LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: November 21st, 2008
Linux Security Week: November 17th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Network Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Drupal 6.3 and 5.8 Released, Fixing Security Issues  10 July 2008 
Source: tuxmachines - Posted by Bill Keys   
Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases, but we fixed some notable performance issues too. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement, more information on the 5.x releases can be found in Drupal 5.0 release announcement. If you use Drupal it's strongly recommenced that you update it to the latest version.

Write Comment

 
Major fix to DNS Vulnerability Impacts Debian  09 July 2008 
Source: Betanews - Posted by Bill Keys   
A very serious flaw in the Internet's DNS servers may have been ripe for a significant exploit, though a familiar security researcher might have sounded the alarm just in time. Now, Microsoft and Linux vendors are responding urgently. In what appears to be a coordinated effort to fix a well known, though still potentially critical vulnerability to the Domain Name System (DNS) protocol, patches are being deployed today for both Windows and Linux, by both Microsoft and Debian, respectively. These patches would enable a long suggested protocol for validating the source of DNS requests. This is definitely an patch that every DNS server should do updates for. Do you think we are going to see DNS servers being attacked in the coming days?

Write Comment (3 Comments)

 
Unpatched Web Browsers Prevalent on the Internet  08 July 2008 
Source: Linux World - Posted by Bill Keys   
Only 59.1% of people use up-to-date, fully patched Web browsers, putting the remainder at risk from growing threats from diligent hackers, according to a new study published by researchers in Switzerland. The study, published Tuesday, is one of the most comprehensive analyses of what versions of Web browsers people are using on the Internet. The study was conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM Internet Security Services. It really does not surprise me that only 59.1% of user's browsers are up-to-date. But, what do you think is causing this? Are user's not taking updating their machines seriously?

Write Comment

 
Who Is Running the Most Secure Browser?  07 July 2008 
Source: eWeek - Posted by Bill Keys   
Many users are undoubtedly not updating their browsers as quickly as they should, but you can't conclude any specifics about that from the recent study of Google logs. The researchers who published a large study of Web browser security this week had a great idea and excellent data to work with. Too bad they overreached with their conclusions. A lot more is being made of this paper than is warranted. What do you think is the most secure browser? This article looks at a study that tries to answer this question.

Write Comment

 
Web Application Security: Input Validation  01 July 2008 
Source: lxer.com - Posted by Bill Keys   
In this installment, I will cite an example of automated email code designed for another purpose. Nonetheless, I see it is a critical step to confirm the validity of the form's input. Moreover, unless and until I have received the expected human confirmation, that input is left in limbo [1.]. This is another means to prevent spurious, but uncaught data inputs. Thus, this limited human energy expenditure is a high return investment. This article looks at the important security practice of web application input validation. Every time you take input from your web application check needs to be executed before your software does anything to that data. Do you have any tips for checking your user's input data for malicious data?

Write Comment

 
Fight Phishing From The Unix Or Linux Command Line  30 June 2008 
Source: linuxshellaccount - Posted by Bill Keys   
This weekend, we're going to look at a little something (actually a HUGE something) that we all seem to have to deal with now (through email, IM, etc). It's called phishing and, for lack of a better explanation, it's a fraudulent way for a malicious individual, or group, to get username and password information from you using deceptive practices (was that redundant? ;) It's most commonly used to get information regarding a person's online bank accounts, credit card/mortgage management information, etc. In other words, stuff that could really screw up their lives if someone else had it. Phishing attacks are all too common, this article looks at tips to help combat this type of attack.

Write Comment

 
Intrusion Detection For PHP Applications With PHPIDS  26 June 2008 
Source: HowToForge - Posted by Bill Keys   
This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. Have you ever hear of the web application called "PHPIDS"? According to the article it helps make your php web applications more secure, what do you think?

Write Comment

 
Pinging And Checking Port Status With Perl CGI On Linux And Unix  18 June 2008 
Source: Linux Shell Account - Posted by Bill Keys   
This script closely echoes previous scripts we put out to check on web server status and check on network server port-health insofar as the end result is concerned. It should run fairly simply, too (you'll probably just need to change the target host, target port and, possibly, the location of the ping command, and its arguments, to suit your taste - or have those all fed to the script from the command line using the @ARGV array): Knowing the status of open ports on your computer is a good basic secure habit all Linux users should do. I use Nmap for all my port scanning needs but I found this simple port scanning script to be something to learn from. Have you wrote any good simple scripts to help your machines security?

Write Comment

 
A Comprehensive Guide to Nmap with Screenshots  10 June 2008 
Source: linuxhaxor - Posted by Bill Keys   
Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. This article is a quick user's guide to Nmap. I use this tool all the time it's a good easy to use tool for testing what services and ports are open.

Write Comment

 
Distributing New SSH Keys Using Rsh On Linux And Unix  09 June 2008 
Source: linuxshellaccount - Posted by Bill Keys   
Today we're going to grind through our "Lazy Sunday" post with a quick script to update SSH keys network-wide, by using rsh (the less secure of the two protocols). Once you've accomplished this (or have already accomplished this) and are happy with your network's SSH setup, I'd suggest disabling rsh altogether. Then you can move on to quickly setting up your SSH keys all over the network, focus on maintaining the integrity of your sessions, if you have issues with that, and even setting simple SCP routines to help keep your network easy to manage. This article looks at how you can update your SSH Keys on your network with a simple script.

Write Comment

 
<< Start < Prev 4 5 6 Next > End >>

Results 41 - 50 of 1522
    
Partner:

 

Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Yesterday's Edition
Plaintext Recovery Attack Against SSH

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.