Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| FSG and OSDL to merge; form Linux Foundation | ||
22nd, January, 2007
The Free Standards Group (FSG) and Open Source Development Labs (OSDL), two of the major non-profit corporations dedicated to promoting open source software, are merging to form a new organization called The Linux Foundation. The new organization will be led by Jim Zemlin, the former FSG executive director, and for now will continue the work of both predecessors. The merger will be legally complete in early February, but work on the practical details will begin immediately. |
||
| Introducing CSRTool | ||
23rd, January, 2007
If you've worked with Public Key Infrastructures (PKI) at all, you'll probably know at least one thing: PKIs are complex! Aside from the fact that there are so many details to remember, there is also the added burden that most tools for working with PKIs are command-line interface (CLI) tools. Well, in one small way, StrongAuth, Inc. has changed that. news/cryptography/introducing-csrtool |
||
| Chinese Prof Cracks SHA-1 Data Encryption Scheme | ||
23rd, January, 2007
" These two main algorithms are currently the crucial technology that electronic signatures and many other password securities use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang's research, there were other data encryption researchers who tried to crack it. However, none of them succeeded. This is why in 15 years Hash research had become the domain of hopeless research in many scientists' minds. " |
||
| Schneier on Security | ||
23rd, January, 2007
|
||
| Putting The Cracking of SHA-1 in Perspective | ||
23rd, January, 2007
SHA-1 is one of the most prevalent forms of a secure hash algorithm used in the legal and security industry. Now that Professor Xiaoyun Wang and her associates in Tsinghua University and Shandong University of Technology have officially cracked the SHA-1 hashing algorithm, the fallout will begin. This won't actually be due to security concerns for the most part, but the legal ramifications may be severe. |
||
| Elliptic Curve Cryptography | ||
24th, January, 2007
Elliptic Curve Cryptography (ECC) is a public key cryptography. In public key cryptography each user or the device taking part in the communication generally have a pair of keys, a public key and a private key, and a set of operations associated with the keys to do the cryptographic operations. Only the particular user knows the private key whereas the public key is distributed to all users taking part in the communication. Some public key algorithm may require a set of predefined constants to be known by all the devices taking part in the communication. ?eDomain parameters?f in ECC is an example of such constants. Public key cryptography, unlike private key cryptography, does not require any shared secret between the communicating parties but it is much slower than the private key cryptography. |
||
| Hide Data In Files With Easy Steganography Tools | ||
26th, January, 2007
Remember those invisible ink kits from when you were a kid? You'd write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better. You don't have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit. |
||
| Blu-ray Encryption Defeated | ||
25th, January, 2007
Late last year, a crafty individual who goes by the name | ||
