Information security will never go out of style. As long as companies have computing infrastructure, security professionals will be needed to ward off dangers. But like all other IT careers, the market demands wax and wane and the requirements change. Experts say spending on security will continue to rise – and specialization, compliance knowledge and documented work experience are in demand.
Organizations saw an increase in targeted attacks in 2006 and a new survey shows the majority of IT professionals expect even more zero-day threats in 2007. PatchLink Corporation announced findings from a comprehensive customer survey addressing network attacks, Microsoft Vista and security plans for 2007. The survey was completed by more than 200 CIOs, CSOs, IT managers and network administrators across Europe, Asia Pacific and the United States.
Stefan Esser, PHP security specialist and member of the official PHP Security Response Team has, he says, had enough - in his blog he has announced his immediate resignation from the PHP Security Response Team. He states that he has various reasons for doing so, the most important of which is that his attempt to make PHP safer "from the inside" is futile. According to Esser, as soon as you try to criticise PHP security, you become persona-non-grata in the security team. In addition many of his suggestions were ignored because the developers considered Esser's choice of words, too abrasive. He says that he had stopped counting the number of times he was called a traitor when he published a bug report on a vulnerability in PHP.
Source: EnGarde Secure Linux Development Team - Posted by Carney Mimms
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy and
several updated packages.
A Florida man pleaded guilty yesterday in federal court to hacking into computer systems at two major universities as part of establishing a "bot" network of compromised computers from which he could launch distributed denial of service attacks on computers and networks attached to the Internet.
E-mail is at risk - vulnerable to external attack from viruses, spam, spyware and phishing technologies. And vulnerable to abuse from within, which could result in: acceptable use policies being compromised; regulatory compliance violations; and/or confidential corporate data being leaked externally.
Source: OpenSourceLoudspeaker.com - Posted by Carney Mimms
In this edition of the Open Source Loud Speaker broadcast, the topic is the Linux platform as a secure platform and the benefits of Linux in a secure open source environment. Amongst those interviewed by Herb Kraft is founder and CEO of Guardian Digital Dave Wreski. Wreski discusses Guardian Digital's secure version of Linux, EnGarde Secure Linux, and how it impacts the open source security community.
Joanna Rutkowska writes: "At the beginning of this year, at Black Hat Federal Conference, I proposed a simple taxonomy that could be used to classify stealth malware according to how it interacts with the operating system. Since that time I have often referred to this classification as I think it is very useful in designing system integrity verification tools and talking about malware in general. Now I decided to explain this classification a bit more as well as extend it of a new type of malware - the type III malware."
Source: Help Net Security - Posted by Administrator
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved yet ‘cool’ application on the network. The situation isn’t helped by the myths that surround spyware.
There you are, happily playing around with an audio file you've spent all afternoon tweaking, and you're thinking, "Wow, doesn't it sound great? Lemme just move it over here." At that point your subconscious chimes in, "Um, you meant mv, not rm, right?" Oops. I feel your pain -- this happens to everyone. But there's a straightforward method to recover your lost file, and since it works on every standard Linux system, everyone ought to know how to do it. Briefly, a file as it appears somewhere on a Linux filesystem is actually just a link to an inode, which contains all of the file's properties, such as permissions and ownership, as well as the addresses of the data blocks where the file's content is stored on disk. When you rm a file, you're removing the link that points to its inode, but not the inode itself; other processes (such as your audio player) might still have it open. It's only after they're through and all links are removed that an inode and the data blocks it pointed to are made available for writing.
