Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: August 4th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Examining the Art of Computer Forensics," "Testing Web Application Security Using Google's Ratproxy," and "Small Companies Lax About Computer Security."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Review: The Book of Wireless - "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
You don't need expensive proprietary tools to practice the craft of computer forensics. Crime scene: the server room…The thief doesn't need a key card or the protection of darkness – an intruder can use the Internet to come and go. But despite the secret entrance, the attacker still leaves behind some telltale traces. Finding and interpreting this evidence is the top priority of criminal investigators.
This article goes over some tools that the experts use to find clues and evidence. And the great thing about these forensic tools are that they are open source.
Allowing employees to work from home and telecommute poses security and privacy risks that are not being addressed adequately by business or government, according to a study released Tuesday by consulting firm Ernst & Young in partnership with the Washington-based advocacy group Center for Democracy and Technology.
This is a interesting article about how telecommuting can cause a computer security risk for a company. It seems to be a problem that companies should take seriously.
Tresys have announced the release of version 3.0 of their CDS (Cross Domain Solutions) Toolkit, an Eclipse-based IDE for developing CDSs with SELinux. Notable features introduced in this release include support for MLS and labeled networking, with enhancements to end user customization of generated policy and to the general development environment.
Do you use any IDE programs to write and develop your SELinux policy or do you use a basic editor like vi? Which is better or more productive?
Sharing Platforms, Sharing Flaws: Does Interoperable Mean Vulnerable? (Jul 31)
Interoperability, however, could render computer systems more vulnerable to increased security risks. Does that mean, then, that open source users have to choose interoperability over security? Will accessing data produced with a Microsoft application automatically expose users of non-Microsoft products to the same vulnerabilities that plague Redmond's wares?
This article looks at the age old question of how does the openness of open source affect it's security? What do you think is open source software more sure because it's source code is available for everyone to do code review?
Small Companies Lax About Computer Security, Report Finds.. (Jul 30)
Large companies are valuable targets for cyber criminals, but what about the small fry? Software security firm McAfee took a gauge of opinions, finding that some small and medium-size businesses don't seem that concerned about potential hacks. At least that's what its recent survey suggested.
Are not enough small companies taking computer security seriously? Do you think Linux can be a solution to these companies security needs? This article studies the role of computer security in small companies.
Red Hat has undoubtedly done more to make SELinux usable than any other organization, but has it actually reached the point where it can be enabled by default for all desktops? The Fedora project clearly thinks so. Not only is SELinux enabled, but the installer no longer has an option to disable it or to put it into "permissive" mode. Most of the posts in a thread on the fedora-devel mailing list see that as the right choice, but some are not so sure.
This article looks at how SELinux is working on the Fedora desktop. It brings up a interesting question on how useful is SELinux on a Linux Desktop? What do you think?
Testing Web Application Security Using Google's Ratproxy (Jul 29)
To help developers audit Web application security, Google has released an open source tool called ratproxy. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits. Ratproxy is a local program designed to sit between your Web browser and the application you want to test. It logs outgoing requests and responses from the application, and can generate its own modified transactions to determine how an application responds to common attacks. The list of low-level tests it runs is extensive, and includes:
Have you testing out ratproxy yet? If not this article will show you how to install and use it for your self.
nUbuntu Development Kicking Off Again - Security LiveCD (Jul 28)
After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again! With over a year of inactivity, the latest alpha of nUbuntu 8.04 has finally surfaced. With this comes many new bug fixes and updates. All of the latest security and penetration tools are included to make this you're primary pentesting livecd.
I am glad to see projects like nUbuntu start-up again. Security LiveCD's are useful tools for any Linux user. Do you have any favorites?
