Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

When most people think of wireless, they think only in terms of access and not in terms of attacks or intrusions, say David D. Coleman and David A. Westcott in ‘CWNA: Certified Wireless Network Administrator Official Study Guide' (www.wileyindia.com).

The march to secure the Internet's core DNS (define) infrastructure with DNSSEC (define) is moving forward.Since at least the summer of 2008, when security researcher Dan Kaminksy disclosed a critical vulnerability in DNS, the global Internet domain routing ecosystem has been moving to implement DNSSEC, which provides is a digitally signed mechanism to authenticate the integrity of DNS information, secure the system and prevent attacks.

The fact that malware are written primarily for PC systems is a given and is well reported in the news. The fact that malware are written primarily for Microsoft Windows based PC systems is often not reported. When such a connection is made in the press or on a Microsoft friendly web site then the caveat is often added that Microsoft Windows suffers from popularity. The argument is that because Microsoft Windows is so ubiquitous it gives a good "Return On Investment" to malware writers.

Virtualization platforms are software. All software has flaws. Therefore, virtualization platforms have flaws. Simple logic,right? The major virtualization platform vendors, VMware, Xen (now Citrix), and Microsoft, have all had several vulnerabilities over the last few years. However, the major components of a virtualization infrastructure and the IT strategy related to deployment and maintenance of virtualization technologies can be planned and secured fairly well. The following sections will explore the major areas of concern for security professionals.

This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.4 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.

From the forthcoming version 4.1, Google is doing away with the Chrome feature which has attracted the most criticism: unique IDs. Until now, this token has been stored in the user_experience_metrics.user_id key in the User Data\Local State file in the Chrome installation folder (C:\User\[Name]\AppData\Local\Google\Chrome under Vista).

IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security.

A few years ago I wrote a paper for SANS titled "Security Implications of the Virtualized Data Center." I had been working in system and network security for almost 10 years and, like many IT professionals, had been relying on virtualization as a system tool for many years. While using virtualization as a sandbox for security research I was drawn to virtualization security, now called virtsec, once I realized how great the security threat was in x86 virtual computing environments.

One of the infosec industry's top Web security gurus said a hash algorithm flaw, discovered more than a year ago, may well be the most dangerous security flaw on the Web.

As strange as it might sound, there are times when I wish for the old days of the Internet circa the early 1990's. The days of Mosaic and Lynx, where there was no Flash, no Javascript and no Java. A simpler time where protecting your privacy and security wasn't as essential as it is today.

At the RSA Conference in San Francisco last week, security vendors pitched their next generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats.

In this wide ranging interview, cryptographer, Taher Elgamal, chief security officer of Axway Inc. and the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks and how cloud computing may alter data protection and authentication. The SSL protocol will be updated to prevent man-in-the-middle attacks, but researchers need to find better ways to prevent malware from getting on PCs in the first place, Elgamal said. Better security at the browser layer and a greater focus on Web application security could help prevent future attacks, he said. End-to-end encryption is a marketing term that doesn't hold much weight, Elgamal said.

McAfee, a leading maker of Internet security software, warned this week that software systems used by many companies to store and manage their intellectual property are being actively targeted by hackers and are in need of significantly increased security focus.

Andrei is a young man with immense power at his fingertips. He's a reformed Russian hacker.Back hunched, eyes fixed on the computer screen in front of him, he demonstrates what he can do.

An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP.

The security specialist Objectif Sécurité has optimised its rainbow tables – a common tool used to crack password hashes – to make use of SSDs. The result is, according to Objectif Sécurité's Philippe Oechslin, an acceleration by a factor of 100 when compared to their old 8GB Rainbow Tables for XP hashes. A web form takes the XP-hashes and cracks them for free with the new, ten times larger tables.

If the public wants online privacy it had better fight now for laws to protect it because businesses won't and individuals don't have the clout, security expert Bruce Schneier told RSA Conference.

Two weeks ago, I essentially claimed that nearly every company I know is hacked -- and in many cases, thoroughly hacked. Although there's a bit of hyperbole in that statement, it isn't that far from reality. That statement, however, has led some readers to believe detecting hackers and preventing attacks is impossible. Nothing could be further from the truth.

The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?

There are many Linux distributions readily available. This however should not stop you creating your own version of a UNIX forensic tools disc. Whether you are on Solaris, HP-UX or any other variety of UNIX it is simple to create a forensic tools CD that can go between systems. The added benefit of this method is that the tools do not need to be left on the production server. This in itself could be a security risk and the ability to unmount the CD and take it with you increases security.

The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact. That also makes security updates like the new 2.2.15 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server.

Gone are the early days of Wi-Fi, when CSOs lost sleep over threats like WEP cracking and war driving. 802.11n products have matured to the point where many enterprises are investing in larger, faster WLANs to support mission-critical applications. And yet, pros know that security is never to be taken for granted. Here, we offer our Top Ten Wi-Fi Threats and explain why diligence is (still) required.

Recently I came into a client who had a Windows XP machine that contained a nasty little virus that rendered the machine nearly unusable. When the machine would boot the CPU was pegging out at 100%, causing the GUI to be nearly unresponsive.

Honing in on the need for more security in application development, IBM Rational is planning an enterprise-level product that features two separately acquired technologies for security testing and code scanning.

Ongoing computer scams targeting small businesses cost U.S. companies US$25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation.Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over US$120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.

Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks--steps that even enterprise-class security specialists may slip up on.

In light of the recent Google hacking, businesses might reconsider their cloud-based strategies. Ostensibly cloud-based services can offer business a better security profile at a lower price point than would be possible if companies built the services themselves. Take data centers, for example. Building a modern data center can cost hundreds of thousands of dollars with security measures constituting a hefty price tag encompassing, but not limited to, security cards, biometrics, dry contact sensors, IP-based camera surveillance, security guards, fire suppression systems, and power generators.

The fine folk over at Torrent Freak have their own hopes. However, they have created a wonderful prelude to the big event, far more interesting than any discussion of rented frocks, baubles and faces, by calculating which of the nominated movies has been torrented the most.

eBay Inc has suspended Cryptome's PayPal account, confiscating donations made to the site in the past two weeks. New York architect John Young has refunded around $5,300 to donors.