This tutorial shows how to install and use suPHP with PHP4 and PHP5. suPHP is a tool for executing PHP scripts with the permissions of their owners instead of the Apache user. With the help of suPHP you can also have PHP4 and PHP5 installed at the same time which I will describe at the end of this article. suPHP integrates into Apache2 as a module. At the time of this writing it does work with Apache2 prior to version 2.2. Version 2.2 is not supported yet.
During its development history, the communities of researchers, developers, implementers and users of the DARPA/DoD TCP/IP protocol suite have experimented with a wide range of protocols in a variety of different networking environments. The Internet has grown, especially in the last few years, as a result of the widespread availability of software and hardware supporting this system. The scaling of the size and scope of the Internet and increased use of its technology in commercial applications has underscored for researchers, developers and vendors the need for a common network management framework within which TCP/IP products can be made to work.
Source: Howto Forge - Posted by Efren J. Belizario
Spamcop is a service which provides RBLs for mailservers in order to reject incoming mail from spammers. Their philosophy is to process possible spam complaints from users. When they receive a certain amount of complaints during a time-period then they will blacklist the offender. This system is dependant on spam reporting from users. However, their submission process is not very user-friendly.
In late 2004 Z4CK - meaning Zaurus-ACK, a novel about a hacker who creates the ultimate hacking tool was released in PDF and paperback formats. The novel was well received by the Linux, PDA and Security communities. In Z4CK Duncan Steele creates the ultimate hacking tool, which goverment agencies and criminals alike are desperate to obtain, so much so that the main character finds himself framed by the government for a murder he did not commit. Unlike films such as 'The Net' and 'Swordfish' real world hacking techniques are used.
Source: www.newsforge.com - Posted by Paul VonBurg
Imagine how useful it would be to have an online knowledge base that can easily be updated created by key people within your organization. That's the promise of a wiki -- a Web application that "allows users to easily add, remove, or otherwise edit all content, very quickly and easily," as Wikipedia, perhaps the best-known wiki, puts it. Why not bring the benefits of a wiki to your organization?
If you're sold on the concept, the first thing you need to do is to pick the software that you're going to use for your wiki. If you want hunt around to find out what's out there, a good place to start is Wikipedia's wiki software wiki. If you say, "I'll use whatever Wikipedia is using," that'll be MediaWiki.
Source: www.baselinemag.com - Posted by Paul VonBurg
It's a dangerous world. Every day, thousands of attacks that threaten to corrupt key systems, steal customer data, and otherwise abuse information-technology assets assault U.S. businesses.
The SANS Institute, which provides computer security education and training, estimates that the average Internet network address experiences an attack every 24 minutes. In most cases, it's an unscrupulous hacker trying to infect corporate computers with viruses, worms and Trojans-commonly dubbed "malware."
Source: www.newsforge.com - Posted by Paul VonBurg
When investigating free and open source software (FOSS) development and implementation in developing countries, you're likely to run into Ken Wong and Phet Sayo's FOSS primer, published by the International Open Source Network. What makes this primer so special, and so widely known? To find out, we interviewed the authors.
NewsForge: There are a number of FOSS primers available on the Internet. What motivated you to write yours, and what makes it different from the others?
So... What in the hell is a root kit ??? A root kit is a collection of programs that intruders often install after they have compromised the root account of a system. These programs will help the intruders clean up their tracks, as well as provide access back into the system. Root kits will sometimes leave processes running so that the intruder can come back easily and without the system administrator's knowledge!
I'm jealous. No seriously. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security.
I'm a fan of Gary's writing. If you are a regular reader, you know I loved both his books on Building Secure Software and Exploiting Software. This latest book is, in my mind at least, a balancing act between the two previous books on the topic. Gary calls it the "Ying and Yang". Which makes total sense, since the book cover is of exactly that, a white hat and a black hat (taken from the other two books), positioned in the chinese ying/yang symbol.
Source: EthicalHacker - Posted by Benjamin D. Thomas
It's as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you're vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there's a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software. Companion CD contains full source code for one testing tool you can modify and extend, free Web security testing tools, and complete code from a flawed Web site designed to give you hands-on practice in identifying security holes. This chapter contains a series of attacks dealing with the concept of state, or the ability to remember information as a user travels from page to page within a site.
