EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Linux v3.0.6 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.6 (Version 3.0, Release 6). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Feds Want Hacker's Genetic Code | ||
13th, May, 2006
Hacker Adrian Lamo is in trouble again, this time for failing to give the federal government his DNA. On Tuesday, federal probation officer Michael Sipe filed a notice of violation in a Northern California court accusing Lamo of refusing to submit a blood sample, in violation of Sipe's instructions and a 2-year-old federal law. "He reported to the probation office as instructed; however, he refused to provide a blood sample for DNA testing, in violation of the general condition of supervision requiring compliance with federal law," the filing reads. |
||
| Differential power analysis countermeasures | ||
15th, May, 2006
I was at CardTech/SecurTech 2006 recently and had a meeting with Cryptography Research, a company focused on securing smartcards. I spoke to Kit Rodgers, VP, and Ken Warren, Manager, about smartcard tamper resistance with differential power analysis countermeasures. Listen to the interview with Cryptography Research Listen Now news/cryptography/differential-power-analysis-countermeasures |
||
| Malicious cryptography, Part Two | ||
17th, May, 2006
This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part two continues the discussion of armored viruses and then looks at a Bradley worm - a worm that uses cryptography in such a way that it cannot be analyzed. Then it is shown how Skype can be used for malicious purposes, with a crypto-virus that is very difficult to detect. |
||
| Total Computer Security Could Result from Unbreakable Optical Code | ||
17th, May, 2006
Researchers at Mitsubishi Electric, NEC and the University of Tokyo claim to have made a breakthrough in a new technique for very secure data communications. The parties have implemented a technique known as quantum cryptography, which codes the data optically and have for the first time transmitted information between systems uses this technique. |
||
| SELinux from Scratch | ||
15th, May, 2006
SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics. |
||
| Computer Security: Your 5-Step Survival Guide | ||
17th, May, 2006
It's a dangerous world. Every day, thousands of attacks that threaten to corrupt key systems, steal customer data, and otherwise abuse information-technology assets assault U.S. businesses. The SANS Institute, which provides computer security education and training, estimates that the average Internet network address experiences an attack every 24 minutes. In most cases, it's an unscrupulous hacker trying to infect corporate computers with viruses, worms and Trojans-commonly dubbed "malware." |
||
| Putting MediaWiki to Use in an Organization | ||
21st, May, 2006
Imagine how useful it would be to have an online knowledge base that can easily be updated created by key people within your organization. That's the promise of a wiki -- a Web application that "allows users to easily add, remove, or otherwise edit all content, very quickly and easily," as Wikipedia, perhaps the best-known wiki, puts it. Why not bring the benefits of a wiki to your organization? If you're sold on the concept, the first thing you need to do is to pick the software that you're going to use for your wiki. If you want hunt around to find out what's out there, a good place to start is Wikipedia's wiki software wiki. If you say, "I'll use whatever Wikipedia is using," that'll be MediaWiki. |
||
| HNS Podcast: Nortel's approach to security | ||
19th, May, 2006
Welcome to the first Help Net Security Podcast. We are going to be focusing on the enterprise and informing you on new products and technologies. While at the Infosecurity show in London we met up with Shirley O'Sullivan, the Security Leader EMEA at Nortel. In this podcast you can listen to her discuss their approach to security. |
||
| Techno Imperialism and the Effect of Cyberterrorism | ||
18th, May, 2006
It's been a while since I've last blogged about Cyberterrorism, and while many did mentioned the topic in between the recent DRDoS attacks, Cyberterrorism is so much more than simply shutting down the Internet, namely the ability to communicate, research, recruit and use propaganda to achieve goals based on ideological beliefs, or the convergence of Terrorism and the Internet. Can we argue that cyberterrorism is the direct effect of techno imperialism, or let's use a more friendly word such as IT-dependent society and information infrastructure? |
||
| Opinion: What is a Security Professional, Anyway? | ||
18th, May, 2006
It's foolish to care if CISSP skills are being taught in colleges. Why? It's a moot point. But it does bring to light another, more serious issue, that of who really is an information security professional, and who may simply be masquerading as one. While some may worry that future employers of young potential CISSPs will be fooled by the lack of experience that these recent graduates will carry to their jobs, I say companies should know better. [Editor's note: Regardless of coursework or exam passage, prospective CISSPs are unable to obtain the certification without four years experience in the field, or three years with a college degree or equivalent life experience.] Unless a firm is making its first security hire, then it should easily be able to identify those who have what it takes to make it in the field versus those attempting to fool potential employers with mere "knowledge certifications." |
||
| Why Phishers Don't Fear SSL Toolbars | ||
14th, May, 2006
Do anti-phishing toolbars in web browsers stop phishing attacks? No. Can they reduce them, even for savvy users? Yes. Are they all equally effective? No. MIT researchers found that users are highly likely to ignore anti-phishing toolbars... especially those designed to verify SSL certificates. The researchers installed browser toolbars without training the subjects in their proper use. Then subjects were asked to do various tasks requiring a username and password, like adding to a Wish List. The subjects incorrectly divulged usernames and passwords to the phishing sites 52% of the time. After users were dragged through a tutorial, successful Neutral Info toolbar spoofs dropped to 28% while spoofs of those using System Decision toolbars plummeted to 15%. SSL-verification users were fooled 35% of the time. |
||
| Can We Make Operating Systems Reliable and Secure? | ||
16th, May, 2006
When was the last time your TV set crashed or implored you to download some emergency software update from the Web? After all, unless it is an ancient set, it is just a computer with a CPU, a big monitor, some analog electronics for decoding radio signals, a couple of peculiar I/O devices†| ||
