Government - Page 28

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Navigating Open-Source Security Risks: The Pursuit of Memory Safety in Open-Source Software

Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled "Exploring Memory Safety in Critical Open Source Projects," led by prominent cybersecurity bodies, reveals some severe r...
Jun 27, 2024
  0

German State Abandons Microsoft for Linux and LibreOffice

The German state, Schleswig-Holstein, has decided to mo...
Apr 05, 2024
  0
5.ShakingHands Esm H115

White House Warns: Move to Memory-Safe Languages

The Office of the National Cyber Director (ONCD) emphas...
Mar 04, 2024
  0
4.Lock AbstractDigital Esm H115

Discover Government News

Security Configuration Guides

Security Configuration Guides

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security. The NSA has new page on their site with information on a tons of security resources for both open source and proprietary software. Check it out you might learn something new.

SSH Key-Based Attacks

SSH Key-Based Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed. Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site. The US-CERT released on there list of security vulnerability, a attack on SSH keys. If you want more detail on this security risk check out this article on their site.

Security is No Secret

Security is No Secret

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

NSA takes its Flask architecture to the open-source community to offer an inexpensive route to trusted systems.Architecture created by the National Security Agency and expanded with help from the open-source community will save the Defense Department and intelligence agencies millions in hardware costs. With Flask,

Open Source Security Report

Open Source Security Report

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SAN FRANCISCO - May 20, 2008 - CoverityT, Inc., the leader in improving software quality and security, today announced the availability of the Scan Report on Open Source Software 2008. The Coverity Scan site was developed with support from the U.S. Department of Homeland Security as part of the federal government's 'Open Source Hardening Project.' The report is based on 2 years of analysis of more than 55 million lines of code on a recurring basis from over 250 popular open source projects with Coverity PreventT, the industry-leading static source code analysis solution. This projects seems to be on the right track in improving open-source security. What do you think? Will this project make a big impact on code quality and security?

Homeland Security Helps Reduce Open Source Flaws

Homeland Security Helps Reduce Open Source Flaws

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

According to a report from code analysis vendor Coverity, the DHS sponsored effort has helped to reduce the defect density in 250 open source projects by 16 percent over the past two years. That defect reduction translates into the elimination of over 8,500 defects. The report on the benefits of the DHS open source security efforts comes at a time when open source software is increasingly becoming part of critical infrastructure both in the government and in US enterprises. From this article it looks like the US government is helping make open source more secure. What do you think about this after reading this article?

Open Source Movement as Terrorism?

Open Source Movement as Terrorism?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I am not aware of any other entity, group or idea that matches these five primary characteristics of the open source movement as exactly as terrorist organizations. Read on for a two-in-one post from Linux Today - one post shows the "paper" that goes into detail into why the open source movement can be seen as terrorism, while the second post provides some rebuttals against the argument. Do you feel the article brings up any valid points? How would you respond to the author?

House Legislators Slam Bushs Cyber Initiative

House Legislators Slam Bush's Cyber Initiative

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The initiative is a long-range plan to upgrade the security of the federal government's networks and comprises a number of separate proposals, most notably an overhaul and expansion of the government's intrusion detection system, known as Einstein. Currently, Einstein is simply a passive traffic-monitoring system that records basic data such as the originating IP address of a packet, its size and where the packet came from and where it is headed. But the data that the system captures is not analyzed in real time, so attacks and other anomalies aren't caught until well after the fact. And, Einstein is a voluntary program and is not in place at all of the federal agencies right now. If there was one place where you'd think that security would be state-of-the-art and cutting edge, it would be our own federal government networks. I really don't see any necessary trade-off between "security" and "convenience" when it comes down to national security. What do you think a government IDS should have to set the benchmark for security?

Open-source Security Moves to Next Step

Open-source Security Moves to Next Step

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The work is part of a U.S. government-backed project to harden open-source code. "We applaud the developers responsible for the 11 open-source projects that have advanced to the second rung of code security and quality," said David Maxwell, open-source strategist for Coverity. The Open Source Hardening Project, sponsored by the U.S. Department of Homeland Security, uses Coverity's Scan, which grades projects on a "ladder" according to their progress at fixing and preventing flaws. This article talks about the Open Source Hardening Project which was started in January 2006. It discuses the current plans for helping open source security.

Movie Pirate Forced to Ditch Linux

Movie Pirate Forced to Ditch Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When a person asks me what a benefit of Linux is (from a layman's point of view), I frequently quote its strength against spyware - basically how using Linux is like getting an innoculation shot against the worst they throw at Windows / IE users. Who wants to use an operating system where someone you dont' even know is constantly monitoring you? In this article, the government has penalized a BitTorrent user by not only putting a monitoring bracelet on him, but they're forcing him to switch to Windows because "their monitoring software only works on Windows PCs". Read on to find out what his reaction is. Why not share you opinion on the matter? Is Linux just that good of a choice for internet browsing?

German Antihacker Law Could Backfire, Critics Warn

German Antihacker Law Could Backfire, Critics Warn

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Because you make pens, pencils, or any other sharp objects that are capable of stabbing and killing, you are liable for producing weapons. This is the logic I see behind the German Anti-Hacker law which states that offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes. These laws are based off of a "judgement call" and can only hinder the process of security researchers in their perpetual quest of closing zero-day vulnerabilities. How do you feel about laws like this being passed?

U.S. Goverment Struggles with Data Security

U.S. Goverment Struggles with Data Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"Standing at the center of this debate on how much security is enough are agency chief information security officers, who report to chief information officers." Join the debate. Do you think if the government use Linux machines and tools more it would help their security problems? I might come down to ease of use vs security.

Hacking Tools Are Legal For a Little Longer

Hacking Tools Are Legal For a Little Longer

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

What if everyone one day took everything that "could" be used "maliciously" and with "evil intent" (even though there are many benefits to these things) and just deemed them illegal right off the bat? A hacksaw could be used to cause bodily harm (in horror movies mostly), yet it's a valuable tool for carpenters - why should there be an evaluation on its intent? In the following article, see how the government may be deeming "dual use" security tools illegal before they are even used - authors of these tools may be prosecuted if they intended the tool to be used illegally.

RedHat Earns its stripes: Gets Top Government Approval

RedHat Earns its stripes: Gets Top Government Approval

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"Red Hat Linux received a new level of security certification that should make the software appealing to government agencies." Is this a good thing for getting other Linux Distro's accepted to be a secure platform for government agencies to use? Also is this a step forward for the Linux community to get more exposure or just for Red Hat as a company? I think this is good for Red Hat however we will have to wait and see if any government agencies really take action and use Linux to help solve their security problems.

DOS Gets Political in Estonia

DOS Gets Political in Estonia

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Many of Estonia's government agencies are still unreachable via the Web today after hackers launched denial-of-service attacks that rendered many of their sites useless over the weekend.

Experts: US Not Prepared for Cyber Attack

Experts: US Not Prepared for Cyber Attack

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The United States is vulnerable to a "strategically crippling cyber attack" by enemies around the world, experts told Congress yesterday. Testifying before the House Committee on Homeland Security, high-profile experts said the federal government's cyber defenses have become dated and may leave the country open to an attack -- "not by a conventional weapon, but by a cyber weapon."

Hackers Used E-mail Access to Govt Computers

Hackers Used E-mail Access to Gov't Computers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government's network. In the first public account revealing details about the intrusion and the government's hurried behind-the-scenes response, a senior State Department official described an elaborate ploy by sophisticated international hackers. They used a secret break-in technique that exploited a design flaw in Microsoft software.

State Comes up Short on Information Security

State Comes up Short on Information Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Despite some improvements, the State Department still falls short in its information security efforts, according to a new report from Inspector General Howard J. Krongard. Nearly half of the 34 departmental posts and bureaus audited by the inspector general from April to September 2006 displayed shortcomings in IT security, according to the report.

IRS Head: All Laptops to be Encrypted Within Weeks

IRS Head: All Laptops to be Encrypted Within Weeks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

After an auditor found serious security problems in the way it handled sensitive data on laptops, the Internal Revenue Service said it will have all laptops encrypted within the next few weeks. Speaking in an interview with National Public Radio over the weekend, Internal Revenue Service Commissioner Mark Everson said his organization was making the effort following a recently released audit that found unencrypted data on a large percentage of IRS laptop computers.

Is it time for Wikigov?

Is it time for Wikigov?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The government is taking some cautious steps toward what has been called Web 2.0, letting users contribute to rather than merely browse agency Web sites. The Patent and Trademark Office is piloting a program to invite online comment on patent applications. And the Federal CIO Council's Semantic Interoperability Community of Practice uses wiki software so that attendees and presenters can post material about the group's monthly meetings.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved