Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: May 5th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "10 Dos and Don'ts for Security Job Interviews," "Cloud Security Needs Its Rainmaker," and "Wordpress security dissected and analyzed."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
10 Dos and Don'ts for Security Job Interviews (May 1)
The pickings are slim in the job market and the time line of interviewing and then hiring new people is slow. But there are positions available in the security field, according to three veteran security recruiters that we spoke with recently. If you're looking for a change in your career, or are simply looking to get back to work, there is simply no room for anything less than the best impression these days.
Internet threats rise by two-thirds in April (May 1)
The number of web-based threats soared by nearly two-thirds in April, according to new figures from managed security vendor Network Box. The firm said that the 63 per cent rise in internet threats was due in large part to phishing attacks, which represented one in four of the threats.
The Cloud Security Alliance (CSA) made its inaugural splash at last week's RSA Security Conference 2009 in San Francisco. The group kicked off an ambitious white paper that attempts to define everything from the architecture of cloud services to the impact of cloud services on litigation and encryption. It was a herculean effort to try to get this off the ground. And there is still much more work to do -- especially in the one area the group left out.This is a great article that talks about the problems of putting all your security eggs into one basket.
Infosec 2009: Security must be built in from the start (Apr 30)
The government-backed Cyber Security Knowledge Transfer Network (KTN) launched a new roadmap today intended to kick-start an international effort to engineer security into products from their inception.
Building in Information Security, Privacy and Assurance (PDF) aims to overcome the siloed approach to security taken by many countries, according to Cyber Security KTN director Nigel Jones. Security at the core is extremely important. Trying to "bolt on" security, as so many distributions do, often leads to something less than really secure. Do you agree?
Wanted: Computer hackers ... to help government (Apr 28)
Wanted: Computer hackers.
Federal authorities aren't looking to prosecute them, but to pay them to secure the nation's networks.
General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could "think like the bad guy." Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.
RSA Conference wrap: Taking security to the cloud [video] (Apr 28)
Security-as-a-service was the big theme at this year's RSA Conference in San Francisco. I talked with Senior Editor Sam Diaz, and security blogger Ryan Naraine about how companies are securing the cloud. They also discuss whether companies are spending on security in light of the current economic climate.
Wordpress security dissected and analyzed: Part 1 (Apr 28)
Wordpress is very popular as both a blogging platform and a general CMS. [...] Unfortunately, the more layers of technology you add to a website (PHP code, MySQL databases, authentication mechanisms, fancy themes and endless plugins), the more security holes you potentially open up.
RSA Offers Encryption Toolkit Free To Developers (Apr 27)
RSA, the Security Division of EMC, here today launched a program that for the first time gives developers its encryption technology tools for free.
RSA traditionally had licensed only its BSAFE encryption technology, which can cost customers tens of thousands of dollars, but company officials say the timing is right to give developers easier access to tools for building more security features into applications from the ground up, rather than tacking them on later.
