|
 |
| Thu, Dec 04th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 07:35 UTC |
|
|
login « register « recover password « |
|
|
|
We all know about the benefits of digitally signing email messages using OpenPGP-based software like GnuPG (or its older commercial counterpart, PGP). Imagine the same benefits applied to the world of the World Wide Web. [Comments are disabled]
Many months ago, the organization I work for placed a request with our development department for a secure file transfer system. The file transfer system needed to be far more secure than FTP and more reliable than creating an HTTP uploading system. After a few weeks of research and testing, I suggested that we create an SFTP Server to handle the file uploads. [Comments are disabled]
Intrusion detection is one of the major challenges to information security. In this article, we will consider network intrusion detection, the analysis of network traffic for suspicious behavior. I base my argument on my experience with a popular network intrusion detection system (NIDS) and informal discussion with other network administrators. [Comments are disabled]
The non-profit Open Source community Institute for Security and Open Methodologies (ISECOM) is hosting an exhibition and forum on October 16, 2004 at the University of Nevada, Las Vegas, as part of their security event specifically for Open Source developers, thinkers, creators, and drivers of privacy and security. [Comments are disabled]
No matter whether you work for a large business or use email simply for family communication, you've probably received junk mail. If you have used email for any length of time, you probably know what it's like to deal with a virus. Unfortunately, fending off unwanted or dangerous electronic communication has become a daily struggle for many system administrators. [Comments are disabled]
Richard Blum's Open Source E-mail Security is poorly organized, rarely topical, and betrays the author's fundamental failure to understand the topic at hand. While some of the underlying technical material is useful and relevant, the author seldom supplies the details needed to proceed to a general understanding. [Comments are disabled]
Maximum Linux Security's author is clearly ignorant of cryptographer Bruce Schneier's claim that "Security is a process, not a product." At its best, this book is a catalogue of useful security tools. However, very little context is provided for these tools. There is no discussion of particular vulnerabilities and how they are exploited, of network architecture and the difficulties inherent in TCP/IP networking, or of application-level problems. [Comments are disabled]
Like computers on large heterogeneous environments, networked printers and other peripherals have vulnerabilities that can lead to exposure of data, denial of service, and gateways for attacks on other systems. Yet, while many organizations seek to protect their computers, they ignore printers and other peripherals. In this articles, I'll discuss general attacks against printers and other peripherals, with specifics on known vulnerabilities in several brands of printers, and propose possible solutions to keep both computers and networked peripherals from attack. [Comments are disabled]
Each year, more money is spent on security, and each year, there are more incidents, more losses, and greater average losses. 2001 set records for security spending, security vulnerabilities, attacks, and security losses. 2002 is expected to be worse. It should be obvious that the security industry is missing something critical when it comes to reigning in the losses caused by security incidents. The potential for tens or hundreds of thousands of systems to be compromised literally overnight is a systemic failure that must be corrected. The increased reliance on the Internet and other networked systems makes developing a real and workable preventive solution for computer security an economic necessity. A security process that can keep systems secure in spite of their vulnerabilities is becoming a necessity. The current vulnerability-driven security process is just not up to the challenge. [Comments are disabled]
Luke Andrews writes: "The following whitepaper discusses the importance of bug testing with respect to client and vendor environments. Various responsibilities are placed on either side of product development, and it is necessary to understand the reasons behind practicing secure coding and ethical loyalty." [Comments are disabled]
It's easy for Free Software users to laugh at the misfortunes of their Windows-using colleagues as they suffer through the virus du jour, but if you can set your superiority complex aside for a moment, can you point to anything in Melissa/ILOVEYOU/etc. that couldn't be accomplished by a badly-written MUA running on Linux? In today's editorial, Joe Pranevich urges the programming community to learn from Outlook's mistakes if they want to continue having the last laugh. [Comments are disabled]
Package managers with download capabilities make it easy to download and install the latest software releases, bugfixes, and security patches. Could they also make it easy to download and install the latest exploits without your knowing about it? In today's editorial, I put that question to representatives of Red Hat and Debian, makers of the two most widely-used Linux package management systems. [Comments are disabled]
Jon Lasser began the Bastille Linux Project in order to harden the security of Red Hat Linux, the distribution he uses at work. In the process, he began looking at the other distributions to see how they handle security updates, and he was not at all happy with what he found. In today's editorial, he shares his concerns and explains why it matters to you even if you do all your security monitoring for yourself. [Comments are disabled]
|
|
