Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

For the second time in two months, Mozilla on Friday rushed out a fix for Firefox to patch a problem with a browser update issued just days before.Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called "a stability problem that affected some pages with embedded plug-ins."

Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time!

The National Institute of Standards and Technology (NIST) has issued new guidelines for the implementation of full virtualization that address common security concerns with the technology.

Symantec has released the July 2010 MessageLabs Intelligence Report which contains the usual interesting and relevant facts regarding trends in spam and malware. Of particular interest in this report, though, is the fact that attacks exploiting shortened URLs have skyrocketed, and that a new approach is needed to protect against the rising threat.

Though encryption is a strong way to safeguard passwords, personal information, and other sensitive data, it can be confusing due to the acronyms and technobabble that surround the topic.Many encryption utilities--such as the BitLocker feature in Windows 7 Ultimate, or the Rohos Mini Drive utility for protecting info on a thumb drive--are available.

The users of PHP 5.2 should upgrade to 5.3 at their earliest convenience, as the active support of the 5.2 series came to an end with the release of version 5.2.14 earlier today. PHP 5.2.0 was released almost four years ago and according to the release announcement, the developers say that, in future, any further security fixes will only be released on a case-by-case basis.

In today's world of identity theft and network security breaches, it's more important than ever to have a line of defense from malicious computer hackers. That's why Parameter Security, an ethical-hacking firm based in St. Louis, Missouri, created H@cker University to help businesses develop offensive cyber security techniques to protect their networks and data banks.

Skilled malware writers have found a way for less experienced cyber criminals to do their work for them. A new freeware phishing kit being offered in hacker forums offers cyber criminals a way to set up fake websites and spam emails to capture users' legitimate login credentials.

In a corner of a Panera Bread store in Meriden, amid the clatter of dinner plates and orders recited over a warbling sound system, a group of men and a woman gathered recently, laptops open.

The autofill option in Apple's Safari browser can expose personal data without the user's consent, a security researcher reported on Wednesday. It remains unclear as to whether the problem affects Safari specifically or all WebKit-based browsers, which include Google Chrome. It's recommended that Safari and Chrome users disable the autofill feature immediately, until further notice.

Baidu, China's leading Internet search company, has a "plausible" case against its U.S.-based domain registry for allegedly allowing a hacking attack that left the site disabled and defaced, a U.S. judge ruled Thursday.

The Global System for Mobile Communications technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference, and what the security researchers there have to say isn't pretty.

In the run-up to his presentation at the Black Hat conference, Jeremiah Grossman of White Hat Security told The Register that users who allow their browsers to auto-complete frequently used form fields, such as names or email addresses, may become an easy target for data thieves. For instance, auto-complete data can reportedly be retrieved automatically via JavaScript in Safari 4 and 5.

Mozilla has patched 16 vulnerabilities, nine of them critical, in Firefox 3.6, the largest update for the open-source browser since March.At the same time, the company patched 12 flaws in the older Firefox 3.5.

Network security architecture expert Robert Bird saw the difficulties universities have protecting their systems while maintaining an open and collaborative environment. As director of network services at the University of Florida's 10,000 user residence hall network, Bird began designing a system that could identify users and track their activity on the university network while protecting their privacy.

A capture-the-flag-style competition slated to take place at Defcon later this month has raised eyebrows at a number of companies who are concerned they will be embarrassed or negatively impacted in some way. CSO first reported the CTF challenge earlier this month in Defcon contest to spotlight social engineering. The challenge asks contestants to collect information about a "target" company, which they are assigned to by contest coordinators at the web site social-engineer.org.

The vast majority of people browsing the web are vulnerable to attacks that expose detailed information about their viewing habits, including news articles they've read and the Zip Codes they've entered into online forms.

Mozilla published security repairs for Firefox and Thunderbird on Tuesday, which included updates for the legacy versions of both.Firefox 3.6.7 for Windows, Mac, and Linux fixes 14 security bugs, including eight listed as critical, two high-level bugs, and four moderate ones.

Network stress testing tools are not for the underfunded, the underskilled or the faint of heart. Consider them carefully before deciding whether to purchase them or how to use them.See the companion article "Stress-testing your network" for details on software from BreakingPoint, Mu Dynamix, Spirent and Ixia. Here are dos and don'ts to help you get the most from these tools.

The Internet Explorer, Firefox, Chrome, and Safari browsers are susceptible to attacks that allow webmasters to glean highly sensitive information about the people visiting their sites, including their full names, email addresses, location, and even stored passwords, a security researcher says.

Just four days after Mozilla announced it was increasing the bounty paid for critical security bugs in its software to $3,000, Google has upped the ante, saying that it will now pay $3133.70 for the most severe bugs researchers find in Chromium.

If you don't like command mode to interact with metasploit, I have good news for you: there is a new Java GUI. Don't forget to install Java to execute it.

The TrueCrypt development team have announced the release of version 7.0 of their open source, cross platform, disk encryption tool. According to the developers, this major update to their on-the-fly encryption tool includes several improvements, new features, security enhancements and bug fixes on all platforms.

One incredibly useful way that Linux has been adapted to the needs of modern computer users is as a "live CD," a version of the operating system that can be booted from a CD (or a DVD or, in some cases, a USB drive) without actually being installed on the computer's hard drive.

Comodo, a leading Certificate Authority and Internet security organization, today announced it will be exhibiting at the sixth annual HostingCon,in Austin on July 19-21 at the Austin Convention Center located in the heart of the Texas capital.

Mozilla is increasing the amount it pays security researchers for bugs from $500 up to $3,000. I personally think that's a very good thing.There has long been a debate about whether or not vendors should pay for security flaws. In my view, the flaws are going to be discovered whether or not a vendor is paying for them. The question is how they will be disclosed and whether or not those flaws will end up putting millions of users at risk - or not.By paying for flaws, what Mozilla is doing is providing an economic model for both security researchers and for itself. For security researchers, a $3,000 payment is not an unreasonable sum in my view and it's more than the $1,337 that Google pays. HP's TippingPoint also pays for security flaws as well though they seem to have a floating scale on payments as far as I can tell.

In a corner of a Panera Bread store, amid the clatter of dinner plates and orders recited over a warbling sound system, a group of men and a woman gathered last week, laptops open.They threw around terms like "botnets" and "onion routers" with ease, talked about microcontrollers and how to crack into a computer database should the need arise to test their own computer defenses.

A Wikileaks editor, deciding not to risk a confrontation with federal agents, skipped a high-profile speaking engagement at a hacker conference here on Saturday.Instead, Jacob Appelbaum, a Seattle-based programmer for the Tor Project, who's involved in the Wikileaks Web site, took over the 1 p.m. ET keynote slot on behalf of co-founder Julian Assange.

Nearly nine years after the publication of FIPS 197, AES encryption remains the de facto standard today for symmetric encryption, and brute-force attacks remain infeasible, at least for the foreseeable future. To date, most attacks methods have focused on weaknesses or characteristics in specific implementations, called "side-channel attacks," not on the algorithm itself.

Mozilla on Thursday boosted bug bounty payments six-fold by increasing the standard cash award to $3,000.The new bounty for vulnerabilities in Firefox, Firefox Mobile and Thunderbird is also six times the normal payment by Google for flaws in its Chrome browser, and more than double the maximum $1,337 that Google pays for the most severe bugs.

Dell, through its Kace unit, is making available free Web browser security software that works by creating a protective "sandbox" on the desktop to isolate the user's desktop from malware or other harmful actions that might be encountered browsing the Web.