Security Projects
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The Cyber Defense Exercises were started over a conversation between military officers at a Dairy Queen in Waxahachie, Texas outside of Texas A&M in 1997. Initially they joked about how cool it would be to have a cyber war competition between . . .
Underscoring growing concern over spam, the Internet Engineering Task Force (IETF) has created a new Anti-Spam Research Group (ASRG) that aims to put unsolicited commercial e-mail in its crosshairs by setting standards for spam detection and potential legislation. . . .
IBM, Oracle and Red Hat are backing efforts to ensure the Linux operating system achieves security assurances recognised by the Australian government. IBM and Oracle are working to get Linux certified under the International Common Criteria for Information Technology Security . . .
IP Security Validator is an experimental tool that allows validation of Virtual Private Network (VPN) configurations between two network interfaces. As with testing connectivity using the Ping program, IP Security Validator enables verification and validation of VPN configurations and their connectivity.. . .
Broadband wireless access took another step forward late last month when the IEEE approved 802.16a, an amendment that adds features to the group's 802.16 standard that defines the WirelessMAN air interface specification. 802.16 was developed by the IEEE's 802.16 Working . . .
Bernadette Rose submits, " IBM today announced that it will work with the Linux community to enter the Common Criteria certification process for the Linux operating system early this year and proceed with a progressive plan for certifying Linux at increasing security levels through 2003 and 2004. . . .
Lance Spitzner submits the latest from the Honeynet Project. "Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd.. . .
Cyclone is a programming language based on C that is safe, meaning that it rules out programs that have buffer overflows, dangling pointers, format string attacks, and so on. High-level, type-safe languages, such as Java, Scheme, or ML also provide safety, but they don't give the same control over data representations and memory management that C does (witness the fact that the run-time systems for these languages are usually written in C.). . .
North Pole - Citing concerns about security and licensing costs, Santa Claus is considering migrating his computer systems from Microsoft Windows to Linux. . .
The Open Web Application Security Project (OWASP) are pleased to annouce the imminent availability of CodeSeeker, an Application Level Firewall and Intrusion Detection System (AFWIDS) for Linux, Win32 and Solaris.. . .
Experts say the insertion of Trojans into two popular tools reinforces the need to run readily available programs, such as MD5 hashes, to ensure that code hasn't been altered. Experts recommend using MD5 hashes to expose Trojans. This and similar programs, such as MD4, SHA and SHA-1, continually compare codes generated by "healthy" software to hashes of programs in the field.. . .
Yesterday I've put out the BIND 4.9.10-OW2 patch, which includes the patch provided by ISC and thus has the two recently announced vulnerabilities affecting BIND 4 fixed. Another recent update is crypt_blowfish 0.4.5.. . .
A year ago, identity was mostly the concern of privacy and crypto guys. The only company taking much public interest was Microsoft, which was busy scaring everybody with its Passport identity management system and the Hailstorm initiative that went along with . . .
With online security alerts and virus attacks at an all-time high, SBC Communications (Quote, Company Info) on Monday launched an anti-hacker research center aimed at protecting consumers and Internet networks from security violations. . .
Douglas Kilpatrick sent in a note about a new open source project going on at Network Associates. "Privman is a library that makes it easy for programs to use privilege separation, a technique that prevents the leak or misuse of privilege from applications that must run with some elevated permissions. Applications that use the Privman library split into two halves, the half that performs valid privileged operations, and the half that contains the application's logic. The Privman library simplifies the otherwise complex task of separating the application, protecting the system from compromise if an error in the application logic is found.. . .
The sixtieth edition of PHRACK MAGAZINE is going to be released on December 25th as an X-MESS present to the community. To make this milestone edition of PHRACK MAGAZINE a quality release, the PHRACK MAGAZINE editorial staff are soliciting papers from . . .
The Defense Department is giving Carnegie Mellon University $35.5 million to develop tools and tactics for fighting cyberterrorism. The inventions to be researched and engineered at the top computer science school would serve equally well in battling hackers and Internet crooks. . . .
Its time for October's scan of the month. This months scan sponsored by Digital Forensic Research Workshop is slightly different than the scans of the month that you are used to. Scan 24 is available here. The police report. . .
The joint project, dubbed Infrastructure for Resilient Internet Systems (IRIS), aims to use distributed hash table (DHT) technology to develop a common infrastructure for distributed applications. DHT is like having a file cabinet distributed over numerous servers, explained Frans Kaashoek, a . . .
Attempting to protect software on CD-ROM disks from illegal copying, Hudson Soft Co. Ltd. and Victor Company of Japan Ltd. (JVC) have developed a copy protection technology that employs embedded encryption keys. . .