Security Projects - Page 35

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Strengthen Your Linux Software Development Pipeline with Code Security Scanners

Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security measures in development lifecycle processes. Code security scanners play a vital role here. These tool...
Oct 14, 2024
  0

Linux Security Modules (LSM): SELinux vs AppArmor vs TOMOYO

Linux has long been celebrated for its versatility, rob...
Sep 25, 2024
  0
1.Penguin Landscape Esm H115

OpenSSL's New Governance Structure: A Beacon of Progress for Open-Source Security

On July 24, 2024, OpenSSL took an extraordinary step to...
Jul 31, 2024
  0
5.ShakingHands Esm H115

Discover Security Projects News

New Live Hacking Channel on YouTube; Ethical Hacking Tutorials Free For All

New Live Hacking Channel on YouTube; Ethical Hacking Tutorials Free For All

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Dr. Ali Jahangiri, a leading information security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, is pleased to announce that he has created a channel on the popular online video site YouTube to share his free educational videos on ethical and white hat hacking. The new videos form part of the growing 'Live Hacking' brand which includes a book, workshops and a dedicated ethical hacking Linux distribution.

7 Reasons Why Your Company Needs a Privacy Policy

7 Reasons Why Your Company Needs a Privacy Policy

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Non-attorneys are often (justifiably) baffled at why lawyers take 3,000 words to say what normal people say in 300 and a handshake. At the risk of defending verbosity, it turns out that behind each handshake contains a wide range of non-standard assumptions. Many (if not most) disputes arise when there is a misunderstanding about an unspoken assumption

Unicode Security Considerations

Unicode Security Considerations

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ecause Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This is especially important as more and more products are internationalized. This document describes some of the security considerations that programmers, system analysts, standards developers, and users should take into account, and provides specific recommendations to reduce the risk of problems.

Ultra-secure Firefox offered to UK bank users

Ultra-secure Firefox offered to UK bank users

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

UK users are being offered a 'hardened' version of Mozilla Firefox that can secure access to online bank accounts, maker Network Intercept has announced. Although the security built into the browser is identical in its workings to the US version which has been available for some weeks, the Secure-Me browser does feature some necessary localisation.

Distributed Open Proxy Honeypots

Distributed Open Proxy Honeypots

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This project will use one of the web attacker's most trusted tools against them - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.

Five Security Missteps Made in the Name of Compliance

Five Security Missteps Made in the Name of Compliance

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Compliance pressures often push companies to make security improvements they wouldn't have tackled otherwise. More budget goes toward technology needed to protect customer data. New policies are created to rein in what employees do online with company machines. But there's a dark side to this story.

Secure software development is difficult, but tools, techniques improving, expert says

Secure software development is difficult, but tools, techniques improving, expert says

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The SANS Institute and MITRE Corp. issued an update to the CWE/SANS Top 25 Programming Errors List last week, focusing mitigation techniques that could be adopted into the security development lifecycle to help avoid multiple security bugs. But one expert says that while the programming error list helps contribute to improving software development, actually getting companies to implement a more secure software development process is a different story.

SANS Names Top 25 Programming Errors

SANS Names Top 25 Programming Errors

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When it comes to programming errors, some are more common than others. A new report from the SANS Institute identifies the top 25 programming errors that have led to nearly every type of IT security threat over the last year. The report draws on the input of 28 different groups including those in government and the private sector and leverages the CWE (Common Weakness Enumeration) numbering system to label vulnerabilities.

The state of Internet security

The state of Internet security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

While security vulnerability research can expose technical weaknesses that may be exploited, incident research provides in-depth information about the most common targets, motives and attack vectors of modern hackers.

Mark Cox: Top 11 Most Serious Flaw Types for 2009

Mark Cox: Top 11 Most Serious Flaw Types for 2009

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mark Cox, Director of Security Response at Red Hat, compiles a list of the top most serious security flaw types for 2009 and compares them with the past. During the creation and review of the list we spent some time to see how closely last years list matched the types of flaws we deal with at Red Hat. We first looked at all the issues that Red Hat fixed across our entire product portfolio in the 2009 calendar year and filtered out those that had the highest severity. All our 2009 vulnerabilities have CVSS scores, so we filtered on those that have a CVSS base score of 7.0 or above.

New approaches to virus protection

New approaches to virus protection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Internet Storm Center (ISC) has made the effort to list the hash values of around 40 million programs contained in the US National Software Reference Library (NSRL) in a database in such a way that they can be retrieved via a web front end. This potentially presents an alternative to anti-virus scanners searching for malicious code.

Apache SpamAssassin 3.3.0 available

Apache SpamAssassin 3.3.0 available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is a major release, incorporating enhancements and bug fixes that have accumulated in a year and a half of development since the 3.2.5 release. Apart from some new or changed dependencies on perl modules, this version is compatible to large extent with existing installations, so the upgrade is not expected to be problematic (neither is downgrading, if need arises). Please consult the list of known incompatibilities below before upgrading.

Bots and Spiders and Crawlers, be gone! - or - New Open Source WebAppSec tools, Huzzah!

"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Do you manage Apache based web server farms with Web Application Firewall (WAF) requirements that revolve primarily around a need for central thresholding/rate limiting features? Have you found an open source WAF solution that fulfills this need? Well if you haven't, I take extra special joy in the public sharing of two open projects that I'm involved with, serving the roles of cheerleader ;), tester and injecting scope creep whenever possible to solve various forms of abuse.

49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!

49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Arbor has released their 2009 Worldwide Infrastructure Security Report and it is an interesting read. The largest DDoS increased nearly 5-fold from 2004 to 2008 (and doubled from 2006 to 2008) to 49Gbps. At that size, you definitely need the assistance of your upstream service provider to mitigate. The report also shows the continuing trend of not reporting/referring attacks to law enforcement.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved