Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Five mistakes of data encryption | ||
1st, March, 2007
If you follow the media today, you might conclude that data encryption is everywhere. However, is this "good" encryption? A classic saying "Encryption is easy; key management is hard" illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide. This article covers some of the other mistakes that often occur when organizations try to use encryption to protect data at rest and data in transit and thus improve their security posture. |
||
| O'Reilly Releases Backup & Recovery | ||
1st, March, 2007
Using a system without backups is like driving your car 100 miles per hour down a busy road the day after your insurance policy expires. Exhilarating, yes. But you know you're living dangerously. "No one should depend on a car, or a computer, without having at least the basic level of coverage," says W. Curtis Preston, an expert in data-protection systems and author of the new book, Backup & Recovery (O'Reilly). It's a fact that every computer user knows-in theory, at the very least-but one that often takes a back burner to other IT needs, usually for lack of funding or other resources. Preston, however, maintains that a small budget doesn't mean doing without backup. |
||
| Early DST start causes security heartburn | ||
27th, February, 2007
IT administrators are racing to update systems ahead of the March 11 start to daylight-saving time (DST). Nobody's concerned about the firewall or antivirus software flaking out, but anxiety abounds over other potential security consequences. news/network-security/early-dst-start-causes-security-heartburn |
||
| Make Your Router Secure Right Now | ||
28th, February, 2007
If you weren't worried enough about the security of your home computer and network, it may be time to step it up. A new study by Indiana University and Symantec has discovered (and, alas, made more public) a new hacking technique called "drive- by pharming." Of course, we can't use a name actually in the dictionary, but the gist of it is that your home router may be insecure. |
||
| Google Sharpens Malware Alerts for Webmasters | ||
28th, February, 2007
Google Inc. has enhanced the way it notifies webmasters that their sites contain malware, improving on a service the Mountain View, California, company launched in November of last year in a partnership with The Stop Badware Coalition. |
||
| Why Your Web Apps are Sitting Ducks | ||
3rd, March, 2007
Despite improvements in code quality, Web servers remain at high risk of being hacked, according to a new paper from researchers who use honeypot technologies to examine how hackers tick. |
||
| Honeypots and User-Mode-Linux (UML) | ||
27th, February, 2007
In technical terms, a honeypot performs a function very similar to that of a "honeypot" in the outside world: a sweet lure. A "honeypot" is a system designed with the purpose of attracting the attention of prospective attackers, to assess how they are attempting to infiltrate the machine and what they doing once they gain access. There are literally thousands of honeypot networks and systems setup by security professionals and hobbyists worldwide. These systems can provide a wealth of information into forensics and assessing trends in network intrusion. |
||
| Getting to Know the Enemy Better | ||
2nd, March, 2007
MARCH 1, 2007 | ARLINGTON, Va. -- Black Hat DC -- Experts agree: The best way to secure applications is to build security in during the development phase. The problem is that there are few standards or templates for doing it. |
||
| Top 10 Admin Passwords to Avoid | ||
24th, February, 2007
In the end, it's all a big guessing game. You create passwords to protect your systems; hackers try to guess the password you created. |
||
| Using Honeypots to learn about HTTP-based attacks | ||
26th, February, 2007
With the constant growth of the Internet, more and more web applications are being deployed. Web applications offer services such as bulletin boards, mail services such as SquirrelMail, online shops, or database administration tools like PhpMyAdmin. They significantly increase the exposed surface area by which a system can be exploited. By their nature, web applications are often widely accessible to the Internet as a whole meaning a very large number of potential attackers. All these factors have caused web applications to become a very attractive target for attackers and the emergence of new attacks. This KYE paper focuses on application threats against common web applications. After reviewing the fundamentals of a typical attack, we will go on to describe the trends we have observed and to describe the research methods that we currently use to observe and monitor these threats. In Appendix A, we give actual examples of a bot (a variant of PERL/Shellbot), the Lupper worm and an attack against a web Content Management System (CMS) as examples that show how web application threats actually act and propagate. |
||
| Study Finds Weak Link in IT Security | ||
26th, February, 2007
Companies in a recent study said they expect to be hit by at least one major IT incident that disrupts business, and business process controls are still lacking in many organizations. According to the Symantec IT risk management report, more than 60 percent of respondents expect at least one major IT incident per year that could halt or disrupt a critical part of the business. Conducted over a 12-month period ended October 2006, the study sheds light on the critical elements involved in an effective IT risk management strategy. |
||
| Building Secure Applications: Consistent Logging | ||
27th, February, 2007
This article examines the dismal state of application-layer logging as observed from the authors years of experience in performing source code security analysis on millions of lines of code. It argues that effective logging is often ignored in the push for application security and demonstrates how applications can benefit from a real-time detection of attacks. An idea of a practical implementation is discussed, along with an examination of some of the associated risks and costs. |
||
| How to Keep a Digital Chain of Custody | ||
28th, February, 2007
Don't get her wrong | ||
