Security Projects - Page 37

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

run0, A Safer Alternative to sudo, Introduced in Systemd v256

German software engineer Lennart Poettering recently presented run0, a new tool in systemd v256 that aims to address the security concerns associated with the widely used sudo command. Let's explore run0's implications for Linux admins and secur...
May 04, 2024
  0

How Debian 12 is Redefining Stability and Innovation in Open-Source OSes

The latest release of Debian, one of the oldest and mos...
May 01, 2024
  0
8.Locks HexConnections CodeGlobe Esm H115

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

A significant change has been merged into the x86 fixes...
Apr 08, 2024
  0
19.Laptop Bed Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

Certified Ethical Hacker: Not Your Everyday Job

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The term "hacker" doesn't just apply to crooks, thieves and anyone else looking to subvert computer security systems for malevolent purposes. Some hackers are in the business of improving security. Certified Ethical Hackers are paid by companies and government agencies to test their computer systems against the sort of attacks the bad guys often attempt to pull off.

LS Hmepg 337x500 34 Esm H200

htop & mytop - Interactive Activity Monitors

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

htop and mytop are programs similar to the standard top, but monitor in different ways and different functions. htop is an interactive process viewer for Linux. It is a text-mode application (for console or X terminals) and requires ncurses. Tested with Linux 2.4 and 2.6. Read on for info on mytop, an interactive monitor for MySQL.

LS Hmepg 337x500 34 Esm H200

Researchers who hack the Mac OS

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Before his coffee was cold he had found a local privilege escalation vulnerability in Mac OS X Tiger, which could allow people to elevate from normal user to full super user, and had written code that could exploit the hole.

LS Hmepg 337x500 34 Esm H200

Researchers prove kernel is secure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Australian researchers have demonstrated a way to prove core software for mission-critical systems is safe. The researchers this week said they can prove mathematically that code they have developed, designed to govern the safety and security of systems in aircraft and motor vehicles, is free of many classes of error.

LS Hmepg 337x500 34 Esm H200

Holes closed in Subversion version control system

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

New versions of the Subversion version management system fix vulnerabilities in the client and server which could allow an attacker to gain control of a system. The cause of the problems are multiple heap overflows in the libsvn_delta library, which may occur when the library is parsing difference data streams (binary deltas).

LS Hmepg 337x500 34 Esm H200

Taking FOSS Security Seriously

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Developers of open source software projects should be just as concerned about security as anyone developing a proprietary app. However, the nature of the two development processes can be very different at times, and debate still rages about which is inherently more secure -- a secret code kept by a company, or a public one that all eyes can see. Just as important is how each community reacts once a problem is spotted.

LS Hmepg 337x500 34 Esm H200

Open-source project aims to makes secure DNS easier

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Very cool. It would be really nice to see a review of this project, and follow it as it progresses. Is anyone interested in reviewing it and letting us know how you make out?A group of developers has released open-source software that gives administrators a hand in making the Internet's addressing system less vulnerable to hackers.

LS Hmepg 337x500 34 Esm H200

Wireshark 1.2.1 fixes security vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Wireshark developers have announced the release of version 1.2.1 of Wireshark, the popular open source, cross-platform network protocol analyser. In addition to over 30 bug fixes, the security update addresses seven vulnerabilities that could crash the application remotely or lead to a buffer overflow. The denial-of-service (DoS) vulnerabilities affect the IPMI, AFS, Infiniband, Bluetooth L2CAP, RADIUS, MIOP and sFlow dissectors. Versions from 0.9.2 up to and including 1.2.0 of Wireshark are affected and all users are advised to update.

LS Hmepg 337x500 34 Esm H200

Blog Security Stats - Taking almost 2k blogs to a security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sucuri submitted a great research document they created that details the security of random blogs on the Internet for their attention to security factors.Research to determine if bloggers are taking the security of their sites seriously. We randomly selected 1747 blogs from the blog catalog and scanned them to see how secure they are... The results are interesting... Check it out. It is indeed very interesting. I'd like to hear more from this security team in the future.

LS Hmepg 337x500 34 Esm H200

No Reboot Required

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article talks about Ksplice, a program developed by an MIT grad student to perform security updates on a Linux server without having to reboot it:The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute's $100K Entrepreneurship Competition. Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system--which is commonly used to control server machines--although Daher says that the technology could work on other operating systems too.In my experience, it's not necessary to reboot a Linux server unless you're doing a kernel update or some change to a filesystem. Do you see any purpose for this?

LS Hmepg 337x500 34 Esm H200

Cloud Security: Danger (and Opportunity) Ahead

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Have you thought about the security implications of cloud computing? This article explains the cloud, and talks extensively about what the author proposes be done to address the security issues. The dramatic change in the rate of adoption and the amount of discussion taking place regarding cloud computing demands that this technology, or rather a set of related technologies, continue to evolve utilizing a security-sensitive design.

LS Hmepg 337x500 34 Esm H200

Software Problems with a Breath Alcohol Detector

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is an excellent lesson in the security problems inherent in trusting proprietary software: After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc. Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved