LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 6th, 2009
Linux Security Week: June 29th, 2009
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Security Projects
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Hacker attack techniques and tactics: Understanding hacking strategies  02 July 2009 
Source: Search Security - Posted by anthony   
This tutorial on hacker attack techniques and tactics will provide insight inside the mind of a hacker and help you to understand a malicious attacker's motives. You will receive advice on how hackers target specific information and what polices and procedures every organization should have in place to protect sensitive data.

Write Comment

 
Blog Security Stats - Taking almost 2k blogs to a security  09 June 2009 
Source: sucuri.net - Posted by Administrator   
Sucuri submitted a great research document they created that details the security of random blogs on the Internet for their attention to security factors.

Research to determine if bloggers are taking the security of their sites seriously. We randomly selected 1747 blogs from the blog catalog and scanned them to see how secure they are... The results are interesting... Check it out. It is indeed very interesting. I'd like to hear more from this security team in the future.

Write Comment

 
Virtualisation and security – the two-edged sword  09 June 2009 
Source: Freeform Computing - Posted by anthony   
All new innovations in IT are a double-edged sword – with the benefits come challenges and unintended consequences. Not least server virtualisation, which does have a number of security advantages over running software directly on servers. While it’s worth considering these, it’s also worth weighing them up against the challenges, particularly given the relative immaturity of the technology.

Write Comment

 
No Reboot Required  20 May 2009 
Source: Technology Review - Posted by anthony   
This article talks about Ksplice, a program developed by an MIT grad student to perform security updates on a Linux server without having to reboot it:

The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute's $100K Entrepreneurship Competition.

Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system--which is commonly used to control server machines--although Daher says that the technology could work on other operating systems too.

In my experience, it's not necessary to reboot a Linux server unless you're doing a kernel update or some change to a filesystem. Do you see any purpose for this?

Write Comment (1 Comments)

 
Cloud Security: Danger (and Opportunity) Ahead  19 May 2009 
Source: CIO - Posted by Dave Wreski   
Have you thought about the security implications of cloud computing? This article explains the cloud, and talks extensively about what the author proposes be done to address the security issues. The dramatic change in the rate of adoption and the amount of discussion taking place regarding cloud computing demands that this technology, or rather a set of related technologies, continue to evolve utilizing a security-sensitive design.

Write Comment

 
Software Problems with a Breath Alcohol Detector  14 May 2009 
Posted by anthony   
This is an excellent lesson in the security problems inherent in trusting proprietary software:

After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc.

Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible.

Write Comment

 
The Rocky Road To More Secure Code  06 May 2009 
Source: DarkReading - Posted by Dave Wreski   
I thought a national discussion about secure programming was important, despite that it's not specifically about open source.

Homeland Security's Build Security In, Microsoft's Software Development Lifecycle (SDLC), BSIMM, and now OpenSAMM: Secure application development programs are spreading amid calls for more secure code.

The practice of writing applications from the ground up with security in mind remains in its infancy, even with software giant Microsoft leading the charge by sharing its internal Software Development Lifecycle framework in the form of free models and tools for third-party application developers and customers in the spirit of promoting more secure software.

Write Comment

 
Open Source Metrics On Tap For Security Patch Management  23 April 2009 
Posted by Dave Wreski   
Securosis, Microsoft team up to solicit input for building a metrics model that measures efficiency and costs of security patching. Security consulting firm Securosis is spearheading a new effort to create metrics to quantify the cost and efficiency of an organization's security patching process.

Write Comment

 
New Version of Nmap Remotely Detects Conficker  03 April 2009 
Source: Nmap Team - Posted by Ryan W. Maple   
The Nmap team has released an updated version that lets you remotely scan for machines Conficker-infected machines: Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the download page, including official binaries for Windows and Mac OS X.

Write Comment

 
OpenSSL 1.0.0 beta 1 Released!  01 April 2009 
Source: OpenSSL Team - Posted by Ryan W. Maple   
After many, many years of 0.9 status, the OpenSSL team has finally released a beta of version 1.0 of their software: Please download and test them as soon as possible. This new OpenSSL version incorporates 107 documented changes and bugfixes to the toolkit. Click-through to read the rest of the announcement!

Write Comment (2 Comments)

 
<< Start < Prev 1 2 3 Next > End >>

Results 1 - 10 of 338
    
Partner:

 

Latest Features
Review: Googling Security: How Much Does Google Know About You
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Weekend Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital
  Home Security Systems, Surveillance Cameras

(c)Copyright 2009 Guardian Digital, Inc. All rights reserved.