Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Top Viruses, Worms and Malware in 2006 | ||
24th, December, 2006
HNS is running an article with a list of those malicious codes which, although they may not have caused serious epidemics, have stood out in one way or another. |
||
| Breaking the same-origin policy by undermining dns-pinning | ||
25th, December, 2006
The basis of the attack is rather old. It was described by the Princeton University in 1996 [1] and was recently brought to my attention by Amit Klein [3]. For the attack to succeed the attacker needs to control the DNS entry for his web server (http://www.attacker.org/ in the following example). |
||
| VOIP More Vulnerable | ||
24th, December, 2006
If you're talking over your IP network right now, then voice-over-IP should be at the top of your security priorities for next year. Securing enterprise IP voice hasn't been on most organizations' radar screens, mostly because VOIP so far hasn't been a popular target of attackers or bug hunters, nor have many organizations torn out their traditional voice systems altogether, anyway. But security experts say it's time to make VOIP security a priority. |
||
| The Snort Top 10 | ||
29th, December, 2006
I am frequently asked questions, many of the questions are the same things over and over again, and I always see the same mistakes being made when setting it up. So, i've compiled a list of the top ten mistakes and commonly misconfigured or overlooked things when configuring everyone's favorite IDS. |
||
| And the worst security idea of 2006 was . . . | ||
26th, December, 2006
Once again it is time to take note of those security blunders from the past year that have given us so many opportunities to learn from our mistakes. |
||
| Web 'safe' mark may elude new merchants | ||
26th, December, 2006
As an online shopper, Claudia Race knows she must look out for scams. So as an Internet entrepreneur working out of her home in New Braunfels, Texas, Race wants to use all the tools available to assure customers they can trust the vacation-rentals service she is about to launch. But because her small business is so new, Race said she might not qualify for the online seals of approval that Overstock.com Inc. and other larger, established companies are getting to instruct Microsoft Corp.'s Internet Explorer browser to display a green address bar for "safe" when people visit her site. |
||
| Is Malware Hiding Behind that Certified Site? | ||
27th, December, 2006
A new study warns that Web sites containing security certificates are not necessarily safe. The results were somewhat surprising when Web sites bearing the TRUSTe security certificate were compared against a list of known malware sites from McAfee's Siteadvisor product, a service that black-lists Web sites containing spyware, spam, viruses and online scams. |
||
| Symantec: Another Surge In Worm Scanning For Unpatched Antivirus Software | ||
27th, December, 2006
Sensors monitored by Symantec's DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the "Sagevo" worm. |
||
| A new wave of attacks is challenging conventional wisdom about security | ||
28th, December, 2006
Asymmetric warfare is hell. Sure, you may have night-vision goggles, body armor, and air support, but you're also working for a bureaucratic organization built to fight a war that doesn't look much like the one you're in. Your adversary, on the other hand, is poorly equipped, yet nimble, resourceful, and adept at spotting and exploiting the slightest weakness. So much so, you may not even know you're under attack. |
||
| Computer Security Expert Joins EFF | ||
28th, December, 2006
The Electronic Frontier Foundation (EFF) welcomes the newest member of its Board of Directors, computer security expert Edward W. Felten. A professor of Computer Science and Public Affairs at Princeton University, Felten recently demonstrated the ability to manipulate results on a Diebold electronic voting machine -- showing that the equipment was extremely vulnerable to "vote-stealing" attacks that would undermine the accuracy of vote counts. |
||
| DOD bars use of HTML e-mail | ||
26th, December, 2006
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations. An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 "in the face of continuing and sophisticated threats" against Defense Department networks. |
||
| A design for a self-tuning portable RF jammer | ||
27th, December, 2006
This website details the design and construction Wave Bubble: a self-tuning, wide-bandwidth portable RF jammer. The device is lightweight and small for easy camoflauging: it is the size of a pack of cigarettes. An internal lithium-ion battery provides up to 2 hours of jamming (two bands, such as cell) or 4 hours (single band, such as cordless phone, GPS, WiFi, bluetooth, etc). The battery is rechargeable via a mini-USB connector or 4mm DC jack (a common size). Alternately, 3 AAA batteries may also be used. |
||
| Police blotter: Google searches nab wireless hacker | ||
27th, December, 2006
Matthew Schuster began work as a computer technician for Alpha Computer Services in Wausau, Wisc., in 2000. Schuster provided technical support for a wireless Internet system called CWWIS and also was a paying subscriber to CWWIS for his home. |
||
