LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: June 29th, 2009
Linux Advisory Watch: June 26th, 2009
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Network Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown  02 July 2009 
Source: Dark Reading - Posted by anthony   
Reformed black-hat hacker Michael Calce, better known as the 15-year-old "mafiaboy" who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay, says widespread adoption of cloud computing is going to make the Internet only more of a hacker haven.

"It will be the fall of the Internet as we know it," Calce said today during a Lumension Security-sponsored Webcast event. "You're basically putting everything in one little sandbox...it's going to be a lot more easy to access," he added, noting that cloud computing will be "extremely dangerous."

Write Comment

 
Kaminsky interview: DNSSEC addresses cross-organizational trust and security  26 June 2009 
Source: Search Security - Posted by anthony   
Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System (DNS). Kaminsky revealed during last year's Black Hat Briefings a technique that made it relatively easy to exploit the bug and enable an attacker to redirect website requests to malicious sites. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services.

Write Comment

 
DNSSEC Showing More Signs Of Progress  23 June 2009 
Source: Dark Reading - Posted by Administrator   
The Domain Name System (DNS) security protocol is finally making inroads on the Internet infrastructure front, but big hurdles remain for widespread, smooth adoption. It has been more than 15 years in the making, but DNSSEC is finally gaining some traction: The .gov and .org top-level domains have begun to adopt the Domain Name Service (DNS) security protocol, and during the past few days, some commercial activity was associated with it.

Write Comment

 
Wireshark 1.2.0 released  17 June 2009 
Posted by Administrator   
Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

Write Comment

 
New DOS attacks threaten wireless data networks  10 June 2009 
Source: Network World - Posted by Dave Wreski   
Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks.

The latest wireless network threats were outlined in a talk here Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York.

Write Comment

 
Clickjacking: Hijacking clicks on the Internet  25 May 2009 
Source: CNET - Posted by anthony   
Read on for info on this new security vulnerability, and learn exactly how it works. Lots of people seem to have an opinion on this article at CNET. Do you see this vulnerability as being a big problem for you?

"Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site."

The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly.

Write Comment

 
Hardened OS Vendor Builds Secure Virtual Layer For Network Devices  22 May 2009 
Posted by anthony   
Nice article from a press release at Interop. What kind of virtualization security does Linux have, and how does it compare? What steps do people take to secure their virtual servers?

Ultrasecure operating system maker Green Hills Software is quietly providing some major network equipment manufacturers with an extra layer of security for its devices.

Green Hills, which last fall released a commercial version of its hardened Integrity-178B operating system used in military fighter planes, is now leveraging that technology for the network, as well. Company officials here revealed they have built a secure virtualization platform for networking equipment based on a combination of the company's secure OS virtualization and networking technologies.

Write Comment

 
Press Release: ISC Starts Development Work on BIND 10  22 April 2009 
Source: Peter_Losher@isc.org - Posted by Dave Wreski   
Internet Systems Consortium (ISC), with the support of industry leading sponsors, today reveals plans for BIND 10, the next leap forward in DNS server software. BIND 10 is being designed to serve the needs of today’s dynamic and growing Internet-dependent businesses. The design goals are simple: a secure, flexible, resilient DNS server that integrates easily into the workflow and maintenance of the complex networks organizations demand.

Write Comment

 
MD5 - The Internet has a Major Problem  05 January 2009 
Source: ITWire - Posted by Bill Keys   
Firstly, allow me to recap. A couple of days ago, I reported a presentation at the Chaos Computer Club conference in Berlin which outlined a major problem with the way Certificate Authorities handle message hashing, essentially this attack relied on well-known problems with the MD5 hash algorithm. Problems based on hash collisions, which were previously considered to be theoretical having been discovered in 2004, were now well-lodged within the domain of reality. Have you heard about the news about the reported problem with how Certificate Authorities are handling message hashing? Read on for more information on some security issues with the current Certificate Authorities.

Write Comment

 
Helping Protect Cookies With HTTPOnly Flag  29 December 2008 
Source: modsecurity - Posted by Bill Keys   
The bottom line is this - while this cookie option flag does absolutely nothing to prevent XSS attacks, it does significanly help to prevent the #1 XSS attack goal which is stealing SessionIDs. While HTTPOnly is not a "silver bullet" by any means, the potential ROI of implement it is quite large. Notice I said "potential" as in order to provide the intended protections, two key players have to work together. This article looks at one way you can make your Web cookies more secure by using the Apache's extension called modsecurity. If you are interested in this please read on for more information and how you set this up on your own Apache web server.

Write Comment (2 Comments)

 
<< Start < Prev 1 2 3 Next > End >>

Results 1 - 10 of 1540
    
Partner:

 

Latest Features
Review: Googling Security: How Much Does Google Know About You
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Yesterday's Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital
  Home Security Systems, Surveillance Cameras

(c)Copyright 2009 Guardian Digital, Inc. All rights reserved.