Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Host Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Password hole in GRUB boot loader closed  10 November 2009 
Source: H Security - Posted by Anthony Pell   
The new version of the GNU GRUB boot loader, 1.97.1, closes a security hole in the previous version, 1.97, which allowed passwords be easily circumvented. The password protection is available in GRUB to prevent unauthorised modification of the boot parameters. A programming error in the feature lead to passwords being accepted as valid even if only the first character of the entered password was correct.
Bug in latest Linux gives untrusted users root access  03 November 2009 
Source: The Register - Posted by Alex   
A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system. The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable.
Caution advised when using the ldd system tool  27 October 2009 
Source: H Security - Posted by Anthony Pell   
Bugs in system utilities are not usually particularly interesting from a security point of view, but if the utility is regularly used to obtain information on suspect programs, it's a rather different story.
Ubuntuís Encrypted Home Directory: A Canonical Approach to Data Privacy  23 October 2009 
Source: Linux Magazine - Posted by Anthony Pell   
A friend recently quizzed me about the Encrypted Home Directory feature in Ubuntu, but unfortunately his questions were not due simply to his naturally inquisitive nature.
Linux Security Notes - AIDE File Integrity  22 October 2009 
Source: HOWTO Forge - Posted by Anthony Pell   
AIDE (Advanced Intrusion Detection Enviornment) is a tool to check the file integrity. It is an opensource substitute for TRIPWIRE. It allows to take snapshots of all the major configuration files, binaries as well as libraries stats. And helps to find which binaries have been changed in case of compromisation of the system. This can be downloaded from
The lifecycle of Web-based malware  01 September 2009 
Source: - Posted by Benjamin D. Thomas   
HelpNetSecurity writes, "According to the August edition of the MessageLabs Intelligence monthly report, it can be a costly exercise for the bad guys to produce new families of malware in order to maintain their criminal activity at sufficient levels. Registering new domains is much more economical for them, and by spreading the malware across as many different websites and domains as possible, the longevity of each new malware is increased."
Monitor your system for threats with rsec alerts  24 August 2009 
Source: TechRepublic - Posted by Anthony Pell   
Vincent Danen gives an overview of the monitoring and reporting tool rsec, which can help you keep a close eye on your systemís security without having to pore over log files. Mandriva has long had their security tool called msec. Love it or hate it, it has been an integral part of all Mandriva Linux versions for years.
Hacking The Handshake Between Applications  23 July 2009 
Source: Dark Reading - Posted by Anthony Pell   
Researchers to shed light on a new generation of attacks that exploit the relationship between browsers and their plug-ins -- or between any applications that share information -- and take over a victim's computer.

A little-known class of vulnerabilities can be used to hack the trust between browsers and their plug-ins, as well as other applications, according to new research on tap at Black Hat USA next week in Las Vegas.

Linux exploit gets around security barrier  20 July 2009 
Source: CNET - Posted by Administrator   
A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list. According to the researcher, the code exploits a vulnerability in Linux version 2.6.30, and 2.6.18, and affects both 32-bit and 64-bit versions. The 2.6.18 kernel is used in Red Hat Enterprise Linux 5.

Killing Virii with Gentoo and Kaspersky  21 May 2009 
Source: FOSS Boss - Posted by Anthony Pell   
This article talks about a rescue Live Linux CDROM that boots into a Kaspersky antivirus scanner for infected Windows machines. Neat article.

Now this Live CD is absolutely cool, it's a customized build of Gentoo linux (w00t!) that automagically detected the hardware, connected to the network, started an X server, launched a customized icewm environment with Kaspersky's "K" logo as the "start" button down below. I was impressed, and through that GUI I could launch Kaspersky's AntiVirus tool.

The first thing it did was to auto-update itself over the internet. Most definitely needed. Afterwards it located and mounted all Windows NTFS partitions, and I was presented with options to scan them. I chose to scan the c: drive. Scan has begun, the scan tool sports a nice looking GUI, although it can be a bit confusing. Anyway scanning has started churning on the hard-disk. It was a bit slow, took around 3 hours for a 100G c: drive!

<< Start < Prev 7 8 9 Next > End >>

Results 61 - 70 of 816


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.