LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: November 21st, 2008
Linux Security Week: November 17th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Server Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Not Much Resistance at the Door  15 December 2006 
Source: Dark Reading - Posted by Eric Lubow   
Websites are as vulnerable as ever, according to a survey of Web application security professionals who test sites for security holes. The survey, conducted by researcher Jeremiah Grossman on his blogsite, polled more than 60 security pros, 63 percent who work for vendors or consultants, 23 percent for enterprises, 5 percent for government, and 10 percent for other types of organizations. These are the guys in the trenches who hammer on Websites regularly -- 53 percent said all or almost all of their job is dedicated to Web app security (versus development, general security, and incident response); 28 percent said about half; and 20 percent said "some."

Write Comment

 
Making a distribution secure  08 December 2006 
Source: Linux.com - Posted by Benjamin D. Thomas   
There's no dearth of Linux distributions to choose from. With so many to choose from, one might think it's as easy as picking up the Linux kernel, throwing in a few applications, setting up respositories, making ISOs and you've got a shiny new Linux distro. Well, there's more to a Linux distro than assembling applications and making sure everything works. A lot of time and effort, at least for major distros, is spent on making the distribution secure and getting updates out in a timely fashion.

To start with, all major distributions have security teams that collaborate with the main release team to ensure no vulnerable packages make their way into the final release. For example, Chris Gianelloni, release engineering strategic lead of Gentoo says that the release engineering team works with Gentoo's security team and individual architecture teams to make sure Gentoo doesn't have security vulnerabilities when Gentoo is released.

Write Comment

 
Snake Bytes: XSS Rx  06 December 2006 
Source: Dark Reading - Posted by Eric Lubow   
There are two philosophies in which to protect against cross-site scripting (XSS) attacks: input encoding and output encoding. Input encoding means that the application takes whatever the user gives it and then encodes it so that when the information is outputted it has already been sanitized. Output encoding means that the application takes whatever data is given to it in whatever form it takes and stores it. Once it is ready for output it is sanitized before being shown to the user. I've heard people say that output encoding is the right way to deal with HTML injection and XSS attacks as well. There's one concept I haven't bought off on personally. Let's take an example where you have a single input, which is your name.

Write Comment

 
Locking Down Ubuntu  05 December 2006 
Source: Linux Forums - Posted by Eric Lubow   
Security is an important issue in computing. Unfortunately, many computers allow a cracker to gain access to them and retrieve sensitive information, or just make life hard. This article will review the basics in general security and explain how to apply it to two Linux distributions--Ubuntu and Kubuntu. This article assumes that you know how to install programs on either Ubuntu or Kubuntu. It also assumes that you have some knowledge of basic computer networking principles. If you do not know how to install programs on Ubuntu, go tohttps://help.ubuntu.com/community/InstallingSoftware. If you do not know much about networking, go to http://www.faqs.org/docs/linux_network/x-087-2-intro.html. This article also assumes that you are using Ubuntu or Kubuntu 6.06(Dapper Drake), but the Firewall section can be adapted for any recent Linux distribution.

Write Comment

 
DNS Security and Threat Mitigation: An Overview of Domain Name System Threats and Strategies for Sec  01 December 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
The Internet is a seemingly limitless source of information. It provides the power of collective knowledge and information to a vast array of users who access innumerable resources for countless reasons. These resources are typically accessed by using a human readable name designed to be easily remembered, thus increasing the usability of the resource. These human readable names, as the very term implies, are for the sake of the human users. Network devices, however, find each other by using a number, referred to as IP (Internet Protocol) addresses. The Domain Name System is the service that maps the human readable names to device specific IP addresses creating the user friendly nature of networked systems.

Write Comment

 
Establish more effective security capabilities with OpenSSH  30 November 2006 
Source: Builder AU - Posted by Benjamin D. Thomas   
Longtime Linux admins know that SSH, the "Secure Shell" protocol, is one of the most handy and potentially critical utilities in their software toolbox. Using multiple terminal emulators in an X Windows environment on a workstation, or via the Screen utility, a sysadmin for Linux or other Unix-based OS servers can manage several systems simultaneously with ease. Network administration shell or Perl scripts can make use of SSH to perform automated tasks on multiple servers at once simply and securely.

Network shell utilities like RSH have been around longer than SSH, of course. But SSH adds strong encryption and data compression to its functionality and most modern SSH implementations also provide SFTP and SCP in the same convenient package, for secure file transfers over the network.

Write Comment

 
BT to make DDoS mitigation affordable  28 November 2006 
Source: PCPro.co.uk - Posted by Benjamin D. Thomas   
SPs could provide the answer to combatting DDoS attacks according to BT, providing customers with DDoS mitigation at a price far cheaper than buying it in directly.

According to Mick Creane, Head of Managed Security Strategy at BT, ISPs are in a unique position to be able to make DDoS mitigation affordable for its customers, and it's something BT is already considering. 'We're looking at technology in the core of our network that would direct traffic through a "scrubbing centre". This terminates requests, checks if they are valid and if they are not, drops them. Where they are valid, they are forwarded to the original destination,' said Creane. 'It's expensive, but with BT you have economies of scale. So we would divert traffic as necessary [rather than route everything through the "scrubbing centre"].'

Write Comment

 
Vulnerability Scanning Web 2.0 Client-Side Components  27 November 2006 
Source: SecurityFocus.com - Posted by Eric Lubow   
Web 2.0 applications are a combination of several technologies such as Asynchronous JavaScript and XML (AJAX), Flash, JavaScript Object Notation (JSON), Simple Object Access Protocol (SOAP), Representational State Transfer (REST). All these technologies, along with cross-domain information access, contribute to the complexity of the application. We are seeing a shift towards empowerment of an end-user's browser by loading libraries. All these changes mean new scanning challenges for tools and professionals.

Write Comment

 
Top 10 Web 2.0 Attack Vectors  24 November 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
Web 2.0 is the novel term coined for new generation Web applications. start.com, Google maps, Writely and MySpace.com are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself. XML is making a significant impact at both presentation and transport (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice.

Write Comment

 
Beginners Guide To .htaccess Files With Examples  21 November 2006 
Source: BlogHash - Posted by Eric Lubow   
.htaccess files provides us with ways to make configuration changes on a per-directory basis. This file works well in Apache Web Server and on Linux/Unix. Also, it works on Windows based system with Apache Web server. There are several things that developers, site owners and webmasters can do by using .htaccess file. Let’s look at some of them: Prevent directory browsing, Redirect visitors from one page or directory to another, Password protection for directories, Change the default index page of a directory, Prevent hot-linking of images from your website.

Write Comment

 
<< Start < Prev 4 5 6 Next > End >>

Results 41 - 50 of 751
    
Partner:

 

Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Yesterday's Edition
Plaintext Recovery Attack Against SSH

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.