| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
| |
NHS Toolkit takedown will inconvenience docs, not patients (Feb 12) |
| |
Patient care will not be affected by an NHS decision to pull a doctors' appraisal website offline to improve its security, but the life of UK doctors will be complicated.
The return of the NHS Appraisal Toolkit, which provides an online database that allows NHS doctors to prepare for their annual appraisals, is not due until 3 March. http://www.linuxsecurity.com/content/view/151668
|
| |
GNOME screen lock ineffective in openSUSE Linux - Update (Feb 12) |
| |
The screen lock of openSUSE 11.2 can be bypassed by the simplest of means. A reader's report prompted The H's associates at heise Security to investigate. Tests confirmed that a locked desktop session can be unlocked without password by holding down the return key. This causes the GNOME screen saver to crash and unlock the desktop after only a few seconds. http://www.linuxsecurity.com/content/view/151667
|
| |
Why Data Breaches Can Go Unnoticed by Their Victims (Feb 12) |
| |
An analysis of data breaches by Trustwave found just 9 percent were uncovered internally by the companies that were breached. The report mirrors other studies and underscores the importance of having visibility into your IT environment as well as being able to correlate disparate events on a network. http://www.linuxsecurity.com/content/view/151666
|
| |
Data Storage, Data Backup and Storage Virtualization IronKey USB Flash Drives Prove Their Mettl (Feb 12) |
| |
Sturdy and secure USB flash memory storage solution is rapidly deployable with a SAAS-based configuration and management tool.
IronKey has built its Enterprise D200 and S200 USB flash drives to withstand just about anything thrown at it. And I made it my goal to find out how much of a beating it could actually take. http://www.linuxsecurity.com/content/view/151665
|
| |
Install software updates and security patches without rebooting (Feb 12) |
| |
There's a real irony to my article this week. Just as I began to write, I got an e-mail from one of my hosted service providers. To paraphrase the message, it says: "Dear Customer, we will be performing maintenance on your application server for a few hours this weekend. We plan to install critical software updates and security patches. During this window you may experience brief interruptions in service. Sorry for the inconvenience." http://www.linuxsecurity.com/content/view/151664
|
| |
Security Expert Releases New Linux Distribution for Ethical Hacking and Penetration Testing (Feb 12) |
| |
The Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD' runs directly from the CD and doesn't require installation on your hard-drive. Once booted you can use the included tools to test, check and ethically hack your own network to make sure that it is secure from outside intruders. http://www.linuxsecurity.com/content/view/151663
|
| |
"Unhackable" Infineon Chip Physically Cracked (Feb 12) |
| |
Former U.S. military security specialist Christopher Tarnovsky found a weakness in Infineon's SLE66 CL PE and presented the results of his hack at the Black Hat 2010 computer security conference. The Infineon chip is used in PCs, satellite TV hardware, and gaming consoles to protect secure data. http://www.linuxsecurity.com/content/view/151662
|
| |
New flaws in chip and pin system revealed (Feb 11) |
| |
Most of us do not think twice about paying for something in a high street shop by keying in our pin. It is easy, fast and in most cases it works.
But scratch a little under the surface and there are persistent reports of people who say they have been the subject of fraud of one kind or another on their credit or debit card. http://www.linuxsecurity.com/content/view/151656
|
| |
U.S. Internet security plan revamped (Feb 11) |
| |
The U.S. government is shifting its strategy for defending federal networks against a rising tide of hacking attacks launched by foreign governments and criminals.
Instead of focusing on consolidating external Internet connections that civilian agencies operate -- which number in the thousands -- the Office of Management and Budget is directing agencies to deploy a standard set of security tools and processes on all of their Internet connections. http://www.linuxsecurity.com/content/view/151655
|
| |
Chrome gets fixed; researcher gets paid (Feb 11) |
| |
The stable version of Google Chrome for Windows has been updated with three critical security fixes and an announcement that the first payouts to crowd-sourced security researchers have been delivered. http://www.linuxsecurity.com/content/view/151654
|
| |
Iptables Limits Connections Per IP (Feb 11) |
| |
ow do I restrict the number of connections used by a single IP address to my server for port 80 and 25 using iptables?
You need to use the connlimit modules which allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block).
This is useful to protect your server or vps box against flooding, spamming or content scraping. http://www.linuxsecurity.com/content/view/151653
|
| |
Open Source conference in Copenhagen (Feb 11) |
| |
Open Source Days is the largest open source conference in the Nordic area. It's your opportunity to meet, share, and learn from professional open source experts. http://www.linuxsecurity.com/content/view/151652
|
| |
How Microsoft uses open source to fight open source (Feb 11) |
| |
There is power in authority.
Microsoft's strategy against open source uses authority. It ties up institutions that are authoritative, that have power over professions, creating a benefit for the institution that ties its members to proprietary Microsoft tools. http://www.linuxsecurity.com/content/view/151651
|
| |
Hacker extracts crypto key from TPM chip (Feb 10) |
| |
An American hacker has, with a great deal of effort, managed to crack a Trusted Platform Module (TPM) by Infineon. He was able to read the data stored on the TPM chip, for instance cryptographic keys (RSA, DES) such as those also used by Microsoft's BitLocker on appropriate motherboards. http://www.linuxsecurity.com/content/view/151644
|
| |
BitLocker review (Feb 10) |
| |
BitLocker uses the AES encryption algorithm in cyber-block chaining (CBC) mode with a 128-bit key, combined with the Elephant diffuser for additional disk-encryption-specific security not provided by AES. http://www.linuxsecurity.com/content/view/151643
|
| |
TrueCrypt review (Feb 10) |
| |
If you aren't running Windows 7, or you want to use something other than a Microsoft product (and don't want to spend any money), TrueCrypt from the TrueCrypt Developers Association is pretty hard to beat. http://www.linuxsecurity.com/content/view/151642
|
| |
PGP Whole Disk Encryption review (Feb 10) |
| |
PGP has been around since 2002, but the company's roots go back to 1991, when the code base for Pretty Good Privacy (PGP) was developed. Over the years, PGP has become one of the leaders in encryption technologies. The company offers a wide variety of products that help users encrypt data files, e-mails and many other types of data. For the mobile worker and the individual user, PGP Whole Disk Protection is a very good choice for protecting the data on a hard drive. http://www.linuxsecurity.com/content/view/151641
|
| |
Why CSOs Should Care About ShmooCon (Feb 10) |
| |
Many CSOs view ShmooCon as an event of small importance. You don't see the suits and ties that are on display at RSA. In fact, to those who haven't attended, this conference is just a place where twenty-something hackers come to get drunk and throw TVs out hotel windows. Another crazy Black Hat/Defcon-caliber conference, more than one high-level security exec has told me in the past. http://www.linuxsecurity.com/content/view/151640
|
| |
Hacker 'Mudge' gets DARPA job (Feb 10) |
| |
Peiter Zatko--a respected hacker known as "Mudge"--has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned. http://www.linuxsecurity.com/content/view/151634
|
| |
OpenDNSSEC service goes live (Feb 10) |
| |
A consortium of security and infrastructure management organisations has launched a new project to help secure Domain Name System (DNS) queries.
OpenDNSSEC will provide a way for service providers and hosting vendors to encrypt DNS traffic. http://www.linuxsecurity.com/content/view/151633
|
| |
Intel Atom Netbooks Get Whole-disk Encryption (Feb 9) |
| |
Netbook users worried about storing sensitive data on their portables are being offered the world's first whole-disk encryption that will run useably on Intel's Atom processor. http://www.linuxsecurity.com/content/view/151628
|
| |
Quick and easy Linux security (Feb 9) |
| |
You've just set up your Linux desktop. Naturally you want it to be as secure as possible. You've heard the rumors that, out of the box, Linux has outstanding security. Is it true? Do you really want to take a chance with that? Most likely not. But what can you do? There are tons of firewall tools you can use (take a look at my article "Build a custom firewall with fwbuilder" for an example). But outside of setting up a firewall on your machine, what can you do to boost the security on your desktop? http://www.linuxsecurity.com/content/view/151627
|
| |
When is a 0day not a 0day? Fake OpenSSh exploit, again (Feb 8) |
| |
When is a 0day in OpenSSH not a 0day? When it's local exploit code. Not the kind that exploits a vulnerability in the system you are logged into, to escalate privilege for example. The kind that takes advantage of potential vulnerabilities in the gray matter between your ears to make a mess of your local system. A reader wrote in to advise us of a potential 0day in the current version of OpenSSH 5.3/5.3p1 released Oct 1, 2009. http://www.linuxsecurity.com/content/view/151617
|
| |
Mozilla Removes Two Malicious Firefox Add-Ons (Feb 8) |
| |
Mozilla on Friday said that it had removed two Firefox add-ons from its Web site because they installed malware.
"Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware," Mozilla said on its security blog. "These were not originally detected with the anti-malware scanning tools that we have been using. We have since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents." http://www.linuxsecurity.com/content/view/151616
|
| |
Google's Android code deleted from Linux kernel (Feb 4) |
| |
After removing Google's Android driver code from the Linux kernel, Novell Fellow and Linux developer Greg Kroah-Hartman has argued that the mobile OS is incompatible with the project's main tree.
Kroah-Hartman deleted the Android drivers on December 11 - Android code is no more as of version 2.6.33 of the kernel release - and yesterday, with a post to his personal blog, he explained the move in detail. http://www.linuxsecurity.com/content/view/151608
|
| |
Report Details Hacks Targeting Google, Others (Feb 4) |
| |
It's been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies.
Until now we've only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. http://www.linuxsecurity.com/content/view/151607
|
| |
How Wi -Fi attackers are poisoning Web browsers (Feb 4) |
| |
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. http://www.linuxsecurity.com/content/view/151606
|
| |
Report: Google, NSA talk defense partnership (Feb 4) |
| |
Google is finalizing an agreement with the National Security Agency to help the search giant ward off cyberattacks, according to the Washington Post.
The electronic surveillance organization is expected to help analyze a cyberattack on Google that the company said originated in China, so that the company can better defend itself against future attacks, the newspaper reported Wednesday. http://www.linuxsecurity.com/content/view/151605
|
| |
Symbian OS now fully open source (Feb 4) |
| |
The Symbian Foundation will move forward on Thursday with offering up the full Symbian smartphone platform to open source.
The Symbian 3 platform, including applications, middleware, and the kernel itself, will be offered under terms of the Eclipse Public License and other open source licenses. "You can download it, you can modify it," said Larry Berkin, head of global alliances for the foundation. Previously, the kernel was made available via open source. http://www.linuxsecurity.com/content/view/151604
|
| |
U.S. 'Severely Threatened' By Cyber Attacks (Feb 4) |
| |
Testifying before the Senate Intelligence Committee on Tuesday, the top U.S. intelligence official warned that U.S. critical infrastructure is "severely threatened" and called the recent cyber attack on Google "a wake-up call to those who have not taken this problem seriously." http://www.linuxsecurity.com/content/view/151603
|
Only registered users can write comments.
Please login or register.
