Ubuntu 8.10 Beta ScreenShots from the install to installing packages Linux Dynasty: "Ubuntu 8.10 Beta was released today and I'm glad to post the ubuntu 8.10 Beta screen shots here. I will say this...I've always enjoyed using Ubuntu and Ubuntu based distributions. Ubuntu has always made my life on my desktop easier." link fixed--ed. (Oct 5, 2008)
Strange Ironies (Oct 10, 2008, 14:35 UTC) (595 reads)
(0 talkbacks)
(feedback) Snake Bytes: "There have been a lot of strange ironies for me in the last week in the security world. Rather than expound on any one of them, I thought I'd take a stab at all of them all at once. So bear with me -- you're in for a ride."
Turn Linux into Fort Knox: 10 Tools for a Safer Web Server (Oct 9, 2008, 19:35 UTC) (1333 reads)
(0 talkbacks)
(feedback) Daily Artisan: "Linux is a secure and stable OS but is still vulnerable to bugs, security leaks and intrusion attacks specially if you are using it as a web server. To detect such attacks and security holes, security tools are needed. These can be used to patch up bugs, fix network leaks, prevent viruses, trojan horses and remote exploits."
Why eBay Should Open-Source Skype (Oct 9, 2008, 18:35 UTC) (1041 reads)
(0 talkbacks)
(feedback) Linux Journal: "eBay is not going through the happiest of times. Not only has it found it necessary to make 1000 people - 10% of its workforce - redundant, it has had to own up to a serious breach of trust with its Internet telephony program, Skype."
Creepy Clickjacking Bug Lets Hackers Control Webcams (Oct 9, 2008, 14:35 UTC) (715 reads)
(0 talkbacks)
(feedback) LinuxInsider: "A Flash Player vulnerability could allow attackers to gain control of a user's webcam and microphone, according to a security advisory issued by Adobe. The company has issued a workaround; however a patch won't come until later."
Metasploit 3.2 Offers Testers More 'Evil Deeds' (Oct 9, 2008, 14:05 UTC) (820 reads)
(0 talkbacks)
(feedback) InternetNews: "Hacking into systems (albeit for testing purposes) is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator."
NSA: Open Source Provides Extreme Security at Lower Cost (Oct 9, 2008, 13:05 UTC) (1296 reads)
(4 talkbacks)
(feedback) The Open Road: "In one of the biggest testaments yet of open source's security credentials, and of its ability to deliver security at lower cost, the US National Security Agency (NSA) has turned to open source to create part of the Tokeneer System."
Video: Mastering IPTables, Part I (Oct 8, 2008, 16:01 UTC) (1085 reads)
(0 talkbacks)
(feedback) Linux Journal: "Linux comes with a powerful firewall built-in, although the interface can be a little intimidating. This is the first in a multi-part tutorial on how to master basic and not-so-basic IPTables functionality and create the perfect firewall for your home network."
Asus Reports Virus Loaded Into Eee Box PCs (Oct 7, 2008, 23:47 UTC) (3027 reads)
(9 talkbacks)
(feedback) Network World: "Asustek Computer's Japanese arm has alerted owners of its new Eee Box low-cost desktop PC that the machine shipped with a virus."
Sockstress: A New and Effective DoS Attack (Oct 6, 2008, 12:33 UTC) (2062 reads)
(6 talkbacks)
(feedback) TechRepublic: "Security researchers Jack C. Louis and Robert E. Lee of Outpost 24 stumbled onto a relatively simple way to implement a Denial of Service (DoS) attack that does not require massive syn floods. The researchers aren't releasing many details about the attack except for those provided in a very interesting interview..."
12 Most Devastating PC Viruses and Worms of All Time (Oct 4, 2008, 20:33 UTC) (3645 reads)
(4 talkbacks)
(feedback) Tech Source From Bohol: "I don't want to explain further or start a debate here, but I'll just let this all time list of 12 most devastating viruses and worms do the talking."
Report: Skype Helped China Snoop on Users (Oct 3, 2008, 12:32 UTC) (905 reads)
(0 talkbacks)
(feedback) LinuxInsider: "In China, nothing is private. As if we needed more proof, a Canadian group has spotted a bank of unsecured servers containing what appear to be filtered-out information from Skype messages that might run afoul of Chinese censors..."
Testing SIP Security on a Budget, Part 1 (Oct 2, 2008, 00:07 UTC) (937 reads)
(0 talkbacks)
(feedback) VoIP Planet: "Dozens of open-source and shareware tools have been developed to capture, manipulate, replay, and generate SIP and RTP messages. Before attempting to conduct your own VoIP vulnerability assessment, you might want to browse the VOIPSA Security Tools list, the Hacking VoIP Exposed Security Tools list, or the iSEC Partners VOIP Security Tools list, following links to download software and create your own VoIP security toolbox."
Untangle Provides Open Source Security On A USB Stick (Oct 1, 2008, 21:35 UTC) (1222 reads)
(0 talkbacks)
(feedback) The VAR Guy: "Untangle, which develops open source security solutions, has a rather interesting pitch for VARs and small businesses. It involves a simple USB stick known as the Silver Bullet."
New DoS Attack Is a Killer (Oct 1, 2008, 18:05 UTC) (2440 reads)
(5 talkbacks)
(feedback) Snake Bytes: "...the two were asked if they could take out a data center. While they've never tried, it appears to be a totally plausible attack. Worse yet, unlike most DoS attacks, the machines often do not come back online once the attack is over. The victim system just doesn't respond any more."
The Linux Safety Net: Living Fast and Dangerous (Oct 1, 2008, 11:05 UTC) (1223 reads)
(0 talkbacks)
(feedback) Raiden's Realm: "Are we living the fast and dangerous life in Linux just because it's so bullet proof and safe? I ask that question because I have honestly found myself in recent months openly ignoring, not consciously mind you, but unconsciously, long held safety and security practices whenever I'm on a Linux or BSD machine."
Verify Your Email Security With tcpdump (Sep 29, 2008, 22:02 UTC) (1508 reads)
(2 talkbacks)
(feedback) LinuxPlanet: "...being an untrusting soul as all wise network administrators are, I can use tcpdump to verify that encryption is working. Here is what a plain unencrypted POP mail session looks like. This is an abbreviated example showing only the initial three-way TCP handshake. You can do this yourself by firing up tcpdump, then checking mail. Ctrl+C stops it:"
SECURITY: Track Your Missing Laptop With Adeona
(Sep 25, 2008, 06:32 UTC) (1519 reads)
(0 talkbacks)
(feedback) Linux.com: "... the free software utility Adeona won't preemptively deter theft, but it will help you track down your stolen equipment and better the chances of its recovery by police."
New Linux Phone Can 'pwn' Wi-Fi (Sep 22, 2008, 20:32 UTC) (1748 reads)
(1 talkbacks)
(feedback) Techworld: "Open source developer NeoPwn has built what it claims is the first Wi-Fi penetration testing platform to run from a mobile phone."
Hack Attack Week (Sep 20, 2008, 00:02 UTC) (1737 reads)
(0 talkbacks)
(feedback) Builder AU: "It wasn't a good week to be an Alaskan vice-presidential candidate, an online publication or even a multinational science project -- as all were compromised by hackers this week."
Untangle's Free Re-Router Gateway for Windows is Good Bet for SMBs (Sep 17, 2008, 20:31 UTC) (1484 reads)
(0 talkbacks)
(feedback) TechRepublic: "Untangle, Inc. has released the Untangle on Windows open source gateway software for use on Windows PCs. Until now, Untangle has provided a Linux-based open source gateway as a free download or as a purchased piece of hardware."
Crypto-Gram Newsletter, September 15, 2008 (Sep 17, 2008, 16:01 UTC) (1018 reads)
(0 talkbacks)
(feedback) Crypto-Gram Newsletter: "Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable...It's a good idea in theory, but it's a mostly bunk in practice."
Video: Hacking a Voting Machine (Sep 13, 2008, 19:02 UTC) (2018 reads)
(0 talkbacks)
(feedback) Make: "I am not suggesting you try this, but I am suggesting you question the reliability of these systems."
Korset: Linux Security Thanks to Static Analysis (Sep 12, 2008, 13:53 UTC) (1153 reads)
(0 talkbacks)
(feedback) Linux Magazine: "Coworkers at the University of Tel Aviv have presented a prototype for a new host-based intrusion detection system (HIDS) for Linux. Named Korset, it uses static code analysis and promises zero failures." link fixed--ed.
With Linux, Even Rootkits Are Open Source (Sep 10, 2008, 12:31 UTC) (2402 reads)
(1 talkbacks)
(feedback) Linux Journal: "Linux has traditionally been regarded as significantly more secure than other common platforms...That may well have changed last Thursday, however, as a commercial "penetration testing" firm released what may be the most difficult to detect Linux rootkit to date — under an open source license."
Fedora, Red Hat, and Distributor Security (Sep 9, 2008, 19:01 UTC) (1695 reads)
(1 talkbacks)
(feedback) LWN: "Seriously scary, but Red Hat has been able to convince itself that none of the compromised packages were fed out to RHEL subscribers. So this attack, too, failed - but not by much."
The Cyber Crime Hall of Fame (Sep 9, 2008, 18:31 UTC) (1740 reads)
(2 talkbacks)
(feedback) PC Magazine: "Rules are made to be broken the same way networks are made to be hacked into. These are nine of the most infamous criminal hackers to ever see the inside of a jail cell."
Tip of the Trade: Cracking Passwords (Sep 9, 2008, 16:31 UTC) (1982 reads)
(0 talkbacks)
(feedback) ServerWatch: "Enforcing password security with a multiple-user system can be a hassle — users all too often use inadequate passwords. john-the-ripper (also available via most distros) is a password-cracking tool that enables the identification of vulnerable passwords before someone with nefarious intentions finds the weakness."
SystemRescueCd 1.1.0 Packed with New Utilities (Sep 9, 2008, 12:31 UTC) (2210 reads)
(0 talkbacks)
(feedback) Softpedia: "The SystemRescueCd team has announced today the latest version of their Linux system. This new release brings important new features, such as advanced customization and kernel recompilation, as well as updates to some of the already present applications."
2007 Web Application Security Statistics Published (Sep 8, 2008, 23:02 UTC) (1449 reads)
(0 talkbacks)
(feedback) Web Application Security Consortium: "The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007."
Intel Atom Disk Encryption Performance (Sep 8, 2008, 06:02 UTC) (2462 reads)
(0 talkbacks)
(feedback) Phoronix: "What is the performance cost for fully encrypting a hard drive on one of these Intel Atom computers? In this article we are looking at the performance impact of fully encrypting the solid-state storage versus an unencrypted LVM within Ubuntu Linux."
Open Source Release Takes Linux Rootkits Mainstream (Sep 5, 2008, 14:32 UTC) (2222 reads)
(0 talkbacks)
(feedback) The Register: "The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Security, a firm that supplies tools for penetration testers."
ISP Web Tracking Dead As Net Eavesdropping CEO Resigns (Sep 4, 2008, 12:01 UTC) (1293 reads)
(0 talkbacks)
(feedback) Wired: "Online privacy scored a small victory this week as the CEO for controversial net eavesdropping firm NebuAD resigned just months after Congress successfully scared the country's ISPs into abandoning dreams of windfall profits from tracking their customers around the web."
Preventing Brute Force Attacks With Fail2ban On Fedora 9 (Sep 1, 2008, 20:02 UTC) (2630 reads)
(2 talkbacks)
(feedback) HowtoForge: "In this article I will show how to install and configure fail2ban on a Fedora 9 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule."
