Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Mesh Design Pattern: Hash-and-Decrypt | ||
10th, April, 2007
Hash functions are an excellent way to tie together various parts of a protection mechanism. Our first mesh design pattern, hash-and-decrypt, uses a hash function to derive a key that is then used to decrypt the next stage. Since a cryptographic hash (e.g., SHA-1) is sensitive to a change of even a single bit of input, this pattern provides a strong way to insure the next stage (code, data, more checks) is not accessible unless all the input bits are correct. |
||
| The Secrets of Laptop Encryption | ||
11th, April, 2007
To maximize the effectiveness of encryption in providing effective security assurance solutions, organizations must deploy it as part of a defense-in-depth security stance. Like any technology, encryption is plagued with pitfalls, mistakes, and traps that could easily provide an organization with a false sense of confidence in its security, while still allowing attackers to easily compromise the organization~Rs data. The common pitfalls, mistakes, and traps that an organization implementing encryption must avoid are: |
||
| Brief Thoughts on Security Education | ||
13th, April, 2007
Once in a while I get requests from blog readers for recommendations on security education. I am obviously biased because I offer training independently, in private and public forums. However, I've attended or spoken at just about every mainstream security forum, so I thought I would provide a few brief thoughts on the subject. |
||
| PHP Bug Hunter Silences His Critics With security Project | ||
10th, April, 2007
PHP bug hunter Stefan Esser says he feels vindicated after his successful Month of PHP Bugs project which ran through March. |
||
| Bright Future For Counter-Attacks | ||
11th, April, 2007
Counter-attack stories come and go, but this time it's supported by the courts. The question was whether the defendant's 4th Amendment rights against unreasonable search and seizure were violated by the campus system administrator logging into his dorm computer without authorization. Campus police and the administrator then followed up by visiting the dorm room and gathering evidence. |
||
| Security Enforcement, The Cooperative Way | ||
12th, April, 2007
Imagine all of your network and security devices working as a unit to enforce security policy. That's the vision of "cooperative policy enforcement," an emerging concept being promoted by Aventail. |
||
| One-Time Password Technology | ||
14th, April, 2007
Securing the data that employees carry around as they go about their daily business is priority No. 1 for businesses today. The stakes are high: Data loss is just the kind of incident that can give a business all kinds of publicity for all the wrong reasons. |
||
| The Fine Art of Data Destruction | ||
15th, April, 2007
Peggy Jones, a business manager for the information-management team at the College of Southern Maryland, was asked recently to help dispose of what she now estimates were about 1,200 old backup tapes and cassettes her IT organization had been storing in a relatively well-fortified walk-in vault. |
||
| State Comes up Short on Information Security | ||
12th, April, 2007
Despite some improvements, the State Department still falls short in its information security efforts, according to a new report from Inspector General Howard J. Krongard. |
||
| Two Worm "families" Make up Most Botnets | ||
11th, April, 2007
The Sdbot and Gaobot families are responsible for most botnets worldwide. These two families were responsible for 80 percent of detections related to bots during the first quarter of 2007. Other culprits, although on a much lesser scale, included Oscarbot, IRCbot or RXbot. |
||
| Hot or Not: Local Privilege Escalation Vulnerabilities | ||
13th, April, 2007
Due to the interactive nature and required access to exploit, local privilege escalation vulnerabilities have traditionally been thought to have a minimal impact on the strategies enterprise IT departments incorporate to protect networks when compared to other code execution vulnerabilities. |
||
| Malware Outbreak 'Largest in Almost a Year' | ||
13th, April, 2007
Security organizations are tracking what's being described as the largest email attack since last year's Warezov outbreak, and the second onslaught this week to steal a page from the Storm Trojan's playbook. |
||
| Cyber Criminals to Increasingly Target Mobile Devices | ||
16th, April, 2007
Cyber criminals will increasingly target smartphone and PDA devices, according to the latest Global Threat Report from security vendor McAfee. |
||
