Large companies are valuable targets for cyber criminals, but what about the small fry? Software security firm McAfee took a gauge of opinions, finding that some small and medium-size businesses don't seem that concerned about potential hacks. At least that's what its recent survey suggested.
Are not enough small companies taking computer security seriously? Do you think Linux can be a solution to these companies security needs? This article studies the role of computer security in small companies.
Source: Network World - Posted by Eckie Silapaswang
SpamAssassin, popular open source spam-filtering software, will have deadlier aim thanks to an add-on tool that is being offered free of charge to small businesses and individuals by MailChannels.
The tool -- called Traffic Control 3 -- is an e-mail traffic-shaping package that slows down the transmission of spam into corporate e-mail systems. (Compare Messaging Security products.) MailChannels officials say Traffic Control 3 will reduce spam volumes by 50% to 75% for SpamAssassin users.
Traffic Control 3 uses a tarpitting technique that greatly reduces the speed at which spam can be transmitted to its target, hitting spammers at their one great vulnerability - their pockets. Reduced speed means less money, and spammers just aren't willing to make the compromise. What have you heard about Traffic Control 3 - anyone else know any good open source spam tar pits?
Last week was the RSA Conference, easily the largest information security conference in the world. More than 17,000 people descended on San Francisco's Moscone Center to hear some of the more than 250 talks, attend I-didn't-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff.
Talk to the exhibitors, though, and the most common complaint is that the attendees aren't buying.
Schneier makes an interesting comparison of anti-lock brakes to security products near the end of the article that sheds new light on how the security industry is evolving. Do you feel this is for better or worse?
Source: EnGarde Secure Linux Developers - Posted by Ryan W. Maple
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Source: MSPmentor.net - Posted by Eckie Silapaswang
Ubuntu, the fastest-growing version of Linux, is starting to attract interest from the managed services industry. One prime example: Untangle, which develops security solutions for managed service providers, is preparing to add support for Ubuntu within the next few months, MSPmentor has learned.
As you can tell by the rise of popularity in Linux distributions such as Ubuntu, managed service providers pay more attention due to the advantages of open source such as fair pricing and overall community. Untangle focuses on its network gateway - what other distros or MSPs have you heard about which leverages Linux?
Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.
Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.
Interesting article over at InfoWorld on the security implications of virtualization:
Almost any IT department worth its salt is deploying virtualization technology today to reduce power usage, make server and OS deployments more flexible, and better use storage and systems resources. But as virtualization technology gains in popularity, it may bring with it new risks, said Don Simard, the commercial solutions director at the U.S. National Security Agency, the electronic intelligence and cryptographic agency once so secret its very existence was a secret. At the same time, virtualization technology may bring new protections, he noted.
There are a lot of people "drinking the Kool-AidŽ" when it comes to virtualization, and there is almost no mention of security in contrast with its obvious benefits. Do the Open Source KVM and/or Xen implementations have an advantage in this discussion? What do you think?
OpenLiberty-J is based on J2SE, and open source XML, SAML, and web services libraries from the Apache Software Foundation and Internet2, including OpenSAML, a product of the Internet2 Shibboleth project. The library implements the Liberty Advanced Client functionality of Liberty Web Services standards
This company provides a development architecture explicitly focusing on the deployment of secure practices for Web 2.0 Applications and development. Is this the best way to leverage web service security?
SSH Communications is a focused provider for all types of, you guessed it, SSH corporate services. It's rare to see such a focus, but their new release of their Tectia product suite provides and interesting take on how companies could package this functionality:
SSH Tectia Manager 6.0 can centrally deploy, configure, update and audit the SSH Tectia environment from a central location. Benefits of SSH Tectia version 6.0:
Improved SSH Tectia Client for Windows - supports transparent TCP Tunneling and automatic tunneling, in addition to the traditional Secure Shell port forwarding, making the product the ideal choice for securing virtually any TCP/IP application without modifications to applications or existing network infrastructure, saving time and valuable IT resources.
Ease-of-implementation - improved installation and self-configuration options, provide cost-saving fast and easy ways to replace FTP and other unsecure protocols with secure alternatives, and help meet regulatory compliance deadlines.
Source: http://www.packtpub.com - Posted by Ryan W. Maple
This question is often asked - what do platforms that focus solely on security bring to the table? According to this interview with Guardian Digital by Packt Publishing, they bring quite a lot. The company develops EnGarde Secure Linux, and answers these questions and more on what makes all security platforms valuable and why is a great example
Many popular distributions, community-oriented and otherwise, take security very seriously. They have dedicated security teams that go over individual packages before they're rolled into a final release. To make sure you don't have any loose ends, these distributions and many other individual Open Source projects also publish an endless stream of security advisories and updates. Add to this security mechanisms like SELinux, AppArmor, and the upcoming TOMOYO Linux, and SMACK, and you know they mean business. So what room does this leave for specialist security distros?
