Security Projects - Page 16 - Results from #300

Discover Security Projects News

The Central Security Project: Vulnerability Reporting for Open Source Java

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When a security researcher finds a security bug, what do they do? Unfortunately, the answer sometimes is they search for the appropriate people to notify and, when they can’t be found, end up posting the vulnerability to public email lists, the GitHub project, or even Twitter.

LinuxSecurity.com Team
Mar 28, 2019

Critical flaw revealed in Facebook Fizz TLS project

Researchers have found a vulnerability in the open-source Facebook Fizz project which is relatively easy to trigger for the purposes of a denial-of-service (DoS) attack.

LinuxSecurity.com Team
Mar 23, 2019

ICANN Warns of 'Ongoing and Significant' Attacks Against Internet's DNS Infrastructure

The internet's address book keeper has warned of an "ongoing and significant risk" to key parts of the domain name system infrastructure, following months of increased attacks.

LinuxSecurity.com Team
Feb 25, 2019

EU to offer nearly $1m in bug bounties for open-source software

The internet runs on open-source, and it’s often hardworking volunteer developers who spend long hours keeping the projects alive. Unfortunately, they don’t always have the time or resources they need to hunt down the bugs that inevitably spring up in these large, complex code bases.

LinuxSecurity.com Team
Jan 04, 2019

The Linux Kernel In 2018 Summed Up: Spectre/Meltdown, CoC, Speck Fears, New Features

It was a very busy year in kernel space from mitigating security vulnerabilities to preparing new features. Here is a look back at the most popular kernel topics of this year.

LinuxSecurity.com Team
Dec 31, 2018

EU offers bounties to help find security flaws in open source tools

The European Union believes it has a simple way to bolster its digital security: offer lots of cold, hard cash. The European Commission is launching bug bounties in January that will offer prizes in return for spotting security flaws in 14 free, open source software tools EU institutions use.

LinuxSecurity.com Team
Dec 30, 2018

Celebrating 20 Years of OpenSSL

20 years ago, on the 23rd December 1998, the first version of OpenSSL was released. OpenSSL was not the original name planned for the project but it was changed over just a few hours before the site went live. Let’s take a look at some of the early history of OpenSSL as some of the background has not been documented before.

LinuxSecurity.com Team
Dec 20, 2018

IoT security and Linux: Why IncludeOS thinks it has the edge

Security is a big worry for the Internet of Things. We've already seen countless incidents where smart internet-connected devices are taken over by an attacker and put to unintended use.

LinuxSecurity.com Team
Nov 12, 2018

This MIT PhD Wants to Replace America's Broken Voting Machines with Open Source Software, Chromebook

Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: “today’s voting machines are often insecure, not particularly easy-to-use, and so expensive that they’re often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us.”

LinuxSecurity.com Team
Nov 07, 2018

Linux Is Getting New Network Libraries From Veteran systemd/BUS1 Developers

Veteran systemd and BUS1 developers are David Herrmann and Tom Gundersen have been working on "nettools" as a new network configuration libraries project for Linux.

LinuxSecurity.com Team
Sep 29, 2018

Taipan - Web Application Security Scanner

Taipan is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the Taipan dashboard:

LinuxSecurity.com Team
Mar 23, 2018

Is Application Security Dead?

Spoiler alert: If application security isn't dead yet, its days are numbered. OK, this is an over-exaggeration, but fear not, application security engineers — the work you do is actually becoming more important than ever, and your budget will soon reflect this. Application security will never die, but it will have to morph to succeed.

LinuxSecurity.com Team
Mar 23, 2018

GitHub: Our dependency scan has found four million security flaws in public repos

GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners.

LinuxSecurity.com Team
Mar 22, 2018

yescrypt - modern KDF and password hashing scheme

yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon Colin Percival's scrypt and includes classic scrypt, a minor extension of scrypt known as YESCRYPT_WORM (named that for "write once, read [potentially] many [times]", which is how scrypt works), and the full native yescrypt also known as YESCRYPT_RW (for "read-write").

LinuxSecurity.com Team
Mar 16, 2018

Hackers, Activists, Journos: How to Build a Secure Burner Laptop

Security researcher Georg Wicherski recalls a friend who was once stopped at the airport on his way to the Black Hat hacking conference. Security took his laptop, supposedly for a routine X-ray, but it seemed to be taking too long. He suspected something more nefarious: airports are an easy place for authorities to place malware on seized equipment.

LinuxSecurity.com Team
Oct 29, 2015

Hacking Fitbit

This is impressive: "An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille says.

LinuxSecurity.com Team
Oct 23, 2015

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Having trouble getting a Meterpreter shell past that pesky AV? Check out the new Shellter 5.1 shellcode injection tool! The latest version of Shellter for pentesters includes a

LinuxSecurity.com Team
Oct 12, 2015

Matthew Garrett is not forking Linux

When Matthew Garrett, well-known Linux kernel developer and ‎CoreOS principal security engineer, announced he was releasing a [Linux] kernel tree with patches that implement a BSD-style securelevel interface, I predicted people would say Garrett was forking Linux. I was right. They have. But, that's not what Garrett is doing.

LinuxSecurity.com Team
Oct 09, 2015

Fretting about Stagefright on Galaxy S5? CyanogenMod's stable release has a fix

CyanogenMod has rolled out stable builds for about 50 handsets and is including the October security fixes that Google released this week for Nexus devices. For Android users concerned about easily exploited bugs like Stagefright 1.0 and 2.0, it seems that the fastest way to get critical security updates is to replace the device's existing firmware with CyanogenMod.

LinuxSecurity.com Team
Oct 08, 2015

Hacking Wireless Printers With Phones on Drones

You might think that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.

LinuxSecurity.com Team
Oct 06, 2015

Security Projects - Page 16

Strengthen Your Linux Software Development Pipeline with Code Security Scanners

Linux Security Modules (LSM): SELinux vs AppArmor vs TOMOYO

OpenSSL's New Governance Structure: A Beacon of Progress for Open-Source Security