25 most recent entries:
Devil-Linux Bundles Router/Firewall and Server in One Live CD (Sep 29 2008 09:25 GMT)
LinuxSecurity.com: Devil-Linux might sound hellish for a Linux distribution, but this live CD offers many blessings for your server needs. Originally developed as a router/firewall distribution, Devil-Linux has expanded its functionality to include nearly every service that a server might offer. It can function as an LDAP server, a VPN server, an email or file server, and more.
Securing Your Network With PacketFence (Sep 25 2008 16:30 GMT)
LinuxSecurity.com: Network access control (NAC) aims to unify endpoint security, system authentication, and security enforcement in a more intelligent network access solution than simple firewalls. NAC ensures that every workstation accessing the network conforms to a security policy and can take remedial actions on workstations if necessary. For example, NACs can check if a workstation has antivirus software installed and, if not, NAC will limit the workstation's access to the network.
Mozilla Patches 11 Bugs in Firefox (Sep 25 2008 08:00 GMT)
LinuxSecurity.com: Mozilla late Tuesday patched 11 vulnerabilities in Firefox 3.0, more than half of them labeled "critical," and fixed 14 flaws in the older Firefox 2.0.
Network-audit Tool for Linux Phone Announced (Sep 24 2008 08:00 GMT)
LinuxSecurity.com: A handset-based network-penetration tool that runs on a Linux phone has been announced in the US.The NeoPwn tool is based on a modified Linux 2.6.
Umit, The Graphical Network Scanner (Sep 23 2008 13:47 GMT)
LinuxSecurity.com: Umit is a user-friendly graphical interface to Nmap that lets you perform network port scanning. The utility's most useful features are its stored scan profiles and the ability to search and compare saved network scans. A profile lets you configure how a network scan is performed, change the source information for the scan, and explicitly nominate hosts to include or exclude from the scan, as well as various more advanced options.
Modern Exploits - Do You Still Need To Learn Assembly Language? (Sep 23 2008 09:25 GMT)
LinuxSecurity.com: This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren't what it is, it's pretty much the lowest level programming languages computers understand without resorting to simply 1's and 0's. This article asks the question do security experts still need to learn assembly programming?
Fedora Intrusion Update (Sep 19 2008 15:14 GMT)
LinuxSecurity.com: Work on the Fedora infrastructure has returned to normal at this point. Updates are once again available for Fedora 8 and Fedora 9, our current releases, using the new package signing key we've implemented. To read more about the new package signing key, refer to:
Scalp - Apache Log Analyzer for Security (Sep 18 2008 08:00 GMT)
LinuxSecurity.com: Scalp! is a log analyzer for the Apache web server that aims to look for security problems. The main idea is to look through huge log files and extract the possible attacks that have been sent through HTTP/GET (By default, Apache does not log the HTTP/POST variable).
Securing Your Network Premises With Endian (Sep 17 2008 16:57 GMT)
LinuxSecurity.com: Unified Threat Management (UTM) devices unify all network security elements into a single device. They often include a combination of routing, firewall, intrusion detection, content filtering, URL filtering, spam filtering, VPN, and antivirus functionalities. These devices usually cost thousands of dollars and require subscriptions.
Adding a Signing Key to RPM (Sep 17 2008 08:00 GMT)
LinuxSecurity.com: A common (and commonly ignored) step when rebuilding Source RPMs from a remote archive is that of verification of the authenticity of the content. An archive maintainer may choose to sign, or to not sign RPM (and thus SRPM) content it releases. Implicitly, an archive which does sign its content provides a way for a consumer of that content, remote in time or at another site, to verify the authenticity, integrity, and provenance of that package.
How To Block Spammers/Hackers With Apache2's mod_spamhaus (Sep 16 2008 09:00 GMT)
LinuxSecurity.com: mod_spamhaus is an Apache module that uses DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address. What to do when you find your site to be spam by attackers using your web forms? This article looks at one way of helping this problem which the Apache module called mod_spamhaus.
PorkBind v1.3 - Nameserver (DNS) Security Scanner (Sep 15 2008 11:06 GMT)
LinuxSecurity.com: This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.
Korset: Linux security Thanks To Static Analysis (Sep 12 2008 13:59 GMT)
LinuxSecurity.com: Coworkers at the University of Tel Aviv have presented a prototype for a new host-based intrusion detection system (HIDS) for Linux. Named Korset, it uses static code analysis and promises zero failures.
Wireless Voice Calls Gain Encryption (Sep 11 2008 08:00 GMT)
LinuxSecurity.com: Fixed-mobile convergence (FMC) start-up Agito Networks Monday plans to announce voice-over-Wi-Fi encryption and other features for its RoamAnywhere Mobility Router. The RoamAnywhere router is customer-premises equipment (CPE) that extends PBX policy and dialing plans across Wi-Fi and cellular networks to smart phones running RoamAnywhere client software. It enables location-based, seamless roaming between both types of wireless networks so that sessions aren't interrupted when mobile users cross wireless network borders How secure do you think your wireless devices are?
Linux Security for Beginners (Sep 10 2008 12:34 GMT)
LinuxSecurity.com: There is a saying in the security world that the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground. The sentiment may be somewhat true but it is hardly a practical solution to the problems we face today in protecting servers and desktops from outside intrusion. There are more computer systems connected to the internet either directly or via local area networks than at any time in the history of technology and the numbers are growing at a rapid rate.
Open source Release Takes Linux Rootkits Mainstream (Sep 10 2008 09:00 GMT)
LinuxSecurity.com: The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers. When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate.
Controlling Internet Access With SafeSquid (Sep 09 2008 15:25 GMT)
LinuxSecurity.com: Content-filtering proxies restrict Internet access privileges for users or groups across an entire network. They must be able to block unwanted content through keyword, URL, DNS, MIME, and image filtering. They need to authenticate and log a user's Internet activity by monitoring and generating detailed reports of URLs accessed, and they must integrate antivirus or malware protection by accessing a reliable antivirus server.
Cybersecurity Best Practice: Guilty Until Proven Innocent (Sep 09 2008 09:31 GMT)
LinuxSecurity.com: Perhaps guilty until proven innocent isn't so bad an idea after all. It's often been said the "lawlessness" of the Internet is similar to the American "Wild West." I have always cringed when hearing that, because it's just too much of a stretch for me, but there's at least one aspect of it that is worthy of consideration when it comes to securing our data systems.
Open Source Release Takes Linux Rootkits Mainstream (Sep 05 2008 16:26 GMT)
LinuxSecurity.com: The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers. When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate.
Responds to Allegations That AppArmor is Dying (Sep 05 2008 09:00 GMT)
LinuxSecurity.com: A recent post from Russ Coker entitled AppArmor is Dead was tolling the death bells for AppArmor because SUSE decided to include SELinux in their operating system... not as the default, and not as a replacement for AppArmor, but it was included nonetheless. Russ determined that this was the beginning of the end for AppArmor, and I read it with some interest largely because Mandriva has settled on AppArmor as our security solution...
SELinux Memory Protections are Your Friend (Sep 05 2008 08:20 GMT)
LinuxSecurity.com: I don't know what a Zend Optimizer is, but it apparently does not play well with SELinux. I've encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work. When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2).
Google Chrome Flaws Come Soon After Browser Release (Sep 04 2008 16:06 GMT)
LinuxSecurity.com: Less than a day after Google arrived on the browser scene with the launch of Chrome, two security researchers have disclosed separate vulnerabilities that could be exploited to compromise the software. Researcher Aviv Raff told SCMagazineUS.com on Wednesday that Chrome suffers from the same "carpet bomb" vulnerability once present in Apple's Safari for Windows, by which the browser does not require user permission prior to a download.
New Firefox Plug-In Double-Checks So-Called Unsafe Sites (Sep 04 2008 10:00 GMT)
LinuxSecurity.com: Like other new browsers, the latest version of Firefox has made security a top priority, and it will alert the user if a site you're about to click on appears to be a hacker's hook. However, the way it and other browsers go about determining that sometimes results in false positives. A new Firefox plug-in adds an additional layer of verification.
Security-Wise, Google Chrome is (Potentially Very) Good (Sep 03 2008 08:40 GMT)
LinuxSecurity.com: Security bloggers are already commenting on Google's slightly premature "Chrome" browser leak. Built on top of the Apple sponsored WebKit engine, the browser offers several security features that we have only seen so far in the beta releases of IE8. The most interesting feature discussed so far is the strict memory separation afforded by the technology, where each web application will operate in its own memory space with its own virtual machine for code execution.
Kernel space: Virus Scanning API Spawns Security Debate (Aug 15 2008 08:35 GMT)
LinuxSecurity.com: The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for;
|
