 |
|
||
Internet Marketing DirectoryYou are here » Internet Marketing » Links Directory » Computers » Security (0)
Security RSS FeedsZeroshell Delivers Big Network Services in a Small Package - LinuxSecurity.com: Hand-rolling your own Linux-based network servers, routers and wireless access points is easier than ever largely because of the proliferation of tiny, specialized Linux distributions like Zeroshell. Zeroshell weighs in at just over 100 megabytes, making it perfect for embedded devices like PC Engines WRAP boards, Soekris boards, Mini-ITX, and other small form-factor computers Check out this lightweight Linux distro which is suited to delivering network security services running on embedded devices. ...Feed Source: www.linuxsecurity.com Analyzing Malicious SSH Login Attempts - LinuxSecurity.com: Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks. Have you ever looked at your ssh logs and notice attackers trying to get in? This article analyses those logs and presents some recommendations to show you how to make your ssh server more secure. ... Problems with Penetration Testing - LinuxSecurity.com: Penetration testing is as popular as ever, yet it continues to miss the mark. As a means of validating the security of an application system, it fails miserably on several counts. I continue to find organizations that make extensive use of penetration testing as their primary means of security testing systems before they go live, or periodically while they are in production. There are a myriad of problems with this approach, but I'd like to address one particular here that you likely haven't considered. This article looks at some of the issues with doing penetration testing. Do you do penetration testing on your applications?... Samurai - Web Application Security LiveCD - LinuxSecurity.com: The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test. This article looks at the web testing framework live CD called Samurai. It has some interesting features so, check it out. Do you use any other Linux security live CD's?... Access Remote Network Services with SSH Tools - LinuxSecurity.com: You probably rely on the services on your own private network -- wikis, mail servers, Web sites, and other applications you've installed. What happens when you have to leave the friendly confines of your network? With minimum exposure and few simple tools, you can get all of the comforts of home anywhere you can find an Internet connection. Do you want to learn how to use SSH tools to access services on a remote private network securely? Read on to find out about some of the features of SSH which you may not be familiar with. ... Protecting a Web Application Against Attacks Through HTML Shared Files - LinuxSecurity.com: "Many Web applications have a file-sharing feature that allows Web users to share files by uploading them to, and downloading them from, a Web-accessible file repository. Shared files may include HTML files and other files containing scripts that are executed by the browser in the security context of the user that downloads the file. This opens the door to a range of crossuser attacks, including attacks by former users and even attacks by a user of a virtual application instance against a different virtual instance of the same application. Such attacks are in essence XSS attacks, but the usual defenses against XSS are typically not available, because shared files cannot be sanitized." The title of this article caught my eye. This article looks at ways to protect your Web applications against attacks through HTML shared files. Read on for more information .... Mandriva: Subject: [Security Announce] [ MDVSA-2008:232 ] dovecot - LinuxSecurity.com: The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions (CVE-2008-4577). ... Ubuntu: HPLIP vulnerabilities - LinuxSecurity.com: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940) It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. (CVE-2008-2941) ... Debian: New python2.4 packages fix several vulnerabilities - LinuxSecurity.com: David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules.... RedHat: Important: kernel security and bug fix update - LinuxSecurity.com: Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.... A Secure Nagios Server - LinuxSecurity.com: Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. ... Never Installed a Firewall on Ubuntu? Try Firestarter - LinuxSecurity.com: When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing. Read on for more information on Firestarter. ... IBM Business Transformation - IBM's Business Transformation. Business Week
writes about IBM's focus on business transformation services: "BM, with
its legions of PhDs and closets full of patents, is not built to duke
it out with the likes of Dell. Palmisano's strategy promises a neat
escape. Instead of battling in cutthroat markets, he takes advantage of
all the low-cost technology by packaging it, augmenting it with
sophisticated hardware and software, and selling it to customers in a
slew of what he calls business transformation services. That way IBM
rides atop the commodity wave -- and avoids drowning in it." [E M E R G I C . o r g]... MSNBC: "HERE COME THE VLOGS - MSNBC: "HERE COME THE VLOGS".
MSNBC: Ready for your close-up? Here come the vlogs is a great snapshot of videoblogging by Michael Rogers. He namechecks all our favorites including Rocketboom, Ryanne, Jay, Human Dog, Steve Garfield, and Dylan. He also mentions the tools making it easier to find videoblogs, such as ANT and ... Do The VoIP Math. - Do The VoIP Math.
Russell Shaw does the math and shows how VoIP is cheaper than a cell
phone only.I agree. Which is why I think the wireless companies need to
be in the VoIP business and fast . [VoIP Watch]... Blog, Vlog, Podcast, Mobcas - Blog, Vlog, Podcast, Mobcast. So many new words, so little time.
Blog (web log), Vlog (video web log), Podcasting (including audio in
your RSS (really simple syndication) feed for download into an Apple
iPod or other MP3 player) and Mobcasting (mobile podcasting) an Andy Carvin
acronym which posits the use of smart phones to create podcasts -- are
all relatively new words that represent one extremely big idea --
unfettered plebeian access to the fifth estate.
Until a few years ago, governments (secular or non) had almost
complete control of information. That made (and continues to make)
information a form of currency -- like the military and other stores of
economic value. These "new words" are much more powerful than the
technologies they represent, they speak a new language of information
and, to be sure, currency.
The value you will place on this information is in direct
proportion to the use you have for it. Most people won't care about the
ranti...
Small telecom carriers focus on providing choices. - Small telecom carriers focus on providing choices.
WASHINGTON - As traditional competitive local exchange carriers (CLECs)
retool to keep up with U.S. regulations and battle the huge regional
Bells, a range of new business models are emerging. [InfoWorld: Top News]... Ten To Watch in Mobile Content - Ten To Watch in Mobile Content. This is not a definitive list, just
a list of smart young blood in the mobile content sector. Notice that
except for one, none of them are CEOs (yet), but you’ll hear a lot
from and about them in the next few years (that was the criteria). Just
a way of recognizing the people in the second wave of mobile content
(in no particular order):
» Greg Clayman, Vice President, Wireless Strategy and Operations, MTV Networks
» Rio Caraeff, mobile head at Universal Music
» Thomas Ryan, Senior VP, Mobile Development, EMI Music
» ...
Telesym Podcast: the Future of VoWLAN. - Telesym Podcast: the Future of VoWLAN.
If you're interested in where Voice over IP over WLAN is heading in the
enterprise, listen to this interview with Telesym: I met over in
Bellevue, Wash., today with Telesym, a firm that extends an
enterprise-based phone exchange (PBX) system into laptops, handhelds,
and "scanners": bar-code devices used in retail and logistics by store
and floor personnel. I spoke with Mike Houston, Telesym's director of
Marketing, Ken Myer, senior VP of sales and marketing, and Jennifer
Gehrt, a founding partner at Communiqué Public Relations about
Telesym's position in the market, but more largely about the future of
VoWLAN. (Ken had to leave for a meeting, so I spoke primarily with Mike
in this podcast). You'll hear at the outset of the recording after my
introduction a conversation we had using Telesym technology: I was on a
USB headset connected to a Telesym client running under Mac OS X; Mike
w... CLEC New Business Model - CLECs search for new business models.
WASHINGTON - Recent months have been tough for competitive local
exchange carriers (CLECs), as their allies get gobbled up by
competitors and the government dismantles network-sharing regulations.
But CLECs say they will survive by adopting new business models and
focusing on customer relations. [InfoWorld: Top News]... Podcasting The Night Away. Forbes: - Podcasting The Night Away. Forbes:
"For now, Podcasting is no threat to radio as we know it. But pay
attention to it. It may not always be called Podcasting, and it may not
always be free in the way it is now, but as we've seen with MP3s, these
things sometimes have a funny way of taking on a life of their own." [Adam Curry's Weblog]...
New Free VoIP, Video & P2P IM Client using Open Standards. - New Free VoIP, Video & P2P IM Client using Open Standards. ineen
is new P2P IM software with VoIP and Video that's easy and free to use.
The client was built using Xten's eyeBeam SDK and makes use of SIMPLE
for P2P IM and Presence. VoIP is supported by SIP and the Video media
is H.263[+]. You can use ineen to call over other networks as well,
including: Free World Dialup, SIPphone, & iptel.org.
Xten will be demonstrating ineen at VON next week. [SIPthat.com]... Searching for weather, by web or phone - Searching for weather, by web or phone
As a kid, I would stare for hours at repetitious weather reports on TV.
Boring, you say? Not to me - I love weather. And since I've worked
here, I've wondered why Google doesn't do weather. It seemed like a
perfect 20% project
for me, so now I'm pleased to report that you can get
current conditions and a forecast
by typing [weather Chicago], or whatever your U.S. location is (zipcodes are also fair game). If you prefer, use
Google SMS
to send a text message to the U.S. five digit shortcode 46645 (GOOGL on
most mobile phones) followed by your meteorological query.
Ben Sigelman
Sof... VON 2005 - Spring 2005 VON: In the News Today. Investors Business Daily - March 7th: Internet Telephone Service Buzz Comes Calling At Big Trade Show
Mercury News - March 6th: Phone calls destined to be sent like e-mail, as packets of data (requires subscription)
[The Jeff Pulver Blog]... SODA - SODA. A month
or so ago, I was reading a Gartner handout for a conference, and came
across an acronym they invented- SODA[1]. SODA (Service-Oriented
Development of Applications), as Gartner defines it, consists of the
following areas: []... Yahoo Web Service API - Yahoo Web Service API.
Yahoo joins the growing number of web sites exposing their API as Web
Services. Their API is available from Yahoo Developer Network . []... Copyright © 2008, Internet Marketing. All Rights Reserved. |