Last week was the RSA Conference, easily the largest information security conference in the world. More than 17,000 people descended on San Francisco's Moscone Center to hear some of the more than 250 talks, attend I-didn't-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff.
Talk to the exhibitors, though, and the most common complaint is that the attendees aren't buying.
Schneier makes an interesting comparison of anti-lock brakes to security products near the end of the article that sheds new light on how the security industry is evolving. Do you feel this is for better or worse?
Source: EnGarde Secure Linux Developers - Posted by Ryan W. Maple
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Source: MSPmentor.net - Posted by Eckie Silapaswang
Ubuntu, the fastest-growing version of Linux, is starting to attract interest from the managed services industry. One prime example: Untangle, which develops security solutions for managed service providers, is preparing to add support for Ubuntu within the next few months, MSPmentor has learned.
As you can tell by the rise of popularity in Linux distributions such as Ubuntu, managed service providers pay more attention due to the advantages of open source such as fair pricing and overall community. Untangle focuses on its network gateway - what other distros or MSPs have you heard about which leverages Linux?
Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.
Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.
Interesting article over at InfoWorld on the security implications of virtualization:
Almost any IT department worth its salt is deploying virtualization technology today to reduce power usage, make server and OS deployments more flexible, and better use storage and systems resources. But as virtualization technology gains in popularity, it may bring with it new risks, said Don Simard, the commercial solutions director at the U.S. National Security Agency, the electronic intelligence and cryptographic agency once so secret its very existence was a secret. At the same time, virtualization technology may bring new protections, he noted.
There are a lot of people "drinking the Kool-AidŽ" when it comes to virtualization, and there is almost no mention of security in contrast with its obvious benefits. Do the Open Source KVM and/or Xen implementations have an advantage in this discussion? What do you think?
OpenLiberty-J is based on J2SE, and open source XML, SAML, and web services libraries from the Apache Software Foundation and Internet2, including OpenSAML, a product of the Internet2 Shibboleth project. The library implements the Liberty Advanced Client functionality of Liberty Web Services standards
This company provides a development architecture explicitly focusing on the deployment of secure practices for Web 2.0 Applications and development. Is this the best way to leverage web service security?
SSH Communications is a focused provider for all types of, you guessed it, SSH corporate services. It's rare to see such a focus, but their new release of their Tectia product suite provides and interesting take on how companies could package this functionality:
SSH Tectia Manager 6.0 can centrally deploy, configure, update and audit the SSH Tectia environment from a central location. Benefits of SSH Tectia version 6.0:
Improved SSH Tectia Client for Windows - supports transparent TCP Tunneling and automatic tunneling, in addition to the traditional Secure Shell port forwarding, making the product the ideal choice for securing virtually any TCP/IP application without modifications to applications or existing network infrastructure, saving time and valuable IT resources.
Ease-of-implementation - improved installation and self-configuration options, provide cost-saving fast and easy ways to replace FTP and other unsecure protocols with secure alternatives, and help meet regulatory compliance deadlines.
Source: http://www.packtpub.com - Posted by Ryan W. Maple
This question is often asked - what do platforms that focus solely on security bring to the table? According to this interview with Guardian Digital by Packt Publishing, they bring quite a lot. The company develops EnGarde Secure Linux, and answers these questions and more on what makes all security platforms valuable and why is a great example
Many popular distributions, community-oriented and otherwise, take security very seriously. They have dedicated security teams that go over individual packages before they're rolled into a final release. To make sure you don't have any loose ends, these distributions and many other individual Open Source projects also publish an endless stream of security advisories and updates. Add to this security mechanisms like SELinux, AppArmor, and the upcoming TOMOYO Linux, and SMACK, and you know they mean business. So what room does this leave for specialist security distros?
Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.
The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.
Of course, the issue is affecting certain add-ons, and it's likely it can be dealt with soon, or averted. The add-ons that are affected include Download Statusbar or Greasemonkey, becuase they store scripts in such a way that they could be found on the hard drive.
Announced today, the Apache HTTP Server Project has new versions for 1.3.41, 2.0.63 and 2.2.8. 9 updates have been included and show that the project fixed some big bugs for these specific projects. Among some of the major fixes included those to mod_status and mod_proxy.
