Opt-in Email 4 You DirectoryYou are here » Opt-in Email 4 You » Links Directory » Computers » Security (3)
Choose a page number: 1 Security RSS FeedsMD5 - The Internet has a Major Problem - LinuxSecurity.com: Firstly, allow me to recap. A couple of days ago, I reported a presentation at the Chaos Computer Club conference in Berlin which outlined a major problem with the way Certificate Authorities handle message hashing, essentially this attack relied on well-known problems with the MD5 hash algorithm. Problems based on hash collisions, which were previously considered to be theoretical having been discovered in 2004, were now well-lodged within the domain of reality. Have you heard about the news about the reported problem with how Certificate Authorities are handling message hashing? Read on for more information on some security issues with the current Certificate Authorities....Feed Source: www.linuxsecurity.com Top 5 Cybersecurity News Stories of 2008 - LinuxSecurity.com: Data breaches continued to make their very public mark on cybersecurity news in 2008. And this time it wasn't TJX making headlines. Despite being PCI compliant, Hannaford Brothers supermarkets announced that 4.2 million credit and debit card numbers were pilfered from its servers. We also learned in 2008 that attackers aren't necessarily becoming more sophisticated. Check out this list of top 5 cybersecurity news stories of of the year. Did they miss any that you think should be on the list?... Helping Protect Cookies With HTTPOnly Flag - LinuxSecurity.com: The bottom line is this - while this cookie option flag does absolutely nothing to prevent XSS attacks, it does significanly help to prevent the #1 XSS attack goal which is stealing SessionIDs. While HTTPOnly is not a "silver bullet" by any means, the potential ROI of implement it is quite large. Notice I said "potential" as in order to provide the intended protections, two key players have to work together. This article looks at one way you can make your Web cookies more secure by using the Apache's extension called modsecurity. If you are interested in this please read on for more information and how you set this up on your own Apache web server.... Red Hat / CentOS: Chroot Apache 2 Web Server - LinuxSecurity.com: A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system. Chroot is great security practice to isolate an attack to only one part of ones system. If you are interested in using chroot check out this article it that will show you all the commands that you need.... PandaLabs' 2009 Predictions: Malware Will Increase In 2009 - LinuxSecurity.com: Glendale, CA (PRWEB) December 21, 2008 -- PandaLabs, Panda Security's malware analysis and detection laboratory, today announced that a significant increase in the volume of malware (viruses, worms, Trojans, etc.) is expected in 2009. Panda Security's laboratory detected more malware strains in the eight months between January and August of 2008 than in the previous 17 years combined. What is your prediction on Malware in 2009? Will it increase? This article states some reasons on why PandaLabs thinks that Malware will increase in 2009.... 5 Known Linux Anti-virus Software for Paranoid Users - LinuxSecurity.com: Like other Unix-like computer operating systems, Linux is widely considered as secured and well-guarded against computer viruses. Its multi-user environment makes it extremely hard for malware to gain root access to the system files. Though malicious programs that are specifically written for Linux are really small in number, there is still a possibility for them to cause some harm. So, it's necessary to take some precautionary measures. Have you ever used an virus scanner on your Linux machine? This article looks at 5 different anti-virus software for Linux.... Mandriva: Subject: [Security Announce] [ MDVA-2009:002 ] msec - LinuxSecurity.com: This update fixes the following two issues with msec: when changing to a higher security level, permit_root_login is not handled correctly (bug #19726) ... Ubuntu: Samba vulnerability - LinuxSecurity.com: Gunter Höckel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default. ... RedHat: Important: kernel security update - LinuxSecurity.com: Updated kernel packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 running on 64-bit architectures. This update has been rated as having important security impact by the Red Hat Security Response Team.... Debian: New Ruby packages fix denial of service - LinuxSecurity.com: The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).... Review: Googling Security: How Much Does Google Know About You - LinuxSecurity.com: If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business - and what you can do to protect yourself. ... A Secure Nagios Server - LinuxSecurity.com: Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. ... IBM Business Transformation - IBM's Business Transformation. Business Week
writes about IBM's focus on business transformation services: "BM, with
its legions of PhDs and closets full of patents, is not built to duke
it out with the likes of Dell. Palmisano's strategy promises a neat
escape. Instead of battling in cutthroat markets, he takes advantage of
all the low-cost technology by packaging it, augmenting it with
sophisticated hardware and software, and selling it to customers in a
slew of what he calls business transformation services. That way IBM
rides atop the commodity wave -- and avoids drowning in it." [E M E R G I C . o r g]... MSNBC: "HERE COME THE VLOGS - MSNBC: "HERE COME THE VLOGS".
MSNBC: Ready for your close-up? Here come the vlogs is a great snapshot of videoblogging by Michael Rogers. He namechecks all our favorites including Rocketboom, Ryanne, Jay, Human Dog, Steve Garfield, and Dylan. He also mentions the tools making it easier to find videoblogs, such as ANT and ... Do The VoIP Math. - Do The VoIP Math.
Russell Shaw does the math and shows how VoIP is cheaper than a cell
phone only.I agree. Which is why I think the wireless companies need to
be in the VoIP business and fast . [VoIP Watch]... Blog, Vlog, Podcast, Mobcas - Blog, Vlog, Podcast, Mobcast. So many new words, so little time.
Blog (web log), Vlog (video web log), Podcasting (including audio in
your RSS (really simple syndication) feed for download into an Apple
iPod or other MP3 player) and Mobcasting (mobile podcasting) an Andy Carvin
acronym which posits the use of smart phones to create podcasts -- are
all relatively new words that represent one extremely big idea --
unfettered plebeian access to the fifth estate.
Until a few years ago, governments (secular or non) had almost
complete control of information. That made (and continues to make)
information a form of currency -- like the military and other stores of
economic value. These "new words" are much more powerful than the
technologies they represent, they speak a new language of information
and, to be sure, currency.
The value you will place on this information is in direct
proportion to the use you have for it. Most people won't care about the
ranti...
Small telecom carriers focus on providing choices. - Small telecom carriers focus on providing choices.
WASHINGTON - As traditional competitive local exchange carriers (CLECs)
retool to keep up with U.S. regulations and battle the huge regional
Bells, a range of new business models are emerging. [InfoWorld: Top News]... Ten To Watch in Mobile Content - Ten To Watch in Mobile Content. This is not a definitive list, just
a list of smart young blood in the mobile content sector. Notice that
except for one, none of them are CEOs (yet), but you’ll hear a lot
from and about them in the next few years (that was the criteria). Just
a way of recognizing the people in the second wave of mobile content
(in no particular order):
» Greg Clayman, Vice President, Wireless Strategy and Operations, MTV Networks
» Rio Caraeff, mobile head at Universal Music
» Thomas Ryan, Senior VP, Mobile Development, EMI Music
» ...
Telesym Podcast: the Future of VoWLAN. - Telesym Podcast: the Future of VoWLAN.
If you're interested in where Voice over IP over WLAN is heading in the
enterprise, listen to this interview with Telesym: I met over in
Bellevue, Wash., today with Telesym, a firm that extends an
enterprise-based phone exchange (PBX) system into laptops, handhelds,
and "scanners": bar-code devices used in retail and logistics by store
and floor personnel. I spoke with Mike Houston, Telesym's director of
Marketing, Ken Myer, senior VP of sales and marketing, and Jennifer
Gehrt, a founding partner at Communiqué Public Relations about
Telesym's position in the market, but more largely about the future of
VoWLAN. (Ken had to leave for a meeting, so I spoke primarily with Mike
in this podcast). You'll hear at the outset of the recording after my
introduction a conversation we had using Telesym technology: I was on a
USB headset connected to a Telesym client running under Mac OS X; Mike
w... CLEC New Business Model - CLECs search for new business models.
WASHINGTON - Recent months have been tough for competitive local
exchange carriers (CLECs), as their allies get gobbled up by
competitors and the government dismantles network-sharing regulations.
But CLECs say they will survive by adopting new business models and
focusing on customer relations. [InfoWorld: Top News]... Podcasting The Night Away. Forbes: - Podcasting The Night Away. Forbes:
"For now, Podcasting is no threat to radio as we know it. But pay
attention to it. It may not always be called Podcasting, and it may not
always be free in the way it is now, but as we've seen with MP3s, these
things sometimes have a funny way of taking on a life of their own." [Adam Curry's Weblog]...
New Free VoIP, Video & P2P IM Client using Open Standards. - New Free VoIP, Video & P2P IM Client using Open Standards. ineen
is new P2P IM software with VoIP and Video that's easy and free to use.
The client was built using Xten's eyeBeam SDK and makes use of SIMPLE
for P2P IM and Presence. VoIP is supported by SIP and the Video media
is H.263[+]. You can use ineen to call over other networks as well,
including: Free World Dialup, SIPphone, & iptel.org.
Xten will be demonstrating ineen at VON next week. [SIPthat.com]... Searching for weather, by web or phone - Searching for weather, by web or phone
As a kid, I would stare for hours at repetitious weather reports on TV.
Boring, you say? Not to me - I love weather. And since I've worked
here, I've wondered why Google doesn't do weather. It seemed like a
perfect 20% project
for me, so now I'm pleased to report that you can get
current conditions and a forecast
by typing [weather Chicago], or whatever your U.S. location is (zipcodes are also fair game). If you prefer, use
Google SMS
to send a text message to the U.S. five digit shortcode 46645 (GOOGL on
most mobile phones) followed by your meteorological query.
Ben Sigelman
Sof... VON 2005 - Spring 2005 VON: In the News Today. Investors Business Daily - March 7th: Internet Telephone Service Buzz Comes Calling At Big Trade Show
Mercury News - March 6th: Phone calls destined to be sent like e-mail, as packets of data (requires subscription)
[The Jeff Pulver Blog]... SODA - SODA. A month
or so ago, I was reading a Gartner handout for a conference, and came
across an acronym they invented- SODA[1]. SODA (Service-Oriented
Development of Applications), as Gartner defines it, consists of the
following areas: []... Yahoo Web Service API - Yahoo Web Service API.
Yahoo joins the growing number of web sites exposing their API as Web
Services. Their API is available from Yahoo Developer Network . []... Copyright © 2009, Opt-in Email 4 You. All Rights Reserved. |
