LinuxSecurity.com

The Computer Security Paradox

Fri, 09 May 2008 06:02:27 +0000

LinuxSecurity.com: One of the most prized rights of any American is the right to privacy and security. It's something people in some countries would kill for. Yet now there appears to be a very frightening trend growing. Your privacy and security are being thrown out the window wholesale in favor of easier access by law enforcement. A recent example of this can be seen with the announcement that Microsoft has been providing a tool to investigators that can effectively rip your Windows security to shreds in seconds, exposing all your private data to whoever wants to look at it.

A Guide to Cryptography in PHP

Thu, 08 May 2008 08:00:00 +0000

LinuxSecurity.com: In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages. Building security into your web applications is an important skill to have. Have you thought about adding cryptography to your php programs? If so this article looks at ways of doing so.

Firefox Infects Vietnamese Users With Trojan Code

Thu, 08 May 2008 11:38:56 +0000

LinuxSecurity.com: Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use

Thu, 08 May 2008 11:34:55 +0000

LinuxSecurity.com: Computer forensics is the application of computer investigation and analysis techniques to determine potential legal evidence. Since computers are vulnerable to attack by some criminals, computer forensics is very important. Understanding computer forensic procedures will help to capture vital information which can be used to prosecute an intruder that compromises a computer or network. Also, deciding on the specific tools for computers or other equipment that is needed to correctly analyze evidence is crucial. These tools are very useful but bigger companies that handle more equipment and information might benefit from something that can combine all these tools into one application.

sshpass - Non-Interactive SSH Password Authentication

Thu, 08 May 2008 10:31:31 +0000

LinuxSecurity.com: SH's (secure shell) most common authentication mode is called "interactive keyboard password authentication", so called both because it is typically done via keyboard, and because openssh takes active measures to make sure that the password is, indeed, typed interactively by the keyboard. Sometimes, however, it is necessary to fool ssh into accepting an interactive password non-interactively. This is where sshpass comes in. This article looks some of the security concerns with using sshpass. Do you use sshpass? If so do you think about the security issues with it.

Firefox 3: Site Identification button

Wed, 07 May 2008 09:08:57 +0000

LinuxSecurity.com: Ensuring that users are safe, secure, and protected while they browse the Web is one of the greatest challenges facing browser makers. Browser security involves a delicate balance between protecting the user from the dangers that exist on the Web and overly restricting the user's freedom to go where she wants and see what she wants while surfing.
One of my favorite new Firefox 3 security features is the Site Identification button. This button replaces and builds upon the ubiquitous "padlock" icon that has for so long been the primary security indicator used in browsers. Firefox 2, for example, indicates that the connection to a site is encrypted by changing the background color of the location bar and displaying a padlock icon.

Gentoo: InspIRCd Denial of Service

Fri, 09 May 2008 10:33:00 +0000

LinuxSecurity.com: A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service.

Gentoo: Linux Terminal Server Project Multiple vulnerabilities

Fri, 09 May 2008 10:27:00 +0000

LinuxSecurity.com: Multiple vulnerabilities have been discovered in components shipped with LTSP which allow remote attackers to compromise terminal clients.

Gentoo: Firebird Data disclosure

Fri, 09 May 2008 10:12:00 +0000

LinuxSecurity.com: Firebird allows remote connections to the administrative account without verifying credentials.

Mandriva: Updated hal-info package fixes resume issue

Thu, 08 May 2008 21:59:00 +0000

LinuxSecurity.com: An updated hal-info package fixes resume from suspend to RAM on HP 6710b systems. It had previously failed with a black screen on Mandriva Linux 2008.0.

Review: The Book of Wireless

Tue, 15 Apr 2008 09:00:56 +0000

LinuxSecurity.com: "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.

April 2008 Open Source Tool of the Month: sudo

Tue, 01 Apr 2008 10:00:00 +0000

LinuxSecurity.com: This month the editors at LinuxSecurity.com have chosen sudo as the Open Source Tool of the Month!