Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: May 13th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "The Computer Security Paradox," "Non-Interactive SSH Password Authentication," and "A Guide to Cryptography in PHP."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: The Book of Wireless - “The Book of Wireless” by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
One of the most prized rights of any American is the right to privacy and security. It's something people in some countries would kill for. Yet now there appears to be a very frightening trend growing. Your privacy and security are being thrown out the window wholesale in favor of easier access by law enforcement. A recent example of this can be seen with the announcement that Microsoft has been providing a tool to investigators that can effectively rip your Windows security to shreds in seconds, exposing all your private data to whoever wants to look at it.
A key point brought up in this article is the fact that prevention of crimes should hold higher priority over that of solving crimes. It seems that breaking security for the sake of forensics would not only make crimes easier to "solve", but also easier to commit. How do you feel about this approach to improving forensics?
Firefox Infects Vietnamese Users With Trojan Code (May 8)
Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.
Anyone who has installed the Vietnamese language pack for Firefox could be in danger of having malicious code in their system. Be sure to uninstall this add-on pack if you have recently installed it - unless you enjoy banner ads and opening up your system for future exploits.
Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use (May 8)
Computer forensics is the application of computer investigation and analysis techniques to determine potential legal evidence. Since computers are vulnerable to attack by some criminals, computer forensics is very important. Understanding computer forensic procedures will help to capture vital information which can be used to prosecute an intruder that compromises a computer or network. Also, deciding on the specific tools for computers or other equipment that is needed to correctly analyze evidence is crucial. These tools are very useful but bigger companies that handle more equipment and information might benefit from something that can combine all these tools into one application.
This article provides a .pdf file delving into the inner workings of computer forensics. Give it a read and see if you can solve a crime today (or maybe later)!
SH’s (secure shell) most common authentication mode is called “interactive keyboard password authentication”, so called both because it is typically done via keyboard, and because openssh takes active measures to make sure that the password is, indeed, typed interactively by the keyboard. Sometimes, however, it is necessary to fool ssh into accepting an interactive password non-interactively. This is where sshpass comes in.
This article looks some of the security concerns with using sshpass. Do you use sshpass? If so do you think about the security issues with it.
In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages.
Building security into your web applications is an important skill to have. Have you thought about adding cryptography to your php programs? If so this article looks at ways of doing so.
Ensuring that users are safe, secure, and protected while they browse the Web is one of the greatest challenges facing browser makers. Browser security involves a delicate balance between protecting the user from the dangers that exist on the Web and overly restricting the user’s freedom to go where she wants and see what she wants while surfing.
One of my favorite new Firefox 3 security features is the Site Identification button. This button replaces and builds upon the ubiquitous “padlock” icon that has for so long been the primary security indicator used in browsers. Firefox 2, for example, indicates that the connection to a site is encrypted by changing the background color of the location bar and displaying a padlock icon.
This article brings up interesting points about the 'padlock' icon, its true meaning, as well as the enhanced features of Firefox 3 which can show more in-depth detail about a particular site. Not only that, but it presents the information in a clearer, more concise manner - just the way we like it!
Google has thrown its weight behind a fledgling security reporting group for the open-source community.
The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.
What do you think about this statement by Google? Do you think it will help Open-Source Security?
Configuring Samba for your office or home can provide many advantages. By encouraging users to store files on a central file server, you can simplify data backup and in some cases, software installation and maintenance.
Unfortunately, the initial configuration of Samba can be tricky. Many simple steps need to be executed in the correct order, and one small slip up can have big repercussions. This chapter explores the ways in which you can recover from those mistakes that you couldn't avoid.
Do you thing about how can I make my share secure? When setting up Samba it alway important to make it secure. This article will show you how to setup a secure Samba share.
