Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
EnGarde Secure Community 3.0.8 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.8 (Version 3.0, Release 8). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, several updated packages, and several new packages available for installation.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| How to Cheat at Managing Information Security | ||
28th, September, 2006
Mark Osborne doesn't like auditors. In fact, after reading this book, one gets the feeling he despises them. Perhaps he should have titled this book 'How I learned to stop worrying and hate auditors'. Of course, that is not the main theme of How to Cheat at Managing Information Security, but Osborne never hides his feeling about auditors, which is not necessarily a bad thing. In fact, the auditor jokes start in the preface, and continue throughout the book. |
||
| Fear the Metasploit Framework | ||
28th, September, 2006
The Metasploit Project is one of the most popular penetration testing suites available. If you're responsible for the security of networked systems, you'll want to become familiar with Metasploit Framework, so you can test your client PCs before someone with malicious intent does it for you. I'll walk you through an example exploit of a Windows XP system to show you how effortlessly Metasploit can penetrate remote systems. I used the version 2.6, the current stable version. Grab the stable tarball for Linux, unpack it, enter the just created framework-2.6 subdirectory, and take a look around. |
||
| Nmap Parsers and Interfaces | ||
26th, September, 2006
This is the ninth in a series of tips on how to use Nmap in an enterprise network environment. For a security tool to be useful you have to be able to understand what it's telling you about the setup, security, or weak points of your system or network. With Nmap you can run very comprehensive tests. To analyze the results it is often best to have the output recorded in XML format so that it can be easily imported into a database or converted into HTML for analysis and human consumption. |
||
| SSL-Explorer Community Edition | ||
28th, September, 2006
SSL-Explorer is the world's first open-source, browser-based SSL VPN solution. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser. |
||
| Access over Ethernet: Insecurities in AoE | ||
28th, September, 2006
ATA over Ethernet (AoE) is an open standards based protocol which allows direct network access to disk drives by client hosts. AoE has been incorporated into the mainstream Linux kernel, recently been the subject of a Slashdot article, and it appears that it is a SAN technology which is here to stay. This paper investigates the insecurities present in the AoE protocol and suggests how you can deploy AoE infrastructure without worrying about a wide scale compromise. |
||
| Top 5 Tips To NOT Get Hacked Online | ||
25th, September, 2006
For those who are not experts in computer security, here are the top 5 tips to a safer online experience (in addition to having firewalls, anti-virus, and patching diligently). news/server-security/top-5-tips-to-not-get-hacked-online |
||
| Understanding SQL Injection | ||
27th, September, 2006
SQL injection is a technique used by a malicious user to gain illegal access on the remote machines through the web applications vulnerability. The basic idea behind this technique is to run the sql query which was not intended to run by a programmer. This technique is heavily relay on the logical operations like AND, OR.UNION etc. if this technique is used properly a malicious user can get complete access on a web server. If the application is creating SQL strings naively on the fly (dynamic queries) and then running them, it can create some real surprises as we see later on. |
||
| How to Encrypt Passwords in the Database | ||
29th, September, 2006
If you are developing a password-protected web site, you have to make a decision about how to store user password information securely. What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5). |
||
| Understanding Cross Site Scripting | ||
30th, September, 2006
There are many web applications which are designed to permit the input of html tags for displaying the html formatted data. these tags can be used by malicious users to attack other users by inserting scripts or malicious applets etc.this called cross site scripting or XSS. such attacks are result of poor input validations. it uses the combination of html and scripting languages. with the proper combination of html and java script a intruder can misguide the client and perform various attack from DOS(by opening enormous amount of window on client side) or By embedding malicious FORM tags at the right place, an mailicious user may be able to trick users into revealing sensitive information by modifying the behavior of an existing form or by embedding scripts, an intruder can cause various problems. This is by no means a complete list of problems, but hopefully this is enough to convince you that this is a serious problem. |
||
| Bruce Schneier Teaches Security | ||
25th, September, 2006
It must say something about our times that Bruce Schneier, a geeky computer encryption expert turned all-purpose security guru, occasionally gets recognized in public. "My life is just plain surreal," he says. Schneier, 43, has made it so by popping up whenever technology and regular life intersect, weighing in on everything from the uselessness of post-Sept. 11 airport security measures to the perils of electronic voting machines and new passports with radio chips. |
||
| Keystroke Dynamics | ||
25th, September, 2006
Biometrics has long been one of the solutions touted by security vendors to meet multi-factor authentication objectives. However, user acceptance and cost issues often prevent organizations from adopting biometrics as a solution. This isn | ||
