Security Projects - Page 49
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The Internetworked Security Information Service (ISIS) brings together four independent projects--the Open Source Vulnerability Database, the Alldas.de defacement-tracking service, the PacketStorm software database and the vulnerability watchdog VulnWatch--into a loosely organized collaboration. "There are a lot of commercial organizations that . . .
Boffins have moved one step closer to a practical implementation of the Holy Grail of encryption - quantum cryptography - by exchanging keys across a 67km fibre optic network. Until recently, the idea of quantum key distribution has been tested only. . .
LogError sent in a pointer to a PDF on the LSM project. "The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win acceptance into mainstream . . .
Peer-to-peer networks such as Morpheus and Audiogalaxy have enabled millions to trade music, movies and software freely. A group of veteran hackers is about to unveil a new peer-to-peer protocol that may eventually let millions more surf, chat and e-mail free. . .
Some of the world's best-known hackers unveiled a plan this weekend to offer free software to promote anonymous Web surfing in countries where the Internet is censored, especially China and Middle Eastern nations. . .
A header that includes a unique magic key allows a receiver to detect if the message is known. This header may also include a data length to allow TCP packet segregation and possibly even a simple checksum to validate the encapsulated . . .
In an effort to help Netizens in the more paranoid corners of the world evade national censorship, the cDc's Hacktivismo group is developing a browser product called Camera/Shy capable of creating and displaying images with messages which would likely get a . . .
Jim writes, "Worried about Web Application security? https://owasp.org/ has released this excellent 1.67meg document on how to safely write web applications. This paper covers everything you could possibly think of and is worth the read.". . .
David Wheeler, author of the Secure Programming HOWTO and the RATS development team from Secure Software Solutions today announced open source source code security flaw scanners. "RATS scans through code, finding potentially dangerous function calls. . . .
RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). All development is independent of governments and big companies, and no existing access . . .
A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security. The white paper, Opening the Open Source Debate, from the Alexis . . .
In this special section, eWeek Labs examines the state of the art in security vulnerability detection from several angles. It's cheapest--and most effective--to fix problems while they are in development, and I evaluate two tools designed to detect application security problems . . .
A technical overview of heap and buffer overflows, Linux tools that can be used to reduce their risk, the kinds of exploits these tools can prevent, and more. "This study deals with the various kinds of overflows (heap, stack) to understand how they work and how they may be used to execute malicious code. . .
Inflow, Espion and Deloitte & Touche are running a new "Honeynet" in Ireland to attract would-be cyber attackers and study their habits. The new Honeynet is already up and running at an unspecified Internet address. On-line for just 48 hours . . .
In the past three months, the open-source community has been given a wake-up call. While Microsoft has concentrated on reviewing its flagship Windows source code as part of a new focus on security, Internet watchdogs have released the details of . . .
Laurent Constantin let us know that the Lcrzoex Project now contains more than 300 GPLd network testing tools. "We are proud to announce that lcrzoex now contains over 300 network testing tools. Tool which passed this mark allows to spoof an IP/UDP packet.". . .
The National Security Agency last week announced the first companies to undergo an appraisal of their information security practices in a program aimed at helping government and commercial organizations improve their systems security. According to the Infosec Assessment Training and Rating . . .
To exploit this vulnerability one must create an account into the target site, base64_decode his cookie,modify the username in the cookie to inject SQL,base64_encode his cookie and pass it with save=1 to article.php (which must be done throught modules.php). . .
Because PHP is a critical piece of the hosting service puzzle, the PHP audit project was started in order to harden the PHP interpreter against known and unknown vunlerabilities. We are also trying to add some enhancements for the OpenBSD operating . . .
The author revisits a debate begun here recently on the nature of security in Open Source projects: do 'lots of eyeballs' insure secure code? It is a common misconception amongst users of Open Source software that it is a panacea when it comes to creating secure software.. . .