Security Projects - Page 47
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
On December 1st, 2003, we discovered that the "Savannah" system, which is maintained by the Free Software Foundation and provides CVS and development services to the GNU project and other Free Software projects, was compromised at circa November 2nd, 2003.. . .
University campuses and corporate boardrooms aren't the only places that benefit from diversity -- computer networks and the Internet could stand up better to viruses and worms if they relied on more diverse software, according to computer scientists at Carnegie Mellon . . .
The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles "skin" files, or configuration files that can change the . . .
Michael S. Mimoso submits, Linux distributor Debian reported Friday afternoon that some of its servers have been compromised since Thursday. The alert, posted to several security and Linux mailing lists, stresses that its archive had not been hacked, sparing thousands of installations a potential security nightmare.. . .
A prominent security researcher this week proposed a plan to create a trade association for vulnerability researchers that would act as an advocacy organization as well as protect the legal and economic interests of the members. The plan is still very . . .
We are pleased to announce the official release of OpenBSD 3.4. This is our 14th release on CD-ROM (and 15th via FTP). We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As in our previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system.. . .
CanSecWest would like to announce the final selection of papers for the first, fall, PacSec.jp/core03 conference (below), and the beginning of the call to submit papers for the spring, fifth annual, CanSecWest/core04 network security training conference. . . .
Michael Rash submits fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to . . .
There are two parts to any security policy. One deals with preventing external threats to maintain the integrity of the network. The second deals with reducing internal risks by defining appropriate use of network resources.. . .
The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with . . .
Still, on the whole, no cost up-front is hard to beat. The software giants already concede their products have no advantages over open source products in terms of security and reliability. They hope to maintain sales based on superior service and customer service, but then again, none of the companies mentioned have a reputation for much other than arrogance when it comes to dealing with customers.. . .
Shawn Hawkins submits A new Linux security distro has been released. PHLAK, short for Professional Hacker's Linux Assault Kit, is a direct fork of Morphix. Phlak is a modular LiveCD Linux distribution with a focus on pen-testing, . . .
Researchers on three University of Nebraska campuses are working to complete a proposal that could make NU the first Department of Homeland Security Center of Excellence.. . .
quicktables is an iptables firewall/NAT (gateway) script generator. It was created to quickly provide a secure set of iptables rules. It will ask you to answer a small handful of questions, and generates your very own personalized firewall script. . . .
Jascha submits, L.A.S. Linux is a 'live CD' distribution of Linux which allows the applications to be run from the CD without the need for installing anything on the computer. The focus of L.A.S. is create a bootable toolkit for information security professionals and systems administrators. . . .
I am presently working on creating a taxonomy of information assurance, based on the three aspects of: Security services Information states Security countermeasures These three aspects of Information Assurance (IA) were highlighted by John McCumber [1] as well as a team . . .
A root compromise and a Trojan horse were discovered on gnuftp.gnu.org, the FTP server of the GNU project. The machine appears to have been cracked in March 2003, but we only discovered the crack in the last week of July . . .
The PaX, GentooHardened,and Adamantix projects are pleased to announce the formation of a cooperative development alliance forged to facilitate delivery of freely available software to linux using PaX in the framework.. . .
Chris Lowth submits New firewalling project seeks testers for Kazaa-blocker. "P2pwall" is a sourceforge project for the development of tools and documentation for the effective firewalling of P2P application traffic using Linux IPtables. . .
Chris Lowth submits In the world of almost daily outbreaks of Windows-focused viruses, it's nice to find the Linux can come to Redmond's aid. The "protector" project for Linux provides a software plug-in for sendmail that strips attachments . . .