Security Alerts
MySQL Trouble
Noel Davis looks at problems in the Linux kernel, MySQL, CVS, Cadaver, subversion, sitecopy, tla, iproute, Zope, logcheck, kdeprint, emil, and GNU Sharutils.
[LinuxDevCenter.com]
User-Friendly Form Validation with PHP and CSS Any non-trivial web application processes form data, and every secure web application has to validate that data on the server. Balancing security with user-friendliness can be tricky. Jeff Cogswell demonstrates one approach. [PHP DevCenter]
Using Penetration Testing to Identify Management Issues Bob Ayers wrote a thought-provoking foreward for Chris McNab's Network Security Assessment that details network attack and penetration techniques in line with U.K. (CESG CHECK) and U.S. (NSA IAM) government standards. Chris has slightly modified Bob's foreward for the book and presents it here in article form. [ONLamp.com]
Security Alerts
Squid Security Issues
Noel Davis looks at problems in squid, Ethereal, monit, texutil, nstxd, eMule, vfte, YaST Online Update, oftpd, OpenLDAP, and MPlayer.
[LinuxDevCenter.com]
Cookie Specification Vulnerabilities For years, privacy-minded people have distrusted cookies in web browsers. While recent advances have improved privacy concerns, the specification leaves room for easy attacks. Alexander Prohorenko explains the situation and tests several recent browsers. Is it time for a new cookie specification? [Security DevCenter]
Planning for Disaster Recovery on LAMP Systems The beauty of LAMP systems is that you can develop them as formally or informally as you like. Unfortunately, when it comes time to plan for disaster recovery, that informality can work against you. Robert Jones presents several guidelines for development and configuration that can make recovery easier. [ONLamp.com]
|
|
Top Ten Tips to Make Attacker’s Lives Hell Chris McNab breaks down his top ten tips all network administrators should follow to protect their networks from opportunistic threats and make it hard for the more determined attackers to get anywhere. Chris is the author of the recently released Network Security Assessment. [Security DevCenter]
Security Alerts
OpenSSL Vulnerabilities
Noel Davis looks look at problems in OpenSSL, sysstat, metamail, Mozilla, ModSecurity, Samba, Crafty, UUDeview, metamail, and calife.
[LinuxDevCenter.com]
Symbiot on the Rules of Engagement Andy Oram talks to the chief officers of Symbiot Security about their controversial white paper, "The Rules of Engagement". [Security DevCenter]
Security Alerts
New Nmap
Noel Davis looks at a new version of Nmap, problems in jailed processes under FreeBSD, and other problems in Adobe Acrobat Reader, the GNU Coreutils dir command, xboing, Apple Filing Protocol, libxml2, GNU Anubis, Sun's passwd command, and Safari.
[LinuxDevCenter.com]
The Journey from Poacher to Gamekeeper Chris McNab, author of O'Reilly's upcoming Network Security Assessment, has been on both sides of the hacker fence. In this article, Chris explains how his past led him to trade in his black hat for a white one, and what he hopes to achieve with his new book. [security.oreilly.com]
Security Alerts
Kernel Trouble
Noel Davis looks at problems in the Linux kernel, AMD64 Linux kernels, XFree86, slocate, mod_python, susehelp, mutt, metamail, Mailmgr, PWLib, clamav, and NetBSD's Racoon IKE daemon.
[LinuxDevCenter.com]
Security Alerts
Real Problems
Noel Davis looks at problems in PHP, Perl, the GNU C Library, OpenBSD, FreeBSD, NetBSD, Oracle9i, RealOne, RealPlayer, CVSup, gaim, GNU libtool, and mailman.
[LinuxDevCenter.com]
Security Alerts
Lotus Trouble
Noel Davis looks at problems in Lotus Notes for Linux, tcpdump, mod_perl, kdepim, honeyd, NetWorker, NetPBM, jabber, mc, and Mambo Open Source.
[LinuxDevCenter.com]
Web App Security Testing with a Custom Proxy Server Assuming users will only access your web applications as you intend may be the best way to invite abuse. Attackers have tools to build bogus responses, so why not use the same techniques to toughen your own sites? Nitesh Dhanjani demonstrates how a custom proxy server can help you test the security of your web apps. [ONLamp.com]
Introducing mod_security Every layer of security you can add is one more deterrent for the bad guys. Writing (or choosing) secure code is important, but it's not the only defense. Ivan Ristic, creator of mod_security, explains how this Apache module can turn back potential attacks before they reach your code. [Apache DevCenter]
Distributed Computing Sanity Checking Distributed computing can be a little scary. Clients are running code on their computers and servers are trusting clients to send back valid data. However you're participating, how can you be secure? Howard Feldman suggests several techniques to evaluate the trustworthiness of a distributed computing project. [ONLamp.com]
Single Sign-on for Your Web Applications with Apache and Kerberos In this article, Jason Garman, author of Kerberos: The Definitive Guide, walks you through the implementation of SPNEGO, which allows for single sign-on of your web applications with Apache and Kerberos. Once you've performed these steps, clients who access the protected area of your Apache web server will transparently pass their domain credentials to your web server, with no separate username or password prompts. [ONLamp.com]
PHP Foundations
PHP Security, Part 3
A malicious user will likely start his attack by using your system in ways you never anticipated. Your system logs are an oft-neglected defense tool. John Coggeshall shows how PHP's error logging and reporting functions can help you secure your applications.
[PHP DevCenter]
Security Alerts
New Apache
Noel Davis looks at a new release of Apache, and problems in fileutils, coreutil, anonftp, Kpopup, CUPS, Libnids, PostgreSQL, thttpd, mod_security, and the Linux Java Installer.
[Linux DevCenter]
Inside Prelude, an Open Source IDS Keeping the bad guys out is important. Knowing whether, not if, they're in is even more important. Prelude, an open source IDS, takes a hybrid approach to security, collecting information from various sensors. KIVILCIM Hindistan talks to Yoann Vandoorselaere, Prelude's lead developer. [ONLamp.com]
FreeBSD Basics
Improving User Passwords with apg
The biggest security weakness in any system is usually its users. One line of defense is choosing and enforcing a good password policy. The automatic password generator port can help your users create -- and remember -- effective passwords. Dru Lavigne demonstrates its use and configuration.
[BSD DevCenter]
Security Alerts
OpenOffice Irritation
Noel Davis looks at problems in OpenOffice, slocate, fetchmail, GDM, Tomcat, ircd, HPUX's dtprintinfo, and Openserver's Xsco.
[Linux DevCenter]
Security Alerts
Denial-of-Service Attacks
Noel Davis looks at denial-of-service attacks against Apache, OpenSSL, and FreeBSD, and problems in Perl, lsh, Teapop, ProFTPD, TclHttpd, MPlayer, Node, mpg123, and Freesweep.
[Linux DevCenter]
Security Alerts
Problems Aplenty
Noel Davis looks at problems in XFree86, Stunnel, Exim, wu-ftpd, pam_smb, gdm2, pam_ldap, whois, the atari800 emulator, Horde, MPlayer, and Node.
[Linux DevCenter]
Security Alerts
Sendmail Trouble
Noel Davis looks at problems in Sendmail OpenSSH, Pine, saned, MySQL, gtkhtml, and Solstice AdminSuite.
[Linux DevCenter]
FreeBSD Jails A common security breach involves exploiting one application to gain access to another. Keeping separate applications separate can limit the potential damage. Mike DeGraw-Bertsch explains how FreeBSD's jails can help secure necessary applications. [BSD DevCenter]
PHP Foundations
PHP Security, Part 2
If you have users, you'll undoubtedly have bad guys trying to break things. As a developer, it's your responsibility to make sure your code is secure. John Coggeshall explains how system calls from PHP can be exploited -- and how to make them secure.
[PHP DevCenter]
PHP Foundations
PHP Security, Part 1
If you have users, you'll undoubtedly have bad guys trying to break things. As a PHP developer, it's your responsibility to make sure your code is secure. John Coggeshall demonstrates one common PHP error that can leave you vulnerable, and he explains how to think like a bad guy to prevent these mistakes in the first place.
[PHP DevCenter]
Securing Small Networks with OpenBSD
Changes in pf: Packet Filtering
OpenBSD's packet filter has really grown up. Since its introduction in OpenBSD 3.0, it's become an advanced tool for networking and security. In the third of four articles, Jacek Artymiak explores new options for packet filtering with pf in OpenBSD 3.2, after NAT and redirection have taken place.
[BSD DevCenter]
Ten Security Checks for PHP, Part 2 The same global access that makes web apps useful means that you have to keep on top of security. Though it's easy to create sites in PHP, it's not immune to sloppy coding. Clancy Malcolm explains how to recognize and fix five potential security holes with PHP in the second of two articles. [PHP DevCenter]
Ten Security Checks for PHP, Part 1 The same global access that makes web apps useful means that you have to keep on top of security. Though it's easy to create sites in PHP, it's not immune to sloppy coding. Clancy Malcolm explains how to recognize and fix five potential security holes with PHP in the first of two articles. [PHP DevCenter]
 | ||
|
You want to block incoming traffic from a particular host. Do it now. |
||
Sponsored by:
