Mulitple Sources of Income DirectoryYou are here » Mulitple Sources of Income » Links Directory » Computers » Security (0)
Security RSS FeedsPlaintext Recovery Attack Against SSH - LinuxSecurity.com: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, we are unable to properly assess its impact. Have you heard about the latest reported attack on the SSH protocol version 2? Do you think the SSH team made the right decision in not doing an emergency release? If you are interested in ways to prevent this attack, please read on ...Feed Source: www.linuxsecurity.com Upcoming Conference Talks on SELinux Applications: sVirt and Kiosk Mode - LinuxSecurity.com: Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes. Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information.... Hardening The Linux Kernel With Grsecurity (Debian) - LinuxSecurity.com: Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points. This howto was performed on a Debian Lenny system. Thus some tools are Debian specific. However, tasks can be performed with other distro specific tools or even with universal tools (make). Have you ever thought about testing Grsecurity? It takes some work what this article will walk you through it.... Zeroshell Delivers Big Network Services in a Small Package - LinuxSecurity.com: Hand-rolling your own Linux-based network servers, routers and wireless access points is easier than ever largely because of the proliferation of tiny, specialized Linux distributions like Zeroshell. Zeroshell weighs in at just over 100 megabytes, making it perfect for embedded devices like PC Engines WRAP boards, Soekris boards, Mini-ITX, and other small form-factor computers Check out this lightweight Linux distro which is suited to delivering network security services running on embedded devices. ... Analyzing Malicious SSH Login Attempts - LinuxSecurity.com: Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks. Have you ever looked at your ssh logs and notice attackers trying to get in? This article analyses those logs and presents some recommendations to show you how to make your ssh server more secure. ... Problems with Penetration Testing - LinuxSecurity.com: Penetration testing is as popular as ever, yet it continues to miss the mark. As a means of validating the security of an application system, it fails miserably on several counts. I continue to find organizations that make extensive use of penetration testing as their primary means of security testing systems before they go live, or periodically while they are in production. There are a myriad of problems with this approach, but I'd like to address one particular here that you likely haven't considered. This article looks at some of the issues with doing penetration testing. Do you do penetration testing on your applications?... Fedora 8 Update: thunderbird-2.0.0.18-1.fc8 - LinuxSecurity.com: This update update upgrades thunderbird packages to upstream version 2.0.0.18, which fixes multiple security issues detailed in upstream security advisories: ... Mandriva: Subject: [Security Announce] [ MDVSA-2008:233 ] libcdaudio - LinuxSecurity.com: A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues.... Slackware: libxml2 - LinuxSecurity.com: New libxml2 packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues including a denial or service or the possible execution of arbitrary code if untrusted XML is processed. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: ... RedHat: Moderate: thunderbird security update - LinuxSecurity.com: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.... A Secure Nagios Server - LinuxSecurity.com: Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. ... Never Installed a Firewall on Ubuntu? Try Firestarter - LinuxSecurity.com: When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing. Read on for more information on Firestarter. ... IBM Business Transformation - IBM's Business Transformation. Business Week
writes about IBM's focus on business transformation services: "BM, with
its legions of PhDs and closets full of patents, is not built to duke
it out with the likes of Dell. Palmisano's strategy promises a neat
escape. Instead of battling in cutthroat markets, he takes advantage of
all the low-cost technology by packaging it, augmenting it with
sophisticated hardware and software, and selling it to customers in a
slew of what he calls business transformation services. That way IBM
rides atop the commodity wave -- and avoids drowning in it." [E M E R G I C . o r g]... MSNBC: "HERE COME THE VLOGS - MSNBC: "HERE COME THE VLOGS".
MSNBC: Ready for your close-up? Here come the vlogs is a great snapshot of videoblogging by Michael Rogers. He namechecks all our favorites including Rocketboom, Ryanne, Jay, Human Dog, Steve Garfield, and Dylan. He also mentions the tools making it easier to find videoblogs, such as ANT and ... Do The VoIP Math. - Do The VoIP Math.
Russell Shaw does the math and shows how VoIP is cheaper than a cell
phone only.I agree. Which is why I think the wireless companies need to
be in the VoIP business and fast . [VoIP Watch]... Blog, Vlog, Podcast, Mobcas - Blog, Vlog, Podcast, Mobcast. So many new words, so little time.
Blog (web log), Vlog (video web log), Podcasting (including audio in
your RSS (really simple syndication) feed for download into an Apple
iPod or other MP3 player) and Mobcasting (mobile podcasting) an Andy Carvin
acronym which posits the use of smart phones to create podcasts -- are
all relatively new words that represent one extremely big idea --
unfettered plebeian access to the fifth estate.
Until a few years ago, governments (secular or non) had almost
complete control of information. That made (and continues to make)
information a form of currency -- like the military and other stores of
economic value. These "new words" are much more powerful than the
technologies they represent, they speak a new language of information
and, to be sure, currency.
The value you will place on this information is in direct
proportion to the use you have for it. Most people won't care about the
ranti...
Small telecom carriers focus on providing choices. - Small telecom carriers focus on providing choices.
WASHINGTON - As traditional competitive local exchange carriers (CLECs)
retool to keep up with U.S. regulations and battle the huge regional
Bells, a range of new business models are emerging. [InfoWorld: Top News]... Ten To Watch in Mobile Content - Ten To Watch in Mobile Content. This is not a definitive list, just
a list of smart young blood in the mobile content sector. Notice that
except for one, none of them are CEOs (yet), but you’ll hear a lot
from and about them in the next few years (that was the criteria). Just
a way of recognizing the people in the second wave of mobile content
(in no particular order):
» Greg Clayman, Vice President, Wireless Strategy and Operations, MTV Networks
» Rio Caraeff, mobile head at Universal Music
» Thomas Ryan, Senior VP, Mobile Development, EMI Music
» ...
Telesym Podcast: the Future of VoWLAN. - Telesym Podcast: the Future of VoWLAN.
If you're interested in where Voice over IP over WLAN is heading in the
enterprise, listen to this interview with Telesym: I met over in
Bellevue, Wash., today with Telesym, a firm that extends an
enterprise-based phone exchange (PBX) system into laptops, handhelds,
and "scanners": bar-code devices used in retail and logistics by store
and floor personnel. I spoke with Mike Houston, Telesym's director of
Marketing, Ken Myer, senior VP of sales and marketing, and Jennifer
Gehrt, a founding partner at Communiqué Public Relations about
Telesym's position in the market, but more largely about the future of
VoWLAN. (Ken had to leave for a meeting, so I spoke primarily with Mike
in this podcast). You'll hear at the outset of the recording after my
introduction a conversation we had using Telesym technology: I was on a
USB headset connected to a Telesym client running under Mac OS X; Mike
w... CLEC New Business Model - CLECs search for new business models.
WASHINGTON - Recent months have been tough for competitive local
exchange carriers (CLECs), as their allies get gobbled up by
competitors and the government dismantles network-sharing regulations.
But CLECs say they will survive by adopting new business models and
focusing on customer relations. [InfoWorld: Top News]... Podcasting The Night Away. Forbes: - Podcasting The Night Away. Forbes:
"For now, Podcasting is no threat to radio as we know it. But pay
attention to it. It may not always be called Podcasting, and it may not
always be free in the way it is now, but as we've seen with MP3s, these
things sometimes have a funny way of taking on a life of their own." [Adam Curry's Weblog]...
New Free VoIP, Video & P2P IM Client using Open Standards. - New Free VoIP, Video & P2P IM Client using Open Standards. ineen
is new P2P IM software with VoIP and Video that's easy and free to use.
The client was built using Xten's eyeBeam SDK and makes use of SIMPLE
for P2P IM and Presence. VoIP is supported by SIP and the Video media
is H.263[+]. You can use ineen to call over other networks as well,
including: Free World Dialup, SIPphone, & iptel.org.
Xten will be demonstrating ineen at VON next week. [SIPthat.com]... Searching for weather, by web or phone - Searching for weather, by web or phone
As a kid, I would stare for hours at repetitious weather reports on TV.
Boring, you say? Not to me - I love weather. And since I've worked
here, I've wondered why Google doesn't do weather. It seemed like a
perfect 20% project
for me, so now I'm pleased to report that you can get
current conditions and a forecast
by typing [weather Chicago], or whatever your U.S. location is (zipcodes are also fair game). If you prefer, use
Google SMS
to send a text message to the U.S. five digit shortcode 46645 (GOOGL on
most mobile phones) followed by your meteorological query.
Ben Sigelman
Sof... VON 2005 - Spring 2005 VON: In the News Today. Investors Business Daily - March 7th: Internet Telephone Service Buzz Comes Calling At Big Trade Show
Mercury News - March 6th: Phone calls destined to be sent like e-mail, as packets of data (requires subscription)
[The Jeff Pulver Blog]... SODA - SODA. A month
or so ago, I was reading a Gartner handout for a conference, and came
across an acronym they invented- SODA[1]. SODA (Service-Oriented
Development of Applications), as Gartner defines it, consists of the
following areas: []... Yahoo Web Service API - Yahoo Web Service API.
Yahoo joins the growing number of web sites exposing their API as Web
Services. Their API is available from Yahoo Developer Network . []... Copyright © 2008, Mulitple Sources of Income. All Rights Reserved. |