Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

Mozilla is increasing the amount it pays security researchers for bugs from $500 up to $3,000. I personally think that's a very good thing.There has long been a debate about whether or not vendors should pay for security flaws. In my view, the flaws are going to be discovered whether or not a vendor is paying for them. The question is how they will be disclosed and whether or not those flaws will end up putting millions of users at risk - or not.By paying for flaws, what Mozilla is doing is providing an economic model for both security researchers and for itself. For security researchers, a $3,000 payment is not an unreasonable sum in my view and it's more than the $1,337 that Google pays. HP's TippingPoint also pays for security flaws as well though they seem to have a floating scale on payments as far as I can tell.

In a corner of a Panera Bread store, amid the clatter of dinner plates and orders recited over a warbling sound system, a group of men and a woman gathered last week, laptops open.They threw around terms like "botnets" and "onion routers" with ease, talked about microcontrollers and how to crack into a computer database should the need arise to test their own computer defenses.

A Wikileaks editor, deciding not to risk a confrontation with federal agents, skipped a high-profile speaking engagement at a hacker conference here on Saturday.Instead, Jacob Appelbaum, a Seattle-based programmer for the Tor Project, who's involved in the Wikileaks Web site, took over the 1 p.m. ET keynote slot on behalf of co-founder Julian Assange.

Nearly nine years after the publication of FIPS 197, AES encryption remains the de facto standard today for symmetric encryption, and brute-force attacks remain infeasible, at least for the foreseeable future. To date, most attacks methods have focused on weaknesses or characteristics in specific implementations, called "side-channel attacks," not on the algorithm itself.

Mozilla on Thursday boosted bug bounty payments six-fold by increasing the standard cash award to $3,000.The new bounty for vulnerabilities in Firefox, Firefox Mobile and Thunderbird is also six times the normal payment by Google for flaws in its Chrome browser, and more than double the maximum $1,337 that Google pays for the most severe bugs.

Dell, through its Kace unit, is making available free Web browser security software that works by creating a protective "sandbox" on the desktop to isolate the user's desktop from malware or other harmful actions that might be encountered browsing the Web.

The Internet is set to get a whole lot safer, the security standard DNSSEC is set to be assigned to the Internet's 13 root servers from later today.

Security practitioners diving into cloud computing must make older security tools like IDS work in this new world. In a CSO podcast last week, Stu Wilson, CTO of IDS provider Endace, sought to explain how this older technology is still relevant in enterprise cloud security strategies.

A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference.

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month here.

Wu Shi, a security researcher in Shanghai, has become one of the world's top browser bug hunters. If tough love is the best way to fix the world's software, then Wu Shi may be one of the information security industry's unsung heroes.

Instead of indicating password quality via coloured bars, the Windows crypto tool Thor's Godly Privacy (TGP) informs users about the estimated time required for a successful brute-force attack on the chosen password. TGP calculates the time from the number of iterations a brute-force tool would need to arrive at the correct character combination.

Mozilla on Tuesday warned users that a password stealing add-on slipped into Firefox's extension gallery more than a month ago had been downloaded nearly 2,000 times before it was detected. The malicious "Mozilla Sniffer" add-on was yanked from Mozilla's servers Monday, and added to the Firefox "blocklist," a last-resort defense that uninstalls potentially dangerous browser extensions from users' machines.

Spammers and the botnet operators they're allied with are continuing to adapt their techniques to evade security technologies, and now are using what amount to disposable domains for their activities. A new report shows that the spammers are buying dozens of domains at a time and moving from one to another as often as several times a day to prevent shutdowns.

Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security.

The American Society of Composers, Authors and Publishers (ASCAP) has launched a campaign to raise money from its members to hire lobbyists to protect them against the dangers of "Copyleft." Groups such as Creative Commons, Public Knowledge, and the Electronic Frontier Foundation are "mobilizing," ASCAP describes in a letter to its members, "to promote 'Copyleft' in order to undermine our 'Copyright.'"

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

A hacker claims to have cracked the Skype'sproprietary encryption protocols that protect the VoIP company's intellectual property.The Luxembourg IP telephony company has zealously guarded its protocol but a hacker going by the name of ‘Sean O'Neil' claims that he's broken through the protection.

Perhaps there is finally something to deter Chatroulette.com users from their more offensive behavior: University researchers say that users of the popular video-chat site may not be as anonymous, or as private, as they think.

Ivan Ristic has been quietly weeding through millions of registered domain names to find and test SSL protocol implementations. Ristic, director of engineering at Redwood Shores, Calif.-based Qualys Inc., runs SSL Labs, a non-commercial research effort that was acquired by Qualys last year.

FBI agents have raided the homes of three alleged members of a hacker gang that harassed a security expert who helped put the group's leader in jail, according to a recently unsealed search warrant affidavit.

A security consultant has released a Ubuntu-based Linux distribution specifically designed to help analyze and re-engineer malware. Lenny Zeltser on Thursday released REMnux on Sourceforge and it has already been downloaded nearly 2,000 times.

Three years ago, Marc Maiffret was tired. He had been running hard as CTO of eEye Digital Security since co-founding the company at age 17. So after a decade, he walked away.He recently resurfaced as chief security architect at FireEye, and did an extensive interview with CSO about how security threats have changed since his eEye days.

A vulnerability in the memory management of FreeBSD's network subsystem allows authenticated users to edit files for which they only have read privileges. The sendfile command uses mbuf memory to buffer the content of the file to be transmitted.

Thirty-eight defendants from across the United States have been charged with participating in a multimillion-dollar black market travel agent ring that used the stolen identities of thousands of victims to purchase airline tickets for customers.

Open source has always been a favorite among scientists and universities where budgets are limited but where there is plenty of expertise around to fiddle with the code and customize it for a specific project or department. It never behaved like the costlier, commercially available products from big-name vendors, and it required lots of patience for dealing with quirks and knowledge of some arcane coding tricks.

Oh dear, poor Google seem to be catching all kinds of flak over their Wifi Data Collection.The UK Met are already investigating them and they are being pulled to pieces in Germany too with France also weighing in. The latest to jump on the bandwagon is Australia which is stating they have breached the Australian Privacy Act.

The hacker group known as iPhone Dev-Team apparently is close to unlocking iPhone 4 in order to run unofficial apps and to use other GSM cellular networks besides AT&T.

Okay, maybe it wasn't that much of a mystery. In fact, it took a little more than three hours for Danger Room reader jemelehill to figure out the odd string of letters and numbers in the logo of the U.S. military's new Cyber Command. Turns out, it's the new unit's mission statement, translated into 32 digits with the md5 cryptographic hash:

Some IT execs dismiss public cloud services as being too insecure to trust with critical or sensitive application workloads and data. But not Doug Menefee, CIO of Schumacher Group, an emergency management firm in Lafayette, La.

Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities and meet auditing and compliance mandates.

The Google Chrome browser allows the installation of third-party extensions that are used to extend the browser to add new features. The extensions are written in JavaScript and HTML and allow manipulation of the DOM, amongst other features.