|
Security Alerts
DB2 Problems
Noel Davis looks at problems in DB2, SHOUTcast, nasm, Vilistextum, libtiff, wxGTK2, phpGroupWare, Vim, namazu2, and htmlheadline.
[LinuxDevCenter.com]
Security Alerts
Linux AMD64 Kernel Bug
Noel Davis looks at a Linux 2.4 kernel bug on AMD64 machines, problems in Samba, changepassword.cgi, MPlayer, the MIT Kerberos 5 administration library, logcheck, Sybase Adaptive Server Enterprise, Konqueror, Debian debmake, Xpdf, and xzgv.
[LinuxDevCenter.com]
Security Alerts
J2SE Woes
Noel Davis looks at problems in the Java 2 Runtime Environment, wget, FreeBSD's procfs and linprocfs, OpenSSL, OpenSSH, AbiWord, Blogtorrent, scponly, rssh, and kfax.
[LinuxDevCenter.com]
|
|
Security Alerts
ELF Trouble
Noel Davis looks at problems in the Linux kernel, sudo, TWiki, phpBB, cscope, Cyrus IMAP, Bugzilla, ProZilla, unarj, libxml2, and fetch.
[LinuxDevCenter.com]
Security Alerts
Media-Tool Trouble
Noel Davis looks at problems in libgd, mtink, zip, ruby, Samba, freeamp, Kaffeine and gxine, Portage, zgv, shadow, and BNC.
[LinuxDevCenter.com]
Security Alerts
Trouble in iptables
Noel Davis looks at problems in Linux iptables, OpenSSL, PuTTY, rssh, Quake II Server, libmagick6, HP Serviceguard, Xpdf, FreeRadius, WVTFTPD, GNU tftp, and pppd.
[LinuxDevCenter.com]
Secure Your Wireless with IPSec Wireless can make your life much, much easier, but those pesky radio waves won't stay put. Sometimes this is good, but sometimes you want to lock down your network. WEP and MAC address filtering aren't secure enough. IPSec, the same approach used to secure VPNs, is much better. Dan Langille explains how to configure Wifi with IPSec. [ONLamp.com]
Security Alerts
mod_ssl Problems
Noel Davis looks at problems in mod_ssl, LibTIFF, mpg123, LessTif, the Cyrus SASL library, MySQL, CUPS, ProFTPD, and the Squid web proxy cache.
[O'Reilly Network]
The Basics of DNSSEC The Domain Name System (DNS) is one of the building blocks of the modern Internet. It's showing its age, though; it comes from a time when trust was the default. Now it's time to move to more secure approaches. David Gordon and Ibrahim Haddad provide a technical tutorial on DNS Security Extensions (DNSSEC), a technique for securing DNS. [ONLamp.com]
Google Your Site For Security Vulnerabilities The fact that Google indexes pages you might never have known were public is both good and bad. It's good when you're searching for specialized or esoteric information. It's bad when Google indexes potential security vulnerabilities on your site. Nitesh Dhanjani demonstrates how to use the Google API to help identify your inadvertently shared secrets. [ONLamp.com]
Network Tool Development with hping3 Network security analysts sometimes need access to create and analyze raw packets. Salvatore Sanfilippo's hping is a tool that allows them to do just that. Federico Biancuzzi recently interviewed Salvatore on the project's design, implementation, and goals. [ONLamp.com]
Security Alerts
Temporary-File Race Conditions
Noel Davis looks at a collection of temporary-file race conditions, and problems in Samba, GNU sharutils, JRun, Subversion, imlib, IBM AIX ctstrtcasd, YahooPOPs, and OpenOffice.org.
[LinuxDevCenter.com]
VPNs and Public Key Infrastructure Security and convenience often conflict with each other. It'd be nice to have access to your office network from anywhere, but you can't trust the Internet. Virtual private networks are one solution. How do they keep your data safe, though? Scott Brumbaugh explains the basics of Public Key Infrastructure, the cryptographic basis for secure VPNs. [Security DevCenter]
Security Alerts
Linux Kernel Exploitation
Noel Davis looks at problems in the Linux kernel, Oracle Database Server, Oracle Application Server, DB2 Universal Database, vpopmail, MIT Kerberos 5, cfengine, CDE libDtHelp, Anonymous CVS, Samba, the zlib library, Courier-IMAP, and Python.
[LinuxDevCenter.com]
Security Alerts
Qt Trouble
Noel Davis looks at problems in Qt, SpamAssassin, MySQL, rsync, NetBSD ftpd, Xine-lib, KDE, Adobe Acrobat Reader, Gaim, and xv.
[LinuxDevCenter.com]
What Countermeasures Really Means As the number and range of attacks on computer systems have grown exponentially and conventional firewalls and intrusion detection systems have proven inadequate for the task, security researchers have started to talk about employing "countermeasures" to preserve security. [ONLamp.com]
Security Alerts
CDE Trouble
Noel Davis looks at problems in CDE's dtlogin, Oracle, SquirrelMail, SoX, phpMyAdmin, wvWare, Openftpd, CVSTrac, PostgreSQL's ODBC driver, PuTTY, and Citadel/UX.
[LinuxDevCenter.com]
Security Alerts
PHP Trouble
Noel Davis look at problems in PHP, Samba, mod_ssl, HP-UX's xfs and stmkfont, Ethereal, l2tpd, Domino, APC PowerChute Business Edition, Webmin, and Lexmark network printers.
[LinuxDevCenter.com]
Detecting Network Intrusions with Packet Filtering An intrusion detection system (IDS) can scan your network for suspicious packets, but someone has to review the logs. Having previously shown how to construct packet filters, Don Parker demonstrates how to analyze an intrusion attempt, in order to gauge your network's security. [Security DevCenter]
Security Alerts
Device-Driver Trouble
Noel Davis looks at problems in the Linux kernel, Apache 2, the Linux Virtual Server, Pure-FTPd, FreeBSD's Linux binary compatibility mode, Domino, Shorewall, libpng, and the X Display Manager.
[LinuxDevCenter.com]
Stealing the Network: A Prequel Ryan Russell, one of the coauthors of Stealing the Network: How to Own a Continent (from Syngress), has written a "prequel" that depicts a '70s-era security hack, set at a tech company back East. If you've been curious about Stealing the Network, this short bit of fiction provides a real sense of the concept behind the book. And be sure to respond to the talkback at the end of this tale -- we'd like to hear your theory. [Security DevCenter]
Security Alerts
Kernel DoS Vulnerability
Noel Davis looks at problems in the Linux kernel, www-sql, super, rssh, Horde-IMP, GNU GNATS, gzip, ISC DHCP, and sup.
[O'Reilly Network]
Filtering IDS Packets Intrusion detection systems (IDS) can scan your network for suspicious packets but someone has to review the logs. Even if you find something odd, can you wade through hundreds of thousands of packets looking for evidence? Clever security administrators understand how to narrow down the search. Don Parker explains how to use Berkeley packet filters and bitmask filters to improve your IDS use. [Security DevCenter]
Security Alerts
Subverted
Noel Davis look at problems in Subversion, Apache's mod_proxy and mod_ssl, Squid, MIT's krb5, RealOne, RealPlayer, ksymoops-gznm, smtp.proxy, FreeBSD's Jail(), Aspell, Tripwire, and icecast.
[LinuxDevCenter.com]
Writing Nessus Plugins Today's best vulnerability detector will be out-of-date next week unless you can somehow teach it about new exploits and vulnerabilities. Fortunately, Nessus and NASL make that easy. Nitesh Dhanjani walks through the creation of a custom Nessus vulnerability plugin. [Security DevCenter]
Security Alerts
KDE Trouble
Noel Davis looks at problems in KDE, CSV, Subversion, Firebird, FreeBSD msync(), mailman, Opera, Apple's HelpViewer, cPanel, and xpcd.
[LinuxDevCenter.com]
Top Ten Ethereal Tips and Tricks Ethereal evangelist Angela Orebaugh offers her top ten list of Ethereal tips and tricks. From installing the packet capture driver to using Ethereal to process other sniffer capture files, these tips will have you saying, "Wow, I didn't know Ethereal could do that!" Angela is a coauthor of the recently released Ethereal Packet Sniffing (from Syngress). [Security DevCenter]
Security Alerts
Apache Repaired
Noel Davis looks at a problems with the Apache web server, the Linux kernel, Systrace, ssmtp, exim, SuSE Live CD 9.1, Heimdal k5admind, Kolab, IRIX Networking Security, and NukeJokes.
[LinuxDevCenter.com]
Installing and Configuring Nessus If you're connected to the global Internet, people are already scanning your network for vulnerabilities for free. They're probably not so good about informing you of their findings. Why not get a jump on the competition by analyzing your network yourself? Nitesh Dhanjani explains how to install and configure Nessus, an open source network vulnerability scanner. [Security DevCenter]
Security Alerts
TCP Vulnerability
Noel Davis looks at problems in the TCP protocol, Midnight Commander (mc), proftpd, OpenOffice, libpng, rsync, LHA, Utempter, X-Chat, and sysklogd.
[LinuxDevCenter.com]
Security Alerts
MySQL Trouble
Noel Davis looks at problems in the Linux kernel, MySQL, CVS, Cadaver, subversion, sitecopy, tla, iproute, Zope, logcheck, kdeprint, emil, and GNU Sharutils.
[LinuxDevCenter.com]
User-Friendly Form Validation with PHP and CSS Any non-trivial web application processes form data, and every secure web application has to validate that data on the server. Balancing security with user-friendliness can be tricky. Jeff Cogswell demonstrates one approach. [PHP DevCenter]
Using Penetration Testing to Identify Management Issues Bob Ayers wrote a thought-provoking foreward for Chris McNab's Network Security Assessment that details network attack and penetration techniques in line with U.K. (CESG CHECK) and U.S. (NSA IAM) government standards. Chris has slightly modified Bob's foreward for the book and presents it here in article form. [ONLamp.com]
Security Alerts
Squid Security Issues
Noel Davis looks at problems in squid, Ethereal, monit, texutil, nstxd, eMule, vfte, YaST Online Update, oftpd, OpenLDAP, and MPlayer.
[LinuxDevCenter.com]
Cookie Specification Vulnerabilities For years, privacy-minded people have distrusted cookies in web browsers. While recent advances have improved privacy concerns, the specification leaves room for easy attacks. Alexander Prohorenko explains the situation and tests several recent browsers. Is it time for a new cookie specification? [Security DevCenter]
Planning for Disaster Recovery on LAMP Systems The beauty of LAMP systems is that you can develop them as formally or informally as you like. Unfortunately, when it comes time to plan for disaster recovery, that informality can work against you. Robert Jones presents several guidelines for development and configuration that can make recovery easier. [ONLamp.com]
Top Ten Tips to Make Attacker’s Lives Hell Chris McNab breaks down his top ten tips all network administrators should follow to protect their networks from opportunistic threats and make it hard for the more determined attackers to get anywhere. Chris is the author of the recently released Network Security Assessment. [Security DevCenter]
 | ||
|
You want only a particular machine, identified by its MAC address, to access your system. Do it now. |
||
Sponsored by:|
|
