Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[rv56]

Fedora 12 lets unprivileged users install packages
19 November 2009, 12:27 pm

LinuxSecurity.com: Fedora bug #534047 contains an interesting Fedora 12 surprise: "PackageKit allows you to install signed content from signed repositories without a password by default. It only asks you to authenticate if anything is unsigned or the signatures are wrong." So any user can install any package found in the official repository. Some Fedora developers, at least, seem to see this as a feature; see this rapidly-growing thread for the discussion.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Penetration Testing Grows Up
19 November 2009, 12:21 pm

LinuxSecurity.com: Penetration testing, once considered a risky practice for the enterprise and even a tool for evil hacking purposes, is becoming more of an accepted mainstream process in the enterprise mainly due to compliance requirements, more automated, user-friendly tools -- and most recently, the imminent arrival of a commercial offering based on the popular open-source Metasploit tool.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Who's Talking About Me?
18 November 2009, 11:34 am

LinuxSecurity.com: Popular videos and articles get reposted or discussed on dozens or hundreds of sites. But Web experts are now thinking about how to keep track of online conversation in real time, even when it's scattered all over the Web. A new crop of protocols aim to do just that.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Firefox 3.6 locks down component directory
18 November 2009, 11:31 am

LinuxSecurity.com: The Mozilla developers have announced that Firefox 3.6 will "lockdown" the components directory of the browser to stop third party applications bypassing the standard add-ons and plug-in support by pushing user invisible changes directly into Firefox. From today's planned release of Firefox 3.6's beta 3, and onwards, the components directory will be for Firefox code only and third party developers will only be able to extend the browser through the officially supported add-ons system.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Cloud Security's Silver Lining: Q&A With ISF President Howard Schmidt
18 November 2009, 11:29 am

LinuxSecurity.com: The bad guys of the Internet -- black hat hackers, scammers, and the like -- are becoming more organized and directed in their attacks, according to Howard Schmidt, president of the Information Security Forum. As companies begin looking toward cloud services, they're often wary of the problems they've faced in the past but also careful not to fall into the same traps again.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

How Secure Is Cloud Computing?
17 November 2009, 1:23 pm

LinuxSecurity.com: Great interview with crypto-legend Whitfield Diffie. Cryptography solutions are far-off, but much can be done in the near term, says Whitfield Diffie. Cloud computing services, such as Amazon's EC2 and Google Apps, are booming. But are they secure enough? Friday's ACM Cloud Computing Security Workshop in Chicago was the first such event devoted specifically to cloud security.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Searching an Encrypted Cloud Searching
17 November 2009, 1:21 pm

LinuxSecurity.com: Recent advances in cryptography could mean that future cloud computing services will not only be able to encrypt documents to keep them safe in the cloud--but also make it possible to search and retrieve this information without first decrypting it, researchers say.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

StartSSL: a Certification Authority with a heart
17 November 2009, 1:25 pm

LinuxSecurity.com: Linux Security had the chance to talk with Eddy Nigg, founder of StartSSL, an "alternative" CA, by any meaning. Their business model is quite different then that of other well known CAs, with a pricing policy absolutely counter to current trends: once a customer verified its identity, any number of certificates can be obtained for free, payment is only required for those steps requiring human intervention (usually identification and release of EV certificates).

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Official Bruce Schneier action figure steps onto market
17 November 2009, 1:20 pm

LinuxSecurity.com: Good news for devotees of ponytailed crypto guru of all our hearts Bruce Schneier: it's now possible to buy an officially endorsed "Bruce Schneier action figure".  The action figure, which can be purchased here, comes with a range of costumes ("casual Bruce", "smart Bruce" and "head only"), and also features "scalp" options ("bald", "ponytail" or "cyborg").

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Vulnerability in Wikipedia Toolbar for Firefox
17 November 2009, 1:19 pm

LinuxSecurity.com: Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

H.D. Moore speaks about Metasploit Project deal, Release 3.3
17 November 2009, 1:18 pm

LinuxSecurity.com: The sale of the Metasploit Project, and its highly respected pen-testing platform to vulnerability management vendor Rapid7 in October signals change for yet another major open-source project to a commercial company. In a wide-ranging interview, Metasploit founder H.D. Moore speaks about the evolution of the Metasploit Project, the threat environment it has grown in and what the acquisition means for the future of the project. Moore also talks about the latest Metasploit framework release (version 3.3), the project's open source exploit development and penetration-testing platform.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Microsoft confirms Windows 7 tool used GPL code
17 November 2009, 1:16 pm

LinuxSecurity.com: Microsoft said Friday that its inquiry confirms that a tool aimed to make it easier to load Windows 7 on a Netbook does in fact contain open-source code.  "After looking at the code in question, we are now able to confirm this was indeed the case, although it was not intentional on our part," Microsoft's Peter Galli said in a blog posting.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Open-source tools wrest control of personal data
17 November 2009, 1:15 pm

LinuxSecurity.com: In today's information age, personal data is possibly one of the most valuable assets an individual can own. But swathes of it are being gathered and held by companies and public sector bodies, often with little apparent benefit to the person to whom it belongs.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

The Botnet Hunters
17 November 2009, 1:13 pm

LinuxSecurity.com: They're the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here's an inside look at the battle against cybercrime's weapons of mass infection.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

FAQ: Recognizing phishing e-mails
17 November 2009, 1:12 pm

LinuxSecurity.com: If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<