Security Projects - Page 33
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The IT Department where Daniel Toth works won't let him use open source software because they believe it's a security risk. Is it? No. If anything, open-source software has the potential to be safer. Not that it always is, of course.
The ability to access the code of open-source applications may give attackers an edge in developing exploits for the software, according to a paper analyzing two years' worth of attack data. The paper, to be presented this week at the Workshop on the Economics of Information Security, correlated 400 million alerts from intrusion detection systems with known attributes of the targeted software and vulnerabilities.
Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg.
Looking for ideas to improve how code security is done in your enterprise? Here are several. Code security is something companies have struggled with for some time. In the rush to make new websites and applications available to customers, vulnerabilities are inevitably left behind.
FOCA 2 has a new algorithm which tries to discover as much info related to network infrastructure as possible. In this alpha version FOCA will add to the figured out network-map, all servers than can be found using a recursive algorithm searching in Google, BING, Reverse IP in BING, Well-known servers and DNS records, using an internal PTR-Scaning, etc
Are you responsible for one or more Windows computers? If yes then the odds are really good that you have had to deal with cleaning viruses and malware. Did you know F-Secure offers a free Rescue CD built on Knoppix for just this purpose? Let's take a look at how easy the F-Secure Rescue CD is to use.
The short answer: Updates are worthless if one does not apply them. Once again I find myself cleaning malware off of a home user
This is the first in a series of posts detailing the journey and experiences of Joseph Sokoly as a first time speaker in InfoSec. Continuing on the
The IT security job market is booming -- but that doesn't mean everyone is automatically getting a job, or the right job. And just like the threat landscape is rapidly evolving, so are the qualifications and qualities needed for positions in the security profession.
Mozilla launched a tool that lets users of rival browsers, including Internet Explorer (IE), Chrome, Safari and Opera, determine whether important add-ons may be vulnerable to attack.
When Oracle bought Sun, there were many unanswered questions about Sun's open-source portfolio of programs. Over a year later, we still don't know, for example, if OpenSolaris is going to have Oracle's support. We now know, however, that OpenSSO, an open source access management and federation server platform, will live on as a product under the new open-source company ForgeRock.
Security Consultant and Trainer Joe McCray has been hacking into the Department of Defense (DoD), Federal Agencies, Financial Institutions, and other big companies for years - legally of course. He's a Penetration Tester, a term used to describe a computer security consultant that hacks into companies in order to demonstrate security weaknesses.
Do SQL injections turn you on? How about double SQL injections? If the answer is
Google's online tutorial for web developers includes a server which demonstrates typical vulnerabilities for them to virtually exploit. The tutorial consists of two elements: an intentionally unsafe mini-blog web application
The Apache Software Foundation runs its open source projects on a hierarchy of principally three levels, top-level projects (TLPs), sub-projects and incubated projects. Achieving the TLP status is a major milestone for an open source effort and this week Apache announced that six projects were being graduated to TLP status.
The Apache Software Foundation, developer of open source software, on Tuesday is announcing the creation of six Top-Level Projects, including the Apache Traffic Server for caching and Apache Mahout, implementing machine-learning algorithms atop the Apache Hadoop distributed computing platform.
Last week, I got on the phone with HD Moore to ask him how things have been going since he sold Metasploit to Rapid7, sending the open source security world into a frenzy some six months ago. Rapid7 had just released the commercial version, dubbed Metasploit Express, of Moore's much beloved open source penetration testing tool.
Symantec's Francis deSouza lays out the requirements for a more practical way of addressing information security threats. The recent the Hydraq attacks were the latest example of just how radically the Internet threat landscape has changed over the past few years, and how vulnerable companies and their information stores are to cyber attacks.
An increasing number of people are asking us about the recent paper coming out of Inria in France around Bittorrent and privacy attacks. This post tries to explain the attacks and what they imply.