The troll--as such taunting posters are dubbed--would frequently ignite massive angry e-mail responses, or flame wars, at times limiting the usefulness of the Full Disclosure list. Over time, n3td3v took on multiple online personalities, or gained members of the n3td3v group, and attempted to create an online security hub. The group's favorite targets included Yahoo!, Google, other researchers and security news reporters, including this one. Even after n3td3v gave up the virtual ghost in September 2006, no one knew the name of the person who infuriated, and amused, so many researchers.
Trying to lock down your company's applications and protect your systems from attack? If so, security scanners and source-code analysis tools are not up to the job -- despite vendor claims to the contrary.
"There's an awful lot of marketing spiel, people introducing technology tools that are sold as silver bullets," said Mark Curphey, vice president of professional services at McAfee's Foundstone division, in an interview. "The reality is, in a large enterprise, those things generally don't work."
Source: Network World - Posted by Vincenzo Ciaglia
Many of the security measures put in place after the Sept. 11, 2001, attacks on the World Trade Center in New York are doing more harm than good, said two speakers scheduled to present at the Hack In The Box Security Conference (HITB) this week.
The effect of many security measures put in place by governments after Sept. 11 has been to strengthen control over their citizens and erode democratic freedoms, said Roberto Preatoni, a security consultant who works in Italy. "The Internet allows you to do more effective things regarding controlling the population," he said.
So you just bought and assembled a brand-new AMD64 workstation. The only decision that remains is whether to install a 64-bit Linux distribution, or stick with comfortable, tried-and-true IA-32. If you are seeking an easy answer to that question, I can't help you. Running 64-bit Linux has its pros and cons. Unfortunately, a lot of the cons are out of your hands -- but they're not really Linux's fault, either.
Ark Linux project developers operate on a "no-frills" policy when it comes to deciding what features will be included in their distribution. They strive to provide only the tools necessary for a typical desktop user, creating a lean, mean Linux. When some users came asking for more features, rather than violate their policy of simplicity, the developers launched a completely new company called YOLD (Your Own Linux Distribution).
IBM announced today that it has entered into a definitive agreement to purchase Internet Security Systems (ISS), a publicly traded Internet security provider based in Atlanta.
Source: Security Park - Posted by Vincenzo Ciaglia
A virtual ID card designed to improve children's net safety has been launched in the UK, US, Canada and Australia. The NetIDMe card can be swapped by children online when using chatrooms, instant messaging and social networks. Parents and children can apply for the card using credit card details and a form countersigned by a professional who knows the child concerned.
Guardian Digital, Inc. takes great pleasure in welcoming Vincenzo Ciaglia of Eboli, Italy to its team. Vincenzo is the creator of Netwosix Linux, a highly-secure Linux distribution, and a long-time student of open source networking and security technologies. Netwosix has been downloaded by more than 60,000 users around the world.
Allendale, New Jersey, August 21, 2006-LinuxSecurity.com, the definitive source for Linux and open source security news, today launched its new website. Founded by Guardian Digital CEO Dave Wreski in 1996, LinuxSecurity.com has become the pre-eminent information resource for IT professionals and open source community members alike. The site, which is supported and maintained by Guardian Digital staff members, employs a global network of expert and volunteer contributors to develop feature articles, commentaries and reviews as well as compile extensive collections of the latest security updates to help readers keep up with the latest advancements in Linux and open source security.
LogError writes: A vulnerability of the Passmark Sitekey login approach at Bank of America could permit an attacker to remotely lock out thousands of customers from their online banking accounts. The vulnerability announced today is similar to a DoS attack in that it permits an attacker to remotely "lock out" customers from their online accounts, potentially overwhelming the bank's customer support lines with calls from frustrated customers.
