Security Projects - Page 50 - Results from #980

Discover Security Projects News

A Vulnerability Scan Plan

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this special section, eWeek Labs examines the state of the art in security vulnerability detection from several angles. It's cheapest--and most effective--to fix problems while they are in development, and I evaluate two tools designed to detect application security problems . . .

LinuxSecurity.com Team
May 23, 2002

A Buffer Overflow Study: Attacks & Defenses

A technical overview of heap and buffer overflows, Linux tools that can be used to reduce their risk, the kinds of exploits these tools can prevent, and more. "This study deals with the various kinds of overflows (heap, stack) to understand how they work and how they may be used to execute malicious code. . .

LinuxSecurity.com Team
Mar 27, 2002

Irish firms launch cyber-attack bait

Inflow, Espion and Deloitte & Touche are running a new "Honeynet" in Ireland to attract would-be cyber attackers and study their habits. The new Honeynet is already up and running at an unspecified Internet address. On-line for just 48 hours . . .

LinuxSecurity.com Team
Mar 21, 2002

Building trust into open source

In the past three months, the open-source community has been given a wake-up call. While Microsoft has concentrated on reviewing its flagship Windows source code as part of a new focus on security, Internet watchdogs have released the details of . . .

LinuxSecurity.com Team
Mar 21, 2002

Lcrzoex, Network Testing Toolbox

Laurent Constantin let us know that the Lcrzoex Project now contains more than 300 GPLd network testing tools. "We are proud to announce that lcrzoex now contains over 300 network testing tools. Tool which passed this mark allows to spoof an IP/UDP packet.". . .

LinuxSecurity.com Team
Mar 21, 2002

Firms undergo NSA infosec rating

The National Security Agency last week announced the first companies to undergo an appraisal of their information security practices in a program aimed at helping government and commercial organizations improve their systems security. According to the Infosec Assessment Training and Rating . . .

LinuxSecurity.com Team
Mar 21, 2002

PHP-Nuke & Post-Nuke Account Hijacking

To exploit this vulnerability one must create an account into the target site, base64_decode his cookie,modify the username in the cookie to inject SQL,base64_encode his cookie and pass it with save=1 to article.php (which must be done throught modules.php). . .

LinuxSecurity.com Team
Mar 20, 2002

PHP Audit Project

Because PHP is a critical piece of the hosting service puzzle, the PHP audit project was started in order to harden the PHP interpreter against known and unknown vunlerabilities. We are also trying to add some enhancements for the OpenBSD operating . . .

LinuxSecurity.com Team
Mar 10, 2002

The Myth of Open Source Security Revisited

The author revisits a debate begun here recently on the nature of security in Open Source projects: do 'lots of eyeballs' insure secure code? It is a common misconception amongst users of Open Source software that it is a panacea when it comes to creating secure software.. . .

LinuxSecurity.com Team
Mar 04, 2002

Open sourcers spice up security testing

A group of open source developers dedicated to introducing an industry standard on security testing will be releasing the fruits of their labours later this month. Ideahamster.org started working on the Open Source Security Testing Methodology Manual (OSSTMM ) last year after becoming "sick of reading bland testing methodology descriptions".. . .

LinuxSecurity.com Team
Feb 18, 2002

Site to pool scrutiny of Linux security

A government-funded initiative announced Tuesday aims to boost code review of open-source software to prevent security holes. Funded by the Defense Advanced Research Project Agency, the same organization to initially bankroll the predecessor to the Internet, the Sardonix Audit Portal aims . . .

LinuxSecurity.com Team
Feb 07, 2002

Peek-A-Booty to debut at grassroots P2P show

Cohen worked on MojoNation before quitting last April to concentrate on his BitTorrent project, and he's convening hackers in downtown San Francisco next month for a P2P/cypherpunk conference a world away from the usual corporate trappings. "[Other] Conferences cost a ridiculous amount of money, and hackers are treated like dirt," says Cohen.. . .

LinuxSecurity.com Team
Jan 29, 2002

Darren Reed Releases OpenBSD 3.0 with IPfilter

When Darren Reed, author of the packet filtering support for OpenBSD, modified the license terms for his software, support for ipfilter was removed from the main OpenBSD tree. Now, Darren has released his own version of OpenBSD 3.0 that includes support for his packet filtering. . . .

LinuxSecurity.com Team
Jan 22, 2002

Debian, security, and you

An interesting bug was filed today by Florian Weimer. I'll quote the bug report in full: "Over the past few months, the GNU/Linux community has slowly adopted a way of dealing with security issues which closely resembles the approach suggested by . . .

LinuxSecurity.com Team
Jan 17, 2002

akpop3d - small and secure POP3 daemon

Andreas Krennmair writes, "Because I found the design of Solar Designer's POP3 daemon popa3d somewhat obscure, I started writing my own POP3 daemon, called akpop3d. Now I want to ask the LinuxSecurity.com community to peer-review this program. Although I . . .

LinuxSecurity.com Team
Jan 13, 2002

The OpenAntivirus Project

OpenAntiVirus is a platform for people seriously interested in anti-virus research, network security and computer security to communicate with each other, to develop solutions for various security problems, and to develop new security technologies. Moreover, OpenAntiVirus will also provide an integrative platform for different developing projects related to virus protection and computer security already existing within the Open Source Community.. . .

LinuxSecurity.com Team
Dec 31, 2001

phrack #58 Released!

The latest version of phrack has been released. This issue covers Advances in kernel hacking, RPC without borders, Developing StrongARM/Linux shellcode, The Security of Vita Vuova's Inferno OS, Phrack World News, and more.. . .

LinuxSecurity.com Team
Dec 28, 2001

Review: EnGarde Secure Linux 1.0.1

If you've never used Linux before and need to set up a server fast and easily, this is one of the best ways to do it. It's also very cost effective because it will run on almost any PC and doesn't require any expensive hardware, not to mention that the software itself sells for a very low price. This is a very well done and thought out software bundle that's sure to be around for a long time.. . .

LinuxSecurity.com Team
Dec 18, 2001

Peacefire.org Wins Spam Suits

Bennett Haselton, the Webmaster for anti-Internet censorship Web site Peacefire.org, is the latest in a string of Washington residents to emerge victorious in small claims court by invoking the state's new law against unsolicited bulk e-mail. While the $2,000 in damages . . .

LinuxSecurity.com Team
Dec 12, 2001

Honeynet Research Alliance Announced

Lance Spitzner, founder of the Honeynet Project, wrote in to tell us of the formation of the Honeynet Alliance, an effort to work with security organizations around the world to collaborate on the research and development of their project to learn the tools, tactics, and motives of the blackhat community, and share the lessons learned.. . .

LinuxSecurity.com Team
Dec 05, 2001

Security Projects - Page 50

Strengthen Your Linux Software Development Pipeline with Code Security Scanners

Linux Security Modules (LSM): SELinux vs AppArmor vs TOMOYO

OpenSSL's New Governance Structure: A Beacon of Progress for Open-Source Security