Server Security - Page 10 - Results from #180

Discover Server Security News

Six Messy Database Breaches So Far In 2010

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Whether it be insecure Web applications, poor password management, or a lack of database policies and monitoring, the average database today is at risk of exposure through a host of different threat vectors that many organizations are not even aware of -- let alone are addressing. Already in 2010, the number of database breaches as a result of such mistakes is mounting.

LinuxSecurity.com Team
Jul 05, 2010

Network Security Auditing Tools and Techniques

There's more to network security than just penetration testing. This chapter discusses software tools and techniques auditors can use to test network security controls. Security testing as a process is covered, but the focus is on gathering the evidence useful for an audit.

LinuxSecurity.com Team
Jun 29, 2010

Five tips for improving Linux security

Protecting a networked computer is a never-ending challenge

LinuxSecurity.com Team
Jun 15, 2010

New Open-Source OS Will Feature 'Disposable' Virtual Machines

A new open-source operating system will come with the option of creating one-time, disposable virtual machines on the fly as a way to protect against malicious files.

LinuxSecurity.com Team
Jun 10, 2010

Mac OS X and Linux are no magic security bullet for Google

The Financial Times reported last night that Google was going to phase out internal use of Microsoft Windows due to security concerns. The migration away from Windows is reported to have started in January, motivated by the Chinese Aurora attacks on the company that exploited a flaw in Internet Explorer 6.

LinuxSecurity.com Team
Jun 06, 2010

Upcoming MySQL patch fixes several critical vulnerabilites

William wrote in to let us know that the changelog to upcoming release to MySQL, version 5.1.47, has been released, and it appears this release fixes several critical vulnerabilities and probably should be applied as quickly as is reasonable.

LinuxSecurity.com Team
May 17, 2010

DAVTest

When facing off against a WebDAV enabled server, there are two things to find out quickly: can you upload files, and if so, can you execute code?

LinuxSecurity.com Team
Apr 30, 2010

Linux Machines Surprisingly Linked to Spam

I don't think this finding is unexpected at all. After all, Linux certainly operates better on the network, and sending spam email is no different than sending other types of email, or operating a web server. Whichever operation you're performing, choosing the best implementation for the job is a wise decision. Although Linux holds only a small market share, Linux computers appear to send a disproportionate amount of spam compared to other operating systems, according to new research from Symantec's MessageLabs messaging security division.

LinuxSecurity.com Team
Apr 27, 2010

Typo3 allows remote command execution via PHP

The developers of the Typo3 CMS framework have raised the alarm in an email to This email address is being protected from spambots. You need JavaScript enabled to view it., and security firm Secunia rates the problem "highly critical". In versions 4.3.0, 4.3.1 and 4.3.2 of Typo3 (as well as previous versions of the 4.4 development branch), attackers can inject PHP code from an external server and execute it within the Typo3 context. Advisory SA-2010-008 contains details about how to fix the problem. Upgrading to version 4.3.3 is one way of improving the situation. The vulnerability is also impossible to exploit if at least one of three PHP switches is set to "off": register_globals allow_url_include allow_url_fopen The chances are that one of them is already switched off by default, and switching off all three is a good idea. However, this may cause compatibility problems and, as a web hosting customer, you may also only have very limited access to your PHP settings.

LinuxSecurity.com Team
Apr 12, 2010

Cross-site scripting using meta information

According to security expert Tyler Reguly of nCircle, data fields for storing meta-information offer plenty of latitude for future cross-site scripting (XSS) attacks. JavaScript embedded in Whois and DNS records and in SSL certificates, for instance, can, under certain circumstances, be executed in a browser.

LinuxSecurity.com Team
Apr 08, 2010

Chrooting Apache2 With mod_chroot On Fedora 12

This guide explains how to set up mod_chroot with Apache2 on a Fedora 12 system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications.

LinuxSecurity.com Team
Apr 07, 2010

Google researchers out kernel bugs in Windows, Linux and VMware

Two security researchers at search engine giant Google have discovered 20 kernel bugs, about half remaining unpatched, affecting Windows, Linux and the popular VMware virtualization software over the last several years. Google engineers, Julien Tinnes and Tavis Ormandy said kernel security must improve. They shared their kernel security research recently at the CanSecWest Applied Security Conference. They say they hope their data motivates operating system developers to reduce the kernel attack surface.

LinuxSecurity.com Team
Mar 31, 2010

75 Ways to Secure Your Linux/Mac/Windows Systems With Open Source

According to the FBI, cybercrime complaints rose 20 percent in 2009, and victims lost $559 million, more than double the year before. With online crime on the rise, it's more important than ever to protect your systems. But you don't have to pay a lot of money for security. The open source community continues to produce (and maintain) excellent tools that fulfill a wide variety of security needs.

LinuxSecurity.com Team
Mar 31, 2010

How to detect and remove rootkits

There's now a threat to online life that's so potentially potent it requires a new form of defence. Rootkits hide inside the operating system, actively defending themselves and hiding their presence. To arm your system against rootkits, you first need to understand them. So, where have they come from, how have they evolved and how, crucially, can they be stopped?

LinuxSecurity.com Team
Mar 24, 2010

Replace a failed drive in Linux RAID

A few weeks ago I had the distinct displeasure of waking up to a series of emails indicating that a series of RAID arrays on a remote system had degraded. The remote system was still running, but one of the hard drives was pretty much dead.

LinuxSecurity.com Team
Mar 23, 2010

Google Releases Free Web Security Scanner

The open-source skipfish software can be used as preparation for a professional Web application security evaluation. Google on Friday released an automated Web security scanning program called skipfish to help reduce online security vulnerabilities. Though skipfish performs the same functions as other open-source scanning tools like Nikto and Nessus, Google engineer Michal Zalewski argues that skipfish has a several advantages.

LinuxSecurity.com Team
Mar 22, 2010

Kernel vulnerabilities discovered in Ubuntu

I just know other outlets will eventually pick up on this and add nonsense and subtract the facts at their own leisure, so I thought it worthwhile to get in early. A kernel vulnerabilities have been uncovered across a range of Ubuntu releases, covering 6.06 LTS to 9.10, also including Kubuntu, Edubuntu, and Xubuntu distros.

LinuxSecurity.com Team
Mar 19, 2010

Security updates for Drupal modules

The Drupal team has just released a whole heap of security advisories. Drupal's Email Input Filter, Keys and Tag Order modules all contain security vulnerabilities. Updated versions, in which the problems are fixed, are now available. Only Email Input Filter and Tag Order for Drupal 5 and 6 and Keys for Drupal 6 are affected.

LinuxSecurity.com Team
Mar 19, 2010

Understanding Samba security modes

If you have read any of the Samba content here on Ghacks you probably will have noticed that within the smb.conf configuration file a line that begins with security =. This is a very important part of Samba setup and generally the section that gives users the most problems. Although the security mode would seem fairly straight-forward, it is certainly worth explaining.

LinuxSecurity.com Team
Mar 18, 2010

Security vulnerability in SpamAssassin filter module

The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server. The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers.

LinuxSecurity.com Team
Mar 18, 2010

Server Security - Page 10

Securing Your Linux Server: Understanding and Mitigating Modern Threats

Essential Server Security Security Strategies for Administrators

Ensuring Linux Server Security: A Comprehensive Guide