Linux Security Week - April 9th, 2007

Managing documentation and support requests and collaborating effectively are difficult tasks for many organizations. Most companies have separate systems to track customer information, handle support, and manage a general knowledge base, but when someone needs a 360-degree view of a project, or needs to find all of the information on a client, the task can be next to impossible. Why not glue all of your separate systems together using wiki software?

Pioneering physicist aims to lock out data hackers with speed-of-light cryptography.

Right now, somewhere in the world, hackers are trying to break into central electronic storage facilities to pilfer sensitive data such as credit card information, financial records and personal identification.

news/cryptography/a-quantum-leap-in-information-security

Security experts have blamed the continued prevalance of older viruses such as the Netsky and Mytob worms on people's bad habits.

Attackers are abandoning traditional methods of sending malware via email, as they are too easy for virus scanners to spot. Instead, they are opting to include links in emails that direct recipients to infected web pages.

news/network-security/bad-web-habits-risk-our-security

The growth of Secure Sockets Layer virtual private networks (SSL VPNs) has accelerated in the last 12 months due to greater awareness among users of the commercial advantages, better marketing which focuses on benefits rather than technology, and improved security features.

Computer security is a precarious business both from a product development and administrative standpoint. Operating system vendors are forced to constantly patch their software to keep consumers protected from the latest digital threats. But which operating systems are the most secure? A recent report by Symantec hints that Windows currently presents fewer security holes than its commercial competitors.

news/server-security/2006-operating-system-vulnerability-summary

FireGPG is a Firefox extension which brings an interface to crypt, decrypt, sign or verify the signature of a text in any web page, using GPG. It will support some webmails. Right now, only GMail1 is supported, some useful buttons are added in the interface of this webmail. news/security-projects/whats-firegpg

Security vendor Fortify today said it has identified a JavaScript-related vulnerability that lets an attacker hijack a Mozilla or Microsoft Internet Explorer Web browser session.

Computer security professionals should be more proactive in protecting corporate networks, in light of business employees today being more mobile than ever.

Such mobility is changing the enterprise security landscape, according to Motorola Inc, a provider of integrated communications and embedded electronics solutions.

Full disclosure -- the practice of making the details of security vulnerabilities public -- is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure. Unfortunately, secrecy sounds like a good idea. Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of the hackers. The problem, according to this position, is less the vulnerability itself and more the information about the vulnerability.

Current Web browsers weren't designed to easily and securely get content from multiple sources into one page. Discover how developers have stretched the available tools to fit the task and how doing so has put strain on the resulting applications with respect to security and scalability. Also, learn about several browser improvements being proposed to remedy the situation and how to become part of the conversation that will bring Web development beyond this hurdle to a new level of interoperability.

Often the best way to thwart an Internet attack is to take down the domain names involved in it, but this is a hard thing to do under current rules. Shortly before the revelation of the .ANI bug and the inevitable development of attack sites that it engendered, a prescient discussion was beginning about better ways to bring these sites down.

Security firm Fortify Software has stepped forward to warn Web site developers that most frameworks for deploying interactive functionality use JavaScript in a way that could lead to their applications leaking user data.

The problem, dubbed JavaScript hijacking by the firm, occurs because popular asynchronous JavaScript and XML (AJAX) toolkits use the scripting language as a transport mechanism without due consideration to security.

Companies have been warned not to rush into adopting virtualisation technology as hurrying could leave them at risk of security threats.

If companies adopt virtualisation too quickly, the best security practices could be overlooked according to analyst Gartner. In some cases the best security technology may not even be available yet.

Researchers have discovered a new way of attacking Wired Equivalent Privacy that requires an amount of data "more than an order of magnitude" less than the best known key-recovery attacks. In effect, the cracking can be done within a minute, as the title of the paper suggests: Breaking 104 bit WEP in less than 60 seconds.