MD5 Considered Harmful (and what that means to you)
(Jan 2, 2009, 20:03 UTC) (4770 reads) (7 talkbacks) (feedback)
emmajane's blog: "You know the lock icon in your browser that tells you your banking Web site is safe and you are secure? As of yesterday we've learned this icon may be meaningless."

Tales From The Support Crypt
(Dec 30, 2008, 23:32 UTC) (2016 reads) (2 talkbacks) (feedback)
Help Net Security: "Dear Sirs: I am a client of yours. Given that I cannot disinfect my computer's DVD drive, I have enclosed it for you to clean it and send it back to me."

Wiping Disks With DBAN
(Dec 24, 2008, 18:34 UTC) (2153 reads) (0 talkbacks) (feedback)
Tip of the Trade: "DBAN (Darik's Boot And Nuke) is designed to fully and securely wipe your disk. It's a downloadable self-contained boot disk, available for CD/DVD, floppy disk, or USB flash drive."

Security Trends of 2008 and Predictions for 2009
(Dec 24, 2008, 16:04 UTC) (1389 reads) (0 talkbacks) (feedback)
Help Net Security: "As a new year approaches we must prepare for new Internet security threats. Every year, new and innovative ways of attacking computer users emerge and continue to increase in volume and severity. To know where we are going it is helpful to look at where we have been."
This isn't really about security trends-- it's about threat trends. --ed.

Why the Latest IE Flaw Proves Linux Got it Right From the Start
(Dec 23, 2008, 18:31 UTC) (4016 reads) (4 talkbacks) (feedback)
The Linux Distillery: "You've all heard a major new flaw has been found affecting Internet Explorer all the way back to version 5. Microsoft pushed out a fix out of their regular "patch Tuesday" monthly schedule. The flaw has prompted some commentators to call for the replacement of IE with alternate browsers like Firefox. Just what was so serious? And what do Microsoft say that show Linux has the superior design?"

Top 10 Linux Hacking Tools
(Dec 23, 2008, 15:31 UTC) (2843 reads) (0 talkbacks) (feedback)
Hacking Truths: "2. Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers."

The Slow Bruteforcers May in Fact be Learning
(Dec 22, 2008, 18:01 UTC) (1366 reads) (0 talkbacks) (feedback)
That Grumpy BSD Guy: "The distributed but clearly coordinated bruteforcers are still at it. How long until they reach the end of the alphabet? And why are they staying away from my OpenBSD machines? Are we seeing the contours of a controlling intelligence?"

5 Known Linux Anti-virus Software for Paranoid Users
(Dec 22, 2008, 15:01 UTC) (2639 reads) (5 talkbacks) (feedback)
Tech Source From Bohol: "At the moment, the best way to keep away from viruses while using Linux is to avoid running or installing untrusted programs as root (superuser). However, to those who are rather paranoid and want extra protection, there are available anti-virus applications for Linux. Here are five known Linux anti-virus software that you may want to check out:"

Mozilla Counters "Dirty Dozen" Criticism of Firefox Security
(Dec 20, 2008, 12:03 UTC) (3297 reads) (1 talkbacks) (feedback)
Linux Magazine: "Bit9, self-professed leader in enterprise application whitelisting, recently included Mozilla's Firefox browser among "the Dirty Dozen" applications with critical security vulnerabilities. Mozilla's security expert Jonathan Nightingale disputes that critique."

5 Best Linux/BSD Firewall Tools
(Dec 17, 2008, 10:34 UTC) (2849 reads) (1 talkbacks) (feedback)
Intranet Journal: "Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach. Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance."

How to Run Ubuntu Safely
(Dec 17, 2008, 07:34 UTC) (3253 reads) (1 talkbacks) (feedback)
Datamation: "There is a common belief that if someone switches to a desktop Linux distribution such as Ubuntu, then security concerns generally take care of themselves. Unfortunately, reality has a different take on this"

tor2web Brings Anonymous Tor Sites to the "Regular" Web
(Dec 16, 2008, 18:32 UTC) (1246 reads) (0 talkbacks) (feedback)
ars Technica: "Regular web users can now access anonymously-published websites that are masked by Tor's hidden services thanks to a new tool called tor2web. The tool, created by former Reddit developer Aaron Swartz and WikiScanner creator Virgil Griffith, enables people to view these hidden websites without diving into Tor..."

Vulnerabilities Play Only a Minor Role in Malware Spread, Says Researcher
(Dec 9, 2008, 16:21 UTC) (1331 reads) (2 talkbacks) (feedback)
Computerworld: "Computer users are their own worst enemies, a security company warned today, as it released data that shows software bugs were the source of just 5% of the past year's infections."

Coalition to Secure DNS Takes Shape
(Dec 8, 2008, 23:34 UTC) (1301 reads) (0 talkbacks) (feedback)
InternetNews: "It will take some time, but the Domain Name Service (DNS) is on its way to be secured around the world with DNSSEC (DNS Security Extensions). A new industry consortium called the DNSSEC Industry Coalition has been formed to expedite the implementation of DNSSEC and in so doing will help to secure the Internet itself for over a billion users."

Punishment vs. Prevention
(Dec 5, 2008, 21:33 UTC) (1734 reads) (2 talkbacks) (feedback)
Realeyes Technology: "Recently, F-Secure released a report titled, "Growth in Internet crime calls for growth in punishment". The article and the associated report cite F-Secure's research and several specific incidents to make the case for creating an 'Internetpol' to fight cybercrime...The data that is used to reach this conclusion is tenuous at best."

Secure Apache: Out, Damned Bot
(Dec 5, 2008, 19:33 UTC) (1545 reads) (0 talkbacks) (feedback)
Enterprise IT Planet: "The Web is no different; almost as soon as people started publishing content, others began trying to figure out how to steal it. I'll call these people and their ilk 'perps.' As soon as pages became read/write instead of just read-only, perps began figuring out how to use them to publish their own content on other people's servers. (Examples include wikis and blog comments.)"

Why Does Microsoft Always Get A Free Pass? Why Does Big Business Reek So Badly?
(Dec 4, 2008, 07:03 UTC) (2535 reads) (7 talkbacks) (feedback)
LinuxPlanet: "John Gilmore, one of the founders of Electronic Frontier Foundation and all-around awesome geek and activist, is often quoted as saying "The Net interprets censorship as damage and routes around it." But does it? The Internet is under the control of the companies who own the wires, which ain't us peons out here in the world."

Public Key Crypto for Enterprise Users
(Dec 4, 2008, 02:33 UTC) (1449 reads) (0 talkbacks) (feedback)
Enterprise Networking Planet: "Its strength lies in the fact that it can be used to exchange encrypted information between two parties that have never communicated together before and have therefore never agreed on a secure way of exchanging messages."

The Big Ol' Ubuntu Security Resource
(Dec 3, 2008, 20:33 UTC) (2053 reads) (2 talkbacks) (feedback)
IT Security: "But although Ubuntu is billed as the ultra-secure solution, you should know that even though Ubuntu's default install has its flaws, like every other operating system. To combat these weaknesses, IT Security has prepared a guide to help you close your system's backdoors and protect you from some of the common Ubuntu exploits."

Shred and Secure-Delete: Tools for Wiping Files, Partitions and Disks in GNU/Lin
(Dec 3, 2008, 08:33 UTC) (2125 reads) (1 talkbacks) (feedback)
Free Software Magazine: "I carry a small, laminated card indicating my subscription to the IUSP (International Union of the Super Paranoid, tin hat division). Well, you can’t be too careful. After all, we live in a dangerous world and computers are just an extension of that."

40 Open Source Tools for Protecting Your Privacy
(Dec 3, 2008, 07:03 UTC) (2788 reads) (0 talkbacks) (feedback)
eSecurityPlanet: "You don't need to fork over big bucks – or even any bucks – to keep your online activities and identity secret. The open source community has dozens of privacy-related projects in development, and some of them have already proven themselves to be among the best privacy protection tools available."

Trumpet Windows Loudly--- Except When It's Malware Outbreaks
(Dec 3, 2008, 00:01 UTC) (2718 reads) (6 talkbacks) (feedback)
Linux Today Blog: "Ever notice how Microsoft plasters the Windows name on everything it can reach? Splash screens, stickers on computers, and advertising everywhere. There is no escaping it. Except when it's yet another malware outbreak-- then all the news organization go inexplicably deaf, dumb, and blind, as this latest story demonstrates:
Virus hits nearly 75% of systems on Afghanistan military base."

Security: A Low Intensity, Distributed Bruteforce Attempt
(Dec 2, 2008, 23:31 UTC) (1807 reads) (2 talkbacks) (feedback)
That Grumpy BSD Guy: "A low intensity, distributed bruteforce attempt... We have seen the future of botnets, and it is a distributed, low-key affair. Are sites running free software finally becoming malware targets?"

Virus Hits Nearly 75% of Systems on Afghanistan Military Base
(Dec 2, 2008, 19:17 UTC) (2642 reads) (7 talkbacks) (feedback)
Zero Day: "Earlier this month we saw the military ban the use of USB drives and other removable media. Apparently the virus outbreak that lead to this measure affected 75% of all systems at the largest U.S. military base in Afghanistan."

EFF to Fight Against Telecom Immunity in Tuesday Hearing
(Dec 1, 2008, 23:34 UTC) (1095 reads) (0 talkbacks) (feedback)
Electronic Frontier Foundation: "On Tuesday, December 2, at 10 a.m., the Electronic Frontier Foundation (EFF) will challenge the constitutionality of a federal law aimed at granting immunity to telecommunications companies participating in illegal domestic surveillance."

Data Encryption and Ubuntu, Part III
(Dec 1, 2008, 19:34 UTC) (1663 reads) (0 talkbacks) (feedback)
IT Wire: "In the previous article we looked at the basics of using PGP, creating and backing up PGP keys and using them to encrypt files locally. Now we'll look at how to send someone an encrypted email."

Protecting Your LAMP Site with a Robots.txt Honeypot
(Nov 27, 2008, 12:03 UTC) (3258 reads) (0 talkbacks) (feedback)
Mad Irish: "Knowing that malicious attackers might look into your robots.txt file and explore the listings there allows you to employ a few defensive techniques, or at least provide some early warning measures. One possibility is to simply waste an attackers time."

Hardening the Linux Desktop
(Nov 26, 2008, 07:33 UTC) (3637 reads) (4 talkbacks) (feedback)
IBM Developerworks: "This tutorial takes you through the steps of installing and configuring antivirus software, creating a backup-restore plan, and making practical use of a firewall. When you finish, you'll have the knowledge and tools you need to harden your Linux desktop against most attacks and prevent illegitimate access to your computer."
link fixed--ed.

Anonymous Proxy Using Squid 3 On CentOS 5.x
(Nov 23, 2008, 00:16 UTC) (2636 reads) (0 talkbacks) (feedback)
HowtoForge: "This howto describes step by step a method to install a SQUID 3 server as an Anonymous Proxy. An anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It accesses the Internet on the user's behalf, protecting personal information by hiding the source computer's identifying information. Simply say to hide your IP."

Make Your BIOS Love Security
(Nov 22, 2008, 10:03 UTC) (2998 reads) (4 talkbacks) (feedback)
Codeblog: "There's this great CPU feature called "nx" - it protects your computer from intrusion by blocking execution of memory regions that weren't expected to be executable (i.e. stack/heap data). You really want this enabled."

Data encryption and Ubuntu, Part I
(Nov 21, 2008, 19:03 UTC) (2022 reads) (0 talkbacks) (feedback)
IT Wire: "I am a strong believer that in certain circumstances you should have mechanism available to you to protect your own data and be avle to share that data only with people and organisations that you trust. I want to outline several ways of keeping your data private."

IETF: Should We Ignore the Kaminsky Bug?
(Nov 21, 2008, 17:33 UTC) (1617 reads) (0 talkbacks) (feedback)
Network World: "The Internet engineering community is grappling with what to do about a serious flaw in the DNS discovered this summer, and the ongoing debate brings to mind a famous quotation from Voltaire: "The perfect is the enemy of the good.""

Building an OpenBSD Gateway - Part 1
(Nov 21, 2008, 01:03 UTC) (1763 reads) (0 talkbacks) (feedback)
Raiden's Realm: "If you're happy with the level of functionality you receive from your current router, then you can stop reading now if you like. However, if you want to crank up your gateway's functionality and security by astronomic proportions, then this tutorial is for you."

Window Kit: Investigating Windows Systems With Linux
(Nov 20, 2008, 18:03 UTC) (2118 reads) (0 talkbacks) (feedback)
Linux Magazine: "Criminals, intruders, and corporate saboteurs leave data behind on the hard disks of any computers they visit. Many of these computers are Windows systems, but you don’t need Windows to extract valuable forensic information from a Windows hard disk. In this article, I will describe some simple techniques for getting forensic data from a Windows disk using Linux."

Hardening The Linux Kernel With Grsecurity (Debian)
(Nov 20, 2008, 10:03 UTC) (2221 reads) (1 talkbacks) (feedback)
HowtoForge: "Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points."

Answers Trickle Out as Spammer Networks Remain Compromised
(Nov 19, 2008, 19:16 UTC) (2089 reads) (0 talkbacks) (feedback)
Washington Post: "At about 4:30 p.m. Eastern time last Tuesday, the volume of junk e-mail arriving at inboxes around the world suddenly plummeted by about 65 percent...But when McColo was taken offline by its Internet providers, so too were all of the botnet control servers located there, security experts said."

Unplugging The World's Biggest Spam Host-- Temporarily
(Nov 19, 2008, 18:16 UTC) (2591 reads) (1 talkbacks) (feedback)
A number of stories have been published in the past few days about McColo getting shut down. Reportedly, worldwide spam volumes dropped significantly. McColo then got back online briefly, but was again disconnected due to public pressure.

cRAZY mAD wITH spam
(Nov 16, 2008, 04:01 UTC) (2751 reads) (1 talkbacks) (feedback)
BeginLinux: "I am involved in a very personal war .. a war on Spam not because I must, everybody else lives with it, but just because it makes me mad! Spam has made me so mad I have gone on a personal goal to cut the Spam on my servers to 0%...realistic, probably not. Die trying...yep that's me."

Enhance PC Security with Open Source Apps
(Nov 14, 2008, 07:33 UTC) (1976 reads) (0 talkbacks) (feedback)
Intranet Journal: "For Windows users, this has often felt like a fact of life. Even while there are some great freeware options for PC security like AVG anti-virus or Zone Alarm firewall, wouldn't it be great if there were some open source options as well? As luck would have it, there are. In this article, I will highlight open source applications that will not only save you some money, but potentially put you back into the driver's seat with regard to your PC's security."

Bruce Schneier: Securing Your PC and Your Privacy
(Nov 13, 2008, 04:34 UTC) (2415 reads) (0 talkbacks) (feedback)
Datamation: "He might be called the international rock star of computer security. Having testified before Congress and given well-regarded speeches the world over, when Bruce Schneier talks about security, experts listen."

( UTC) ( reads) ( talkbacks) (feedback)

Receive news via our XML/RSS feed