LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How would you rate the importance of default settings in security?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Security Week: July 8th, 2008
Linux Advisory Watch: July 4th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Security Projects
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



OSSEC HIDS v0.9-3 Available  20 October 2006 
Source: Daniel Cid - Posted by Benjamin D. Thomas   
OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows.

This new release comes with multiple features, including support for Modsecurity logs, MS exchange, MS FTPD and Windows firewall logs. It also includes a port to HP-UX and numerous bug fixes and new features.

Write Comment

 
Application Error Handling: How to Avoid Death by a Thousand Cuts  05 October 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
When an application error occurs, whether due to user input or an internal function, we as conscientious developers want to present an error message that will help the end user correct the problem. However, it is possible to be too helpful with your error handling approach. By providing overly detailed application error messages to your users, you can actually be opening your site to hackers. Hackers spend the majority of their time performing reconnaissance on a site, slowly gathering multiple pieces of information to determine how a site is vulnerable. Sometimes, it is a seemingly innocuous piece of information in an application error message that provides an attacker with the last piece of the puzzle necessary for him to launch a devastating attack.

Write Comment

 
Scalable anonymity with I2P  18 September 2006 
Source: Linux.com - Posted by Vincenzo Ciaglia   
The Invisible Internet Project (I2P) is a work in progress whose aim is to provide a secure version of the IP protocol that addresses threats common to the standard TCP/IP networking infrastructure -- most importantly, the effortless identification and tracking of participating peers. In I2P, each participating peer keeps a secret pool of inbound, or data-receiving, and outbound, or data-transmitting, tunnels it chooses itself. A tunnel consists of a configurable number of routers in sequence, where longer tunnels mean more anonymity, at the expense of performance.

Write Comment

 
Red Hat, NIST Plan Software Vulnerability Database  08 September 2006 
Source: Linux Insider - Posted by Administrator   
Red Hat is developing a new software vulnerability database with the National Institute of Standards and Technology (NIST). The database will give vendors of both open source and proprietary software a place to post official statements and security related information pertaining to their own projects and products.

Write Comment

 
Machine learning used to block SQL injection hacks  29 August 2006 
Source: Computer Weekly - Posted by Efren J. Belizario   
UK company Secerno has devised an innovative way to detect when a database is being attacked using the SQL (Structured Query Language) injection hacking technique.

Write Comment

 
Password Safe  22 August 2006 
Source: PasswordSafe - Posted by Benjamin D. Thomas   
Password Safe is an Open Source (free) tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP). An older (but fully functional) version is available for PocketPC. Linux/Unix clones that use the same database format have also been written.

Originally created by Bruce Schneier's Counterpane Labs, Password Safe has opened it's source. Currently, the PasswordSafe Open Source project is being administered by Rony Shapiro (GPG key FA175557 fingerprint FF77 379D D46D DAA6 6182 B452 1D79 5A91 FA17 5557). The first maintainer of the Open Source versions of PasswordSafe was Jim Russell.

Write Comment

 
Whitebox Security Testing Using Code Scanning  16 August 2006 
Source: Dr. Dobbs Journal - Posted by Eric Lubow   
Whitebox testing is notoriously difficult to do. Without automatic code scanning tools, scanning the source code requires a keen eye, concentration and an enormous amount of time to scan each line for security vulnerabilities. As intruders become more sophisticated at finding security vulnerabilities and writing exploitative code, it becomes more necessary to take every precaution before shipping software.These precautions can range from security training throughout the security development lifecycle (SDLC) to using tools such as source code scanners and vulnerability scanners.

Write Comment

 
Dynamic linking in Linux and Windows, part one  15 August 2006 
Source: SecurityFocus.com - Posted by Eric Lubow   
This article discusses the shared libraries concept in both Windows and Linux, and offers a walk-through through various data structures to explain how dynamic linking is done in these operating systems. The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior cursory knowledge with dynamic linking. Part one introduces the concepts for both Linux and Windows, but will focus primarily on Linux. Next time in part two, we'll discuss how it works in Windows and then continue to compare the two environments.

Write Comment

 
Linux Netwosix: Goodbye, Netwosix  10 August 2006 
Source: LinuxToday - Posted by Carney Mimms   
"Linux Netwosix was originally created with the goal of providing a security environment for building and creating new security-related solutions. With the passing of time I realized that the project has failed to achieve its goals within 3 years of hard work. This, among many reasons, is the most important because I never received help from anyone. Regardless of the fact that Netwosix has been downloaded by more than 60,000 users all around the world, I'm here to announce the shutting down of my dear project. Day after day I understand that I can't create a 'valid security-oriented product' alone..."

Write Comment

 
Developing and Implementing an Operating Systems Security course with Labs  10 August 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
A core component of any curriculum in modern information security is the security of the operating systems that reside on the workstations and servers of a network. Effective information security depends on addressing all facets of how information is stored, moved, and modified. Since the operating system of a computer is the primary means of implementing the security of the information on that computer, it must be configured to minimize the risks of losing or compromising the data being processed.

Write Comment

 
<< Start < Prev 4 5 6 Next > End >>

Results 31 - 40 of 316
    
Partner:

 

Latest Features
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
HowTo: Secure your Ubuntu Apache Web Server
Yesterday's Edition
TrueCrypt 6.0: Better Software for the Paranoid
Unpatched Web Browsers Prevalent on the Internet

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.