Source: Computer Weekly - Posted by Efren J. Belizario
UK company Secerno has devised an innovative way to detect when a database is being attacked using the SQL (Structured Query Language) injection hacking technique.
Source: PasswordSafe - Posted by Benjamin D. Thomas
Password Safe is an Open Source (free) tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP). An older (but fully functional) version is available for PocketPC. Linux/Unix clones that use the same database format have also been written.
Originally created by Bruce Schneier's Counterpane Labs, Password Safe has opened it's source. Currently, the PasswordSafe Open Source project is being administered by Rony Shapiro (GPG key FA175557 fingerprint FF77 379D D46D DAA6 6182 B452 1D79 5A91 FA17 5557). The first maintainer of the Open Source versions of PasswordSafe was Jim Russell.
Whitebox testing is notoriously difficult to do. Without automatic code scanning tools, scanning the source code requires a keen eye, concentration and an enormous amount of time to scan each line for security vulnerabilities. As intruders become more sophisticated at finding security vulnerabilities and writing exploitative code, it becomes more necessary to take every precaution before shipping software.These precautions can range from security training throughout the security development lifecycle (SDLC) to using tools such as source code scanners and vulnerability scanners.
This article discusses the shared libraries concept in both Windows and Linux, and offers a walk-through through various data structures to explain how dynamic linking is done in these operating systems. The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior cursory knowledge with dynamic linking. Part one introduces the concepts for both Linux and Windows, but will focus primarily on Linux. Next time in part two, we'll discuss how it works in Windows and then continue to compare the two environments.
"Linux Netwosix was originally created with the goal of providing a security environment for building and creating new security-related solutions. With the passing of time I realized that the project has failed to achieve its goals within 3 years of hard work. This, among many reasons, is the most important because I never received help from anyone. Regardless of the fact that Netwosix has been downloaded by more than 60,000 users all around the world, I'm here to announce the shutting down of my dear project. Day after day I understand that I can't create a 'valid security-oriented product' alone..."
A core component of any curriculum in modern information security is the security of the operating systems that reside on the workstations and servers of a network. Effective information security depends on addressing all facets of how information is stored, moved, and modified. Since the operating system of a computer is the primary means of implementing the security of the information on that computer, it must be configured to minimize the risks of losing or compromising the data being processed.
Want to protect your SOHO machine or LAN from rootkits and malware, but want something a little more real-time than simply running Chkrootkit or another rootkit detector after the fact? Consider OSSEC-HIDS, an open source host intrusion detection system.
Source: HurricaneLabs - Posted by Benjamin D. Thomas
Hurricane Labs, an Enterprise Open Source Security Company is sponsoring an Open Source Security Software contest. Information and prizes are listed at . If you're a primary developer on a security project please check it out and submit your project.
Source: Security Focus - Posted by Efren J. Belizario
Idaho National Laboratory and the New York State Office of Cyber Security and Critical Infrastructure have teamed up with utilities and makers of distributed control system software to offer advice on how to make system security a major part of the critical infrastructure.