Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[rv56]

DNS problem linked to DDoS attacks gets worse
16 November 2009, 1:29 pm

LinuxSecurity.com: Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Rights group throws the e-book at Google
16 November 2009, 1:28 pm

LinuxSecurity.com: Google is hoping to put an end to the controversy surrounding its e-book project with a revised settlement under which it would offer rights holders the opportunity to step in when Google has inappropriately printed an out of print book in the English language.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

The Web Application Security New Top 10 Risks
16 November 2009, 1:25 pm

LinuxSecurity.com: With a focus on risks, rather than only ranking software vulnerabilities, the Open Web Application Security Project (OWASP) has made a significant - and welcomed - change in how the organization rates Web application security weaknesses.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Hacking Privileged Database User Access
16 November 2009, 1:24 pm

LinuxSecurity.com: The prospect of restricting access to your database is tricky when it comes to privileged users, such as database administrators who need to keep the databases running, developers who need to tap into databases to get them to work, or super users who just need an inordinate amount of access to get their jobs done.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

Most Security Products Fail First Certification Tests
16 November 2009, 1:23 pm

LinuxSecurity.com:  In the software business, quality is often left behind in the rush to be latest and greatest. Security products are no exception, according to a study released Monday by ICSA Labs.  ICSA Labs, a unit of Verizon Business, provides third-party testing and certification of security products. The company examined 20 years of its testing data to create the "ICSA Labs Product Assurance Report". The report indicates that nearly 80 percent of security products fail to perform as intended when first tested, and generally require two or more cycles of testing before achieving certification.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[rv56]

VeriSign: Major internet security update (DNSSEC) by 2011
16 November 2009, 1:22 pm

LinuxSecurity.com: VeriSign has said a significant outstanding internet security vulnerability will be closed by 2011, after delays caused by technical aspects of the implementation.  The problem is that DNS, the Domain Name System that translates internet addresses such as website URLs into numerical values, can be seeded with false values and used to misdirect users.

Source: LinuxSecurity.com - Latest News

>> To obtain the full Linux Security article, click the link in the first post line <<

[Scarlett]

Breaking the Botnet Code
13 November 2009, 1:26 pm

LinuxSecurity.com: Networks of compromised computers controlled by a central server, better known as botnets, are a Swiss Army knife of tools for online criminals. Hackers can use these co-opted systems to churn out spam, host malicious code, hide their tracks on the Internet, or flood a corporate network to cut off its access to the Web.

Source: LinuxSecurity.com - Latest News

[Scarlett]

Web Security Tool Copies Apps' Moves
13 November 2009, 1:21 pm

LinuxSecurity.com: I'd sure like to see something like this for Linux. Could be very useful for secure helpdesk troubleshooting. Are you already doing something like this with a secured VNC? Nowadays, it's easy for developers to build fully fledged applications that run inside the browser. Keeping these applications safe from hackers is another matter. With this in mind, scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user's browser and running it remotely.

Source: LinuxSecurity.com - Latest News

[Scarlett]

Wordpress Launches 2.8.6 Security Update
13 November 2009, 1:15 pm

LinuxSecurity.com: News, today, of the release of the latest security update for Wordpress, now revved to 2.8.6. Specific re-mediated issues are related to yet another cross site script flaw, as well as file sanitization challenges. More information direct from the developers makes an appearance after the jump. Update now.

Source: LinuxSecurity.com - Latest News

[Scarlett]

New Flash Attack Has No Real 'Fix'
13 November 2009, 1:13 pm

LinuxSecurity.com: Researchers show how Adobe Flash can be exploited in browsers when victim visits sites that accept user-generated content. Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it.

Source: LinuxSecurity.com - Latest News

[Scarlett]

64 percent of websites contain serious flaws
13 November 2009, 1:11 pm

LinuxSecurity.com: Cross-site scripting and SQL injection remain the top methods of attack.  Vulnerabilities in web applications remain the primary avenue of attack for cybercriminals, according to a WhiteHat Website Security Statistics Report released this week.

Source: LinuxSecurity.com - Latest News

[Scarlett]

New Microsoft patent may put Linux security components at risk
12 November 2009, 1:21 pm

LinuxSecurity.com: Microsoft has been granted a patent on a privilege escalation system which appears to cover the functionality of PolicyKit, which is used for fine grain authorisation on Ubuntu, Fedora, openSUSE and other Linux systems. The patent claims in 7,617,530 appear to be for system software which, when an application needs a higher privilege level, displays a graphical list of users with the privileges required to perform the task. Selecting one of the users and entering that user's password allows the task to be performed with that users privilege.

Source: LinuxSecurity.com - Latest News

[Scarlett]

Seven keyholders for the DNS root zone
12 November 2009, 1:18 pm

LinuxSecurity.com: Preparations for securing the domain name system root zone using the DNS Security Extensions (DNSSEC ) protocol are entering a key phase. At the 76th meeting of the Internet Engineering Task Force (IETF) in Hiroshima, the design team from VeriSign, the internet administration authority ICANN and the US NTIA presented the strict security conditions under which the various keys required will be generated, held and renewed. IETF developers expressed concern about the lack of channels for both explaining the DNSSEC rollout, scheduled to commence in January, to ISPs and for collecting reports of anything untoward from the ISPs.

Source: LinuxSecurity.com - Latest News

[Scarlett]

How to DDOS a federal wiretap
12 November 2009, 1:17 pm

LinuxSecurity.com: Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.  The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Source: LinuxSecurity.com - Latest News

[Scarlett]

Practical Analysis: The Fastest-Growing Security Threat
11 November 2009, 12:56 pm

LinuxSecurity.com: SQL injections, more than any other exploit, can land your company in trouble. So why aren't you worried about them? Few things make a CIO's eyes glaze over like the mere mention of SQL injections. Unless they cut their teeth in security or SQL programming, chances are that the folks who control the purse strings don't understand these increasingly common attacks. That's a real issue because you're probably making decisions that could exacerbate the problem.

Source: LinuxSecurity.com - Latest News