Server Security - Page 39

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Securing Your Linux Server: Understanding and Mitigating Modern Threats

In this digital age, Linux servers face unprecedented challenges posed by cyber threats. These, in turn, introduce new vulnerabilities that system administrators must address. Traditionally considered a more secure environment compared to other opera...
Oct 25, 2024
  0

Essential Server Security Security Strategies for Administrators

In the current threat landscape, Linux servers have eme...
Oct 03, 2024
  0
13.Lock StylizedMotherboard Esm H115

Ensuring Linux Server Security: A Comprehensive Guide

Linux servers form a vital backbone of today's Internet...
Oct 02, 2024
  0
22.Lock ScreenEffect Esm H115

Discover Server Security News

Insecure Web Proxy Servers

Insecure Web Proxy Servers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this column, we look at insecure Web Proxy Servers; buffer overflows in ncurses, Squid, hanterm, and ripMime; and problems in gnujsp, the NetBSD kernel, jmcce, the IRIX Unified Name Service Daemon, and Chuid. Some insecurely-configured Web proxy servers can be . . .

Using Apache to stop bad robots

Using Apache to stop bad robots

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For just about as long as the commercial Internet has existed, SPAM email has been the bane of users worldwide. The harder and harder we try to fight the spammers and keep our email addresses out of their hands, the smarter . . .

Q&A with ICANNs security chairman, Stephen Crocker

Q&A with ICANN's security chairman, Stephen Crocker

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The software that runs the Internet's addressing system that helps make Web commerce and communication possible led the CERT Coordination Center's list of systems that faced serious intruder problems last year. The Internet Software Consortium's Berkeley Internet Name Domain (BIND) server . . .

Flaws in LIDS, CUPS, and Sawmill

Flaws in LIDS, CUPS, and Sawmill

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at a security vulnerability in LIDS; buffer overflows in CUPS, jgroff, Sun Solstice Enterprise Master Agent, and Ettercap; and problems in Sawmill, Faq-O-Matic, pforum, GNAT, Taylor UUCP, and IRIX O2 Video.. . .

Application security in a grim state

Application security 'in a grim state'

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Application security is "in a grim state", according to new research. Almost half of application security vulnerabilities are readily exploitable through entirely preventable defects. The typical ebusiness application is at serious risk of compromise because of security flaws introduced early in . . .

Transactional Security in BIND 9

Transactional Security in BIND 9

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Like most Internet protocols, the Domain Name System (DNS) began its life without many built-in security mechanisms. DNS is, after all, a global, public naming service, so you don't normally care who queries your name server for data in the zones that you are responsible for maintaining.. . .

New Twist On Web-Forms Hack Scarfs Browser Cookies

New Twist On Web-Forms Hack Scarfs Browser Cookies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An independent network security researcher has uncovered a new way to steal the secret browser "cookies" of Web surfers with the help of Internet servers that were never intended to communicate with browser software. The exploit, described by a researcher who uses the handle "Obscure" and posted on the Eye On Security Web (EOS) site, relies on common Internet server software other than Web servers that can "echo" hijacked submissions from HTML forms.. . .

Hardened OSes Boost E-commerce Security

Hardened OSes Boost E-commerce Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Enter the resurrection of the TOS (trusted operating system), a relic from the early '80s developed for military and government security. Considered by many to be too expensive and complicated to implement and maintain, TOSes failed to catch on when introduced . . .

Vulnerabilities in Astaro Security Linux

Vulnerabilities in Astaro Security Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several serious theoretical and practical security vulnerabilities, alleged GPL license violations, and more were found in Astaro "secure" Linux. Joerg Luebbert writes, "Some of the vulnerabilities might be local and some might argue about that Astaro Security Linux is a Firewall and no server... but as it uses SSHD it could always be that the "loginuser" account might have been compromised and shell access granted.". . .

Windows more secure than Linux?

Windows more secure than Linux?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Update: vnunet updates report with "Controversy brews in Linux camp". Windows suffered fewer security vulnerabilities than Linux last year, according to figures released by vulnerability tracker SecurityFocus. Although the statistics so far only go up to August 2001, aggregated distributions of . . .

Qmail-Scanner Mail Content Scanner

Qmail-Scanner Mail Content Scanner

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jason Haar dropped us a note to inform us of the qmail content scanner. "Qmail-Scanner is an addon to Qmail that enables a Qmail Email server to scan all gatewayed Email for certain characteristics (i.e. a content scanner).. . .

Problems with sudo, at, and efax

Problems with sudo, at, and efax

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this column, we look at buffer overflows in clanlib, efax, LibGTop, and icecast-server; and problems in sudo, at, cdrdao, Conectiva Linux's MySQL, Open UNIX and UnixWare 7 xterms, Red Hat's Secure Web Server, Mandrake's BIND, xchat, klprfax_filter, and an HP-UX denial-of-service attack.. . .

Increased activity on port 12345

Increased activity on port 12345

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Increased activity on TCP port 12345 -- best known as both the NetBus Trojan's default port and the port used for a Trend Micro antivirus product -- has the security community arguing as to who is responsible. Is it Trend Micro . . .

ProFTPDs DoS Problem and Slashs Weak Link

ProFTPD's DoS Problem and Slash's Weak Link

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this column, we look at several problems with ProFTPD; a Trojan Horse application disguised as an exploit; buffer overflows in the glibc library, dtspcd, wmcube-gdk, and Mandrake Linux's Kerberos telnet; and problems in Slash, IBM Websphere, popauth, Aftpd, TWIG, PGPMail.pl, . . .

Sudo version 1.6.4 now available

Sudo version 1.6.4 now available

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are some thing I had promised for the next release that are not in 1.6.4 due to the large changes in the parser that these changes require to work properly. Nonetheless this release does fix the majority of problems . . .

Filtering Spam with Procmail

Filtering Spam with Procmail

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In the last article, we installed the procmail utility and generated a few basic recipes. This week, let's start by looking at procmail's built-in logging mechanism. We'll then take a look at some other available resources that build on procmail's capabilities.. . .

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved