Security Projects

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Linux Kernel 6.9 Released with Critical Fixes & Upgrades

The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux ecosystem. Linus Torvalds, the creator of Linux, underscores this by stating, "a more powerful arm64 ma...
May 13, 2024
  0

Nmap 7.95 Released with New OS and Service Detection Signatures

Nmap 7.95 introduces myriad enhancements, primaril...
May 13, 2024
  0
4.Lock AbstractDigital Esm H115

AlmaLinux 9.4 Reinforces Robust Linux Security

The recent release of AlmaLinux 9.4, closely aligned wi...
May 07, 2024
  0
1.Penguin Landscape Esm H115

Discover Security Projects News

LS Hmepg 337x500 34 Esm H200

Phones gain coded security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cryptography firm Certicom has announced a cross-platform security toolkit for future mobile phone handsets. The Certicom Security Architecture for Mobility will provide a common programming interface for developers to access . . .

LS Hmepg 337x500 34 Esm H200

IETF Reportedly Rejects Sender ID

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Internet standards group rejects the protocol because of embedded Microsoft proprietary technology.Several Internet sources today reported that the Internet's Internet Engineering Task Force (IETF) has officially turned thumbs down . . .

LS Hmepg 337x500 34 Esm H200

What is fwknop?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required. . . .

LS Hmepg 337x500 34 Esm H200

Mozilla offers bounty for bugs

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Mozilla Foundation, maker of the Firefox web browser and Thunderbird e-mail application, is offering a $500 (£275) bounty to users who identify and report bugs found in its open-source software.  . . .

LS Hmepg 337x500 34 Esm H200

PHP Zaps Security Leaks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The open-source PHP Group has released a fix for a pair of security holes that could be exploited to execute arbitrary code on remote PHP servers. The flaws affect PHP versions 4.3.7 and prior and version 5.0.0RC3 and prior. The final version of PHP 5.0, which was released earlier this week, is not affected. . . .

LS Hmepg 337x500 34 Esm H200

Mozilla Patches Security Hole

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

According to the Mozilla Foundation, the vulnerability was posted on Thursday to Full Disclosure, a public security mailing list. The same day, the foundation's security team confirmed the report and developed a fix. On Friday, the Mozilla team released a configuration change that resolves the problem by explicitly disabling the use of the shell external protocol handler. . . .

LS Hmepg 337x500 34 Esm H200

Security hole found in Mozilla browser

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The flaw, known as the "shell" exploit, was publicized Wednesday on a security mailing list, along with a link to a fix for the problem. Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released. Developers said the flaw affects only Windows users, not computers running the Macintosh and Linux operating systems. . . .

LS Hmepg 337x500 34 Esm H200

Hacker college

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"It's an amazing thing how insecure the big corporations are," said Echemendia during a break in the weeklong seminar. "It's just amazing how easy it is." Hackers are believed to cost global businesses billions of dollars every year, and the costs to defend against them are soaring. . . .

LS Hmepg 337x500 34 Esm H200

Latest Web services spec tackles application flaws

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OASIS addressed another layer of security concerns around Web services Wednesday when it ratified the Application Vulnerability Description Language (AVDL) 1.0 as a standard, the organization's highest level of ratification. AVDL is an XML schema that enables security products to communicate information about new and existing Web application vulnerabilities between themselves, according to AVDL Technical Committee co-chairman Kevin Heineman. . . .

LS Hmepg 337x500 34 Esm H200

Secure Development Framework

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This whitepaper deals with developing a secure framework, both for internal and outsourced development. Within this context, secure development is considered to be the process of producing reliable, stable, bug and vulnerability free software. . . .

LS Hmepg 337x500 34 Esm H200

Metasploit Framework v2.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Metasploit Framework is an advanced open-source exploit development and testing environment. Version 2.1 fixes many issues that users have reported since the release of 2.0 and adds several new features. The bug fixes alone are more than worth the time to upgrade. . . .

LS Hmepg 337x500 34 Esm H200

Summer Webinars look at embedded Linux security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Free Webinars will be offered separately by Wind River; by TimeSys; and by Mocana and its partners MontaVista and Wind River this summer. The events explore getting started with embedded Linux development, graphical embedded Linux development tools, and embedded device security, respectively. . . .

LS Hmepg 337x500 34 Esm H200

More flaws foul security of open-source repository

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development. According to a representative of the project that oversees the program, known as the Concurrent Versions System, the vulnerabilities include a flaw that could let an attacker take control of a CVS server from the Internet, putting the code repository's contents at risk. . . .

LS Hmepg 337x500 34 Esm H200

Secure Development: A Polarised Response

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Through fuller integration of security and development activities, the effectiveness and efficiency of security assessment will be increased and streamlined, the associated costs greatly reduced and organisations will enjoy the return on security investments (ROSI) at a greater rate. Until then, however, those organisations that are already using secure development implementation early in their development cycles will be able to continue to reap greater advantages over their competition. . . .

LS Hmepg 337x500 34 Esm H200

OpenBSD revisited

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the goals for the OpenBSD project is to try being the most secure operating system. The OpenBSD developers say the open software development model allows them to take a "more uncompromising view towards security than other vendors are able to". To this end the developers have been auditing OpenBSD components on a file-by-file basis since 1996, and continue the process to this day. . . .

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved