Security Projects - Page 35 - Results from #680

Discover Security Projects News

OAuth Is the New Hotness in Identity Management

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

With Facebook Connect being abandoned in its favor, and a new draft specification before the IETF, OAuth is shaping up as the cornerstone of identity management for cloud-based applications and services. eWEEK Labs Senior Analyst P. J. Connolly looks at what's behind the seamless access to services on social media sites such as Facebook, LinkedIn and Twitter.

LinuxSecurity.com Team
Apr 24, 2010

Secret Anti-Piracy Treaty Details Going Public

Countries negotiating a major cross-border agreement to crack down on intellectual property crimes have agreed to release previously secret draft language of the controversial accord this week.

LinuxSecurity.com Team
Apr 20, 2010

Building the Foundation for Successful Password Self-Service Part 3: Challenge Questions

So far we have established the value of properly implementing password self-service and successfully tackled building effective password governance. The next step is to develop "challenge questions."

LinuxSecurity.com Team
Apr 19, 2010

Members of ClamAV Community Furious at Version EOL

On October 5th, 2009, around the time of the 0.95.3 release of ClamAv, the popular Open Source anti-virus scanner, the ClamAV team announced that as of April 15th, 2010, versions prior to 0.96 would stop being able to receive pattern updates, in effect, killing the program.

LinuxSecurity.com Team
Apr 19, 2010

Apple Software Security Inferior to Microsoft

A security expert that build his career on identifying vulnerabilities in Microsoft software now says that the company has come a long way. Marc Maiffret, a former hacker turned legitimate security researcher, and now chief security architect at FireEye, told InSecurity Complex that Apple

LinuxSecurity.com Team
Apr 16, 2010

Building the Foundation for Successful Password Self-Service Part 2: Password Governance

In my last article, we explored how a properly implemented password self-service mechanism can yield a quick and early return on the identity management journey. Password self-service is a cornerstone in the foundation for reduced sign-on (which is essentially what SSO promised to be).

LinuxSecurity.com Team
Apr 16, 2010

Marc Maiffret--the quick rise of a teen hacker (Q&A)

For Marc Maiffret, the turning point in his life came when--at the age of 17--he woke up to an FBI agent pointing a gun at his head. A runaway and high school dropout, he had just returned home and landed his first professional job using his computer skills for the good of companies instead of for mischief. But his past was still catching up to his present.

LinuxSecurity.com Team
Apr 15, 2010

Researcher Details New Class Of Cross-Site Scripting Attack

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says. Tyler Reguly, lead security research engineer at nCircle, today published a white paper outlining a new category of attack called "meta-information XSS" (miXSS), which works differently than other forms of the popular attack method -- and could be difficult to detect.

LinuxSecurity.com Team
Apr 13, 2010

Secure virtualized operating system launched

Security researcher Joanna Rutkowska has released an open source operating system, called Qubes, designed to offer better protection against rootkits.

LinuxSecurity.com Team
Apr 12, 2010

Honeynet: Google Summer of Code 2010 Updated Ideas Page and Student Applications Open

On March 29th Google officially began accepting applications from students for Google Summer of Code 2010, which the Honeynet Project is very exicted to be participating in again this year as a mentoring organisation. We've recently updated our project ideas page and mentor information and students have until 19:00 UTC on Friday April 9th to apply (you can either chose one of our ideas or propose your own).

LinuxSecurity.com Team
Apr 07, 2010

Hackers: not just geeks, but activists

The word

LinuxSecurity.com Team
Apr 07, 2010

Moodle 1.9.8 Tackles Security Vulnerabilities

Moodle has released an update to its open source learning management system for Mac OS X, Windows, and Linux. Moodle 1.9.8 includes a number of small improvements and bug fixes but also addresses nine security vulnerabilities, including two that Moodle developers have labeled as "critical" and five as "major." Moodle has also released a parallel update to the 1.8 branch, version 1.8.12, which includes comparable changes.

LinuxSecurity.com Team
Apr 06, 2010

Buck-security - Security scanner for Ubuntu Servers

Buck-Security is a security scanner for Debian and Ubuntu Linux. It helps you to harden your system by running some important security checks. For example, it finds world-writable files and directories, setuid and setgid programs, superuser accounts, and installed attack tool packages.

LinuxSecurity.com Team
Apr 05, 2010

Ways to Justify Security Programs: 13 Cs

My last post Forget ROI and Risk. Consider Competitive Advantage seems to be attracting some good comments. I thought it might be useful to mention a variety of ways to justify a security program. I don't intend for readers to use all of these, or to even agree. However, you may find a handful that might have traction in your environment.

LinuxSecurity.com Team
Apr 01, 2010

Code Writers Finally Get Security? Maybe

A new study finds software writers increasingly intent on baking security into their code writing, and Microsoft gets high marks for helping the process along. Security practitioners often rant about sloppy software writing as the main reason attacks flourish. But newly released survey results suggest code writers are slowly starting to get it.

LinuxSecurity.com Team
Mar 31, 2010

PDF: Vulnerability Testing Process

This document is a sample of a vulnerability testing process for a fictitious company, Company X. It outlines Company X

LinuxSecurity.com Team
Mar 30, 2010

The Mac Hacker Strikes Again

Charlie Miller has a habit of publicly upending Apple's security claims. Real cyberspies may be doing the same thing in private. Charlie A. Miller loves his Macbook Pro laptop. And his four other Apple PCs, the iPhone he uses daily and two older iPhones he keeps for tinkering. But his relationship with the company that created those gadgets is somewhat more complicated.

LinuxSecurity.com Team
Mar 26, 2010

New Live Hacking Channel on YouTube; Ethical Hacking Tutorials Free For All

Dr. Ali Jahangiri, a leading information security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, is pleased to announce that he has created a channel on the popular online video site YouTube to share his free educational videos on ethical and white hat hacking. The new videos form part of the growing 'Live Hacking' brand which includes a book, workshops and a dedicated ethical hacking Linux distribution.

LinuxSecurity.com Team
Mar 24, 2010

Conversations With a Blackhat

LinuxSecurity.com Team
Mar 24, 2010

7 Reasons Why Your Company Needs a Privacy Policy

Non-attorneys are often (justifiably) baffled at why lawyers take 3,000 words to say what normal people say in 300 and a handshake. At the risk of defending verbosity, it turns out that behind each handshake contains a wide range of non-standard assumptions. Many (if not most) disputes arise when there is a misunderstanding about an unspoken assumption

LinuxSecurity.com Team
Mar 18, 2010

Security Projects - Page 35

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12

Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins

Deck the Halls with Enhanced Security: Linux Kernel 6.13's Top Features & Improvements