently discovered vulnerability in Google Gmail allows automatic javascript execution when using the preview function. While Google filters javascript sent among Gmail accounts, e-mail from outside accounts such as Yahoo! are not filtered. |
||
| Public Sector Security Conference Will Stress Importance Of Usability | ||
1st, March, 2006
Increasingly computer security is focusing on the human component within a system. About five years ago, security research and practice accepted that most users do not comply with security policies, which is what makes attacks on computer systems possible. People are the weakest link in the security chain and, as reformed hacker Kevin Mitnick points out, social engineering attacks succeed because hackers now make the effort to acquire knowledge of these human factors, whereas the designers of security systems do not. |
||
| How to setup penetration testing exercises. | ||
2nd, March, 2006
Based on the many responses we got regarding the 'Packetslinger' diary, here a few notes on how to setup a penetration/cracking exercise. As a remark: Laws change from area to area. Whatever you do, check your local laws and regulations. Corporate policies, university ethics guidelines and ISP contracts may have to be consulted. Any attack, even as simple as a portscan, should only be performed with written permission. Even in a lab environment, it may be a good exercise to go through the motions of obtaining written permission from the instructor. It is not always easy to identify the person who has to provide permission. But in general, this should be the 'network owner'. Remember that part of a corporate network may be owned by an ISP, and not the company (or university). |
||
| Spreading Security Awareness For OS X | ||
28th, February, 2006
I am 25 years old and a current resident of Columbus, Ohio. I have been publicly active in the computer security scene since around 1998. Most of my research was published through Secure Network Operations, where I served as the Head of Research and Development. Since SNOSoft has dissolved, I have been focusing my time on a project called Digital Munition. |
||
| BP Oils The Wheels Of Heated Security Debate | ||
29th, February, 2006
BP has provoked heated debate in the UK technology industry with plans to move thousands of laptops off its LAN claiming it will make the business more secure. BP said hiding behind a firewall simply creates a false sense of security and so 18,000 of its 85,000 laptops now connect straight to the internet, even when they are in an office. |
||
| Professor Criticized For Online-Attack Test | ||
1st, March, 2006
A final practical test for a computer-security class has network administrators up in arms. According to handlers at the SANS Institute, a professor at a university (both have been promised anonymity) has assigned his students homework requiring them to perform attack reconnaissance on an Internet server. |
||
| Cyberthieves Silently Copy Your Passwords as You Type | ||
27th, February, 2006
Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information. |
||
| Do We Really Need To Have IPv6 When Nat Conserves Address Space And Aids Security? | ||
28th, February, 2006
Internet: Love it or hate it, Network Address Translation will not be going away soon. It is a common belief that IP addresses are running out. Every device on a network needs to be uniquely identified by its IP address, and the problem is that there are simply not enough IPv4 addresses. |
||
| Hunt Intensifies for Botnet Command & Controls | ||
2nd, March, 2006
Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers. |
||
| Businesses Back New Professional Body to Raise IT Security Standards | ||
27th, February, 2006
A new professional body for information security professionals launched today (Monday 27 February) will help raise the standards of IT security across the UK, leading employers have said. The Institute for Information Security Professionals has won backing from major UK firms, which plan to use it as a benchmark for hiring IT security staff. |
||
| Rootkit Hunting vs. Compromise Detection | ||
1st, March, 2006
The presentation I gave in Washington, D.C., at Black Hat Federal Conference in January 2006. It's about new generation of stealth malware, so called Stealth by Design (SbD) malware, which doesn't use any of the classic rootkit technology tricks, but still offers full stealth! The presentation also focuses on limitations of the current anti-rootkit technology and why it’s not useful in fighting this new kind of SbD malware. Consequently, alternative method for compromise detection is advocated in this presentation, Explicit Compromise Detection (ECD), as well as the challenges which Independent Software Vendors encounter when trying to implement ECD for Windows systems. |
||
| Apache .htaccess tweaking tutorial | ||
28th, February, 2006
In this tutorial we are going to improve our website by tweaking out the .htaccess file. Why I wrote this article? Because on the net I have found many articles about this little beast, but every one of them dealt with a specific issue and not look at the overall usage of these files, or they are just too big when you need to do a thing in little time. So I’m trying to collect all the useful bits of data in a monolithic but slim tutorial, which will be updated as I collect more information. But first, let’s see what .htaccess file is. |
||
| Common Insecurity | ||
1st, March, 2006
What do people who renew their driver's licenses, buy hard liquor or donate to a home for elderly and disabled veterans have in common? In New Hampshire, people who did any of those things within the past six months may have had their credit card numbers stolen because of computer security issues (see N.H. state server eyed in possible credit card data breach ). |
||
| Oracle patches 11i Security Flaws | ||
1st, March, 2006
Oracle has issued an upgrade to its E-Business Suite 11i diagnostics module containing a number of the security fixes, according to applications security firm Integrigy. In releasing the upgrade, Oracle made an usual move by alerting its users about the security patches, according to Integrigy's advisory. Historically, the software maker has released product upgrades but not disclosed whether they included security fixes, Integrigy noted. |
||
| How secure is open source? | ||
27th, February, 2006
Received wisdom would have it that transparency makes systems more secure by allowing anyone to view the underlying software code, identify bugs and make peer-reviewed changes. Computer security and cryptography expert Bruce Schneier certainly adheres to that theory. He's been saying engineers should "demand open source code for anything related to security" since 1999. But not all security experts agree. |
||
| Google Hacking: Ten Simple Security Searches That Work | ||
27th, February, 2006
Google has become the de facto standard in the search arena. It's easy, quick and powerful. For those same reasons that the general user has gravitated to Google, so have the hackers. And as we all know, if the hackers use, the security professionals need to utilize it as well. And it doesn't hurt to have Johnny Long (with help from Ed Skoudis) showing you the ropes. Enjoy this highly informative book. We did! |
||
| How to bypass your BIOS Password | ||
28th, February, 2006
Basic BIOS password crack - works 9.9 times out of ten. This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. |
||
| Ernst & Young fails to disclose high-profile data loss | ||
28th, February, 2006
Ernst and Young should go ahead and pony up for its own suite of transparency services. The accounting firm failed to disclose a high profile loss of customer data until being confronted by The Register. |
||
| Ernst & Young loses four more laptops | ||
1st, March, 2006
Ernst and Young appears set on establishing a laptop loss record in February. The accounting giant has lost four more systems, according to a report in the Miami Herald. A group of Ernst and Young auditors toddled off for lunch on 9 February, leaving their laptops in an office building conference room. According to security footage, two men entered the conference room a couple of minutes after the Ernst and Young staffers left and walked off with four Dell laptops valued at close to $8,000, the paper reported. |
||
| Who's Reading Your Cell's Text Messages? | ||
1st, March, 2006
Next, Bubrouski's phone started receiving SMS sports scores and news from ESPN, the sports cable network, which had struck up a partnership with Verizon. |
||
| IT departments taking over physical security | ||
2nd, March, 2006
As firms move towards converged voice-data IP networks, IT departments will increasingly become responsible for the physical security of buildings via deployment of systems such as biometric access controls, IP-CCTV and card readers, new research has predicted. A third of the IT directors surveyed in a new study by research firm Vanson Bourne Limited said that, as a result of being able to control physical security systems over IP, the area of "security over IP" will become their responsibility. In the manufacturing sector, 57 percent expected their departments to become responsible for physical security, and in the retail, distribution and transport sector it was 32 percent. In other commercial sectors, it rose to 36 percent, while it fell to only 6 percent in the financial services sector. |
||
| eDiscovery Challenges | ||
3rd, March, 2006
During the past two decades, the shift from paper to electronic filing of business documents introduced a new challenge: meeting the requirements of litigation discovery. Not only are organizations keeping more information; the vast amounts of email messages and other types of documents are typically not organized in a way that facilitates quick, cost effective extraction from personal and enterprise storage. |
||
| Manage Your Own Identity Online | ||
27th, February, 2006
Computer users' identity information is managed online today by several different data collection agencies. But imagine the freedom people would feel changing their address with one keystroke? Microsoft is working on such technology with its InfoCard identity metasystem. Now IBM, Novell and startup Parity Communications are joining the Eclipse open software foundation and Harvard Law School's Berkman Center for Internet & Society to tackle the challenge. |
||
| Feds: Google's privacy concerns Unfounded | ||
27th, February, 2006
The U.S. Justice Department has denied requesting anything from Google that could threaten the privacy of the search engine's users, as the company recently contended. And by trying to block the government's efforts to review a week's worth of search terms, Google is holding up efforts to protect children from pornography, according to a brief filed Friday by the Justice Department. |
||
| IBM-led Group Backs New Identity Manager Tool | ||
28th, February, 2006
IBM and Novell Monday announced their support for an open source project aiming to give users more control over how information such as passwords and financial details are shared across multiple Web sites. |
||
| Search Engines Are At the Center Of Privacy Debate | ||
1st, March, 2006
At the center of the square off over the access to private personal data online -- a much publicized debate that extends from Beijing to Washington -- stands an uncertain arbiter: the search engine. The companies that operate the most popular search engines -- Google, Yahoo and Microsoft -- are making decisions about how the information they collect about user behavior should be protected, in some cases from the eyes of governments that want to take a closer look but lack a clear legal right to do so. |
||
| Got Data? Beware Privacy Pitfalls, Big Brother | ||
2nd, March, 2006
With controversy swirling around ID theft and electronic surveillance by the government, what should corporations do to protect customer data? Jim Dempsey, policy director at The Center for Democracy & Technology (CDT), spells out controversial advice such as "gather less data" and seemingly dire warnings such as "if you gather the data, the government will come calling." Whether you view CDT as an advocate or an adversary, its voice is being heard on Capitol Hill, so it's important to be aware of its stance on important corporate data policies and related issues. |
||
| Communicating with Confidence | ||
3rd, March, 2006
Along with the benefits of networked systems – easy information sharing and the ability to work wherever and whenever – comes responsibility. Professionals in all industries have the responsibility to protect their customers’ (and their own) confidentiality. When professionals access their office networks and exchange information with other organisations, confidentiality is paramount, though not always easy to achieve. |
||
| Confab To Examine Security Of Utility, Other Control Systems | ||
28th, February, 2006
Professionals concerned with securing the systems that run water and electric utilities, dams, railways and other critical infrastructures are gathering this week in Florida to understand better the challenges facing them and learn how to defend their systems. |
||
| State Launches e-Passports, Rejects Security Concerns | ||
28th, February, 2006
The State Department started pilot production of electronic passports earlier this month and plans to roll out e-passports for the general public this summer, officials said. The senior official in charge of the project also said that technical issues raised recently about e-passport security would not prevent the general distribution of the documents. |
||
| IRS Needs To Tighten Security Settings: TIGTA | ||
28th, February, 2006
The IRS has not consistently maintained the security settings it established and deployed under a common operating environment (COE), resulting in a high risk of exploitation for some of its computers, according to the Treasury Department’s inspector general for tax administration. |
||
| OMB Delivers Positive IT Security Report | ||
2nd, March, 2006
The Office of Management and Budget today presented its report on managing information security systems to Congress. The report showed steady progress in closing security gaps in federal agencies. |
||
| Computer Ills Hinder NSA | ||
3rd, March, 2006
Two technology programs at the heart of the National Security Agency's drive to combat 21st-century threats are stumbling badly, hampering the agency's ability to fight terrorism and other emerging threats, current and former government officials say. One is Cryptologic Mission Management, a computer software program with an estimated cost of $300 million that was designed to help the NSA track the implementation of new projects but is so flawed that the agency is trying to pull the plug. The other, code-named Groundbreaker, is a multibillion-dollar computer systems upgrade that frequently gets its wires crossed. |
||
