Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
EnGarde Secure Community 3.0.8 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.8 (Version 3.0, Release 8). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, several updated packages, and several new packages available for installation.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Biometric polygraph next for airport security? | ||
15th, August, 2006
Got something to hide? You may not want to reconsidering flying in the future. An Israeli company has come up with a biometric system for detecting emotional responses to a series of questions. The system, dubbed Cognito, uses polygraph-like techniques to detect when a passenger is worried during a series of questions. Within 5 minutes, the system makes a determination of whether the passenger should be further questioned by authorities, according to the company. "What we are looking for are patterns of behavior that indicate something all terrorists have: the fear of being caught," Shabtai Shoval, chief executive of biometric systems maker Suspect Detection Systems, told the Wall Street Journal in a Monday article. |
||
Passmark Sitekey at Bank of America Vulnerability | ||
17th, August, 2006
LogError writes: A vulnerability of the Passmark Sitekey login approach at Bank of America could permit an attacker to remotely lock out thousands of customers from their online banking accounts. The vulnerability announced today is similar to a DoS attack in that it permits an attacker to remotely "lock out" customers from their online accounts, potentially overwhelming the bank's customer support lines with calls from frustrated customers. |
||
U.K. police: Let us seize encryption key | ||
16th, August, 2006
Because British law enforcement officers don't have the authority to seize encryption keys, an increasing number of criminals are able to evade justice, a senior police officer said. Suspected terrorists, pedophiles and burglars have all walked free because encrypted data couldn't be opened, Detective Chief Inspector Matt Sarti of the Metropolitan Police said Monday during a public meeting in London. |
||
Foundations of Cryptography | ||
17th, August, 2006
Cryptography has been employed for keeping secrets since the time of Caesar. From the simplest ciphers of shifting letters, to mathematically provably secure ciphers of today, cryptography has progressed a long way. |
||
The Mosquito Secure Remote Execution Framework | ||
15th, August, 2006
MOSREF is a exploitation architecture utilizing the power of the MOSVM virtual machine and Mosquito Lisp to make penetration testing, exploit development, and general systems security tasks more efficient. |
||
10 Steps To Fortify The Security Of Your MySQL Installation | ||
18th, August, 2006
For those who wish to enhance or fortify the security of the MySQL installation that following technical 10 steps are a good start. |
||
Firewalled - IT's Double Standard | ||
13th, August, 2006
IT people love to complain about their end users. They tell funny stories about boneheaded employees who leave their passwords stuck to their computers. They grit their teeth when users click on email attachments from strangers. End users, they say, are too damn trusting, not to mention forgetful. Up until now, I've always felt that this righteous indignation was justified. I mean, IT people are smart about security, and they don't trust anybody, right? But this week, I wrote a story that burst my bubble. |
||
OpenOffice.org Security 'Insufficient' | ||
14th, August, 2006
With Microsoft Corp.'s Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses. "The general security of OpenOffice is insufficient," the researchers wrote in a paper entitled "In-depth analysis of the viral threats with OpenOffice.org documents." "This suite is up to now still vulnerable to many potential malware attacks," they wrote. |
||
Dynamic Linking in Linux and Windows, part two | ||
17th, August, 2006
This article discusses the shared libraries concept in both Windows and Linux, and offers a walk through various data structures to explain how dynamic linking is done in these operating systems. The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior cursory knowledge with dynamic linking. Part one introduced the concepts for both Linux and Windows and focused primarily on Linux. Now in part two, we'll discuss how it works in Windows and then continue compare the two environments. Readers are encouraged to review part one again before continuing with this article. |
||
Solving the Security Challenge of Dynamic Networks | ||
14th, August, 2006
Europe is hurtling toward an information society capable of offering communication services anywhere in the world; a society where data and communication devices spontaneously form networks using any medium with any protocol to access any service. So far, such a proposition is not too secure. But researchers are on the case. |
||
Covert Channel Tool Hides Data In IPv6 | ||
15th, August, 2006
The tool, dubbed VoodooNet or v00d00n3t, uses the ability of most computers to encapsulate next-generation network traffic, known as Internet Protocol version 6 (IPv6), inside of today's network communications standard, or IPv4. Because most security hardware appliances and host-based intrusion detection programs have not been programmed to inspect IPv6 packets in depth, data can bypass most network security, said independent security researcher Robert Murphy, who presented the tool at the DEFCON hacking conference last weekend. |
||
SMEs must 'prioritise' network security | ||
17th, August, 2006
Network security is vital if Welsh SMEs hope to thwart hackers in future years, says UK internet security tester NTA monitor. While SMEs make up 99.9 per cent of the 4.3 million businesses in the UK, the vast majority do not have dedicated IT departments. Because of this, the necessity for security against threats should be a priority. Network structure should always be considered with this firmly in mind, according to NTA monitor. |
||
OpenSSH Introduction | ||
18th, August, 2006
SSH is the secure replacement for rlogin, rsh and telnet, which has been used in the past to do remote administration work. Even today some people still like using telnet for administration, even though it actively affects system security, since all commands and passwords are transmitted in cleartext. Since we are aware of the security risk of running a telnet service and want to be better we are not only using SSH, we will set up SSH with public key authentification. |
||
Audio: HOPE 2006 Keynotes | ||
14th, August, 2006
HOPE Number Six was this summer's hacker conference sponsored by 2600 Magazine. Presenters and artists from all nationalities and disciplines participated in this forum. HOPE Number Six covered all aspects of hacking, the community surrounding it, and its effects across the world. For three days, The Hotel Pennsylvania was the nexus of discussion, planning, and activity for hacker ideas, opportunities, and understanding. |
||
Security Testing your Apache Configuration with Nikto | ||
14th, August, 2006
By now you've got the perfect setup for your new Ubuntu 6.0.6 (Dapper Drake) box. You may have even followed the excellent Intrusion Detection and Prevention with BASE and Snort tutorial. And as an added precaution you installed DenyHosts to prevent hack attempts via ssh. But now that you've got your new LAMP server on the internet, how can you tell that your new web server is secure? You test it, of course! |
||
Take A Closer Look At OpenBSD: Security Where It Counts | ||
14th, August, 2006
OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX |