LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Pardus
Openwall Announce Community Resources: Oss-security, oCERT, Xvendor  17 April 2008  Print E-mail
User Rating:      How can I rate this item?
Source: Openwall - Posted by Bill Keys   
Latest News The Solar Designer from the Openwall project announced some interesting news about their project. They are joined the oCERT project which is an important project for the Linux Security. Solar Designer is creator of the popular John the Ripper password cracker and has developed many of the Openwall projects. His is one of the key players in making open source security so successful. We have joined the oCERT project (the Open Source Computer Emergency Response Team), in two ways: I serve on the advisory board of oCERT, and Openwall is a registered public member of oCERT such that we can be sure to receive notification of vulnerabilities pertaining to our software (and, far more likely, to third-party software that we redistribute as a part of Openwall GNU/*/Linux) that will be handled via oCERT. Other Open Source projects are welcome to register with oCERT, too. (We're also a member of oss-security and vendor-sec, and are registered with the CERT/CC.) The website for oCERT is:
 
SELinux Developer Summit 2008 Announced  03 April 2008  Print E-mail
User Rating:      How can I rate this item?
Source: SELinux News - Posted by Bill Keys   
Latest News The SELinux Developer Summit for 2008 has been announced. It will be held in Ottawa on the 22nd of July in conjunction with the Linux Symposium. This will be an open event for developers of SELinux and Flask/TE projects, as well as those with a strong technical interest. For more details, see the SELinux Developer Summit page. Have you heard that the 2008 SELinux Developer Summit for 2008 is going to be held in Ottawa Canada? What do you think will come out of this Summit and are you planning on going?
 
Critical VMWare Desktop Vulnerability Abuses Default Security Settings  27 February 2008  Print E-mail
User Rating:      How can I rate this item?
Source: net-security.org - Posted by Ryan Berens   
Latest News Engineers from CoreLabs, the research arm of Core Security, discovered that an attacker could gain complete access to a host system by exploiting this vulnerability in VMwares desktop software products. The vulnerability could allow an attacker to create or modify executable files on the host operating system.
One of the most interesting aspects of this vulnerability however, and one that comes up again and again, is that it abuses the shared folder access, a default setting.

One of the ways to fix it is to disable this setting. Why is this an "opt-out" security feature? Shouldn't sharing folders be an "opt-in" feature? Are there other examples that you can think of where the same pattern applies?
 
New Authentication Scheme Combats Keyloggers, Shoulder-Hacking  07 February 2008  Print E-mail
User Rating:      How can I rate this item?
Posted by Ryan Berens   
Latest News Security is always evolving and every day there's some new way to combat threats. This 'undercover' system, as it is being called seems like it an interesting step in a new direction - especially since it can help protect against people snooping over your shoulder! Researchers have built a prototype authentication technique that could ultimately reduce the risk of attackers hacking users' credentials via a keylogger or spyware.

The so-called Undercover system, which was built by Carnegie Mellon University faculty members and students approaches authentication differently: It hides the authentication challenges rather than the user's input or password during the authentication process.
 
Urgent: WordPress Security Fix  05 February 2008  Print E-mail
User Rating:      How can I rate this item?
Posted by Ryan Berens   
Latest News From the WordPress website:

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.
 
<< Start < Prev 79 80 81 Next > End >>

Results 712 - 720 of 808
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.