 |
|
 |
|
Up to the minute GNU/Linux news, 24 hours a day!
Click the above for your daily dose of Linux news.
|
|
|
|
|
 Topic: SecurityThe new items published under this topic are as follows.
 |
|
 |
|
Posted on Jul 12, 2006 - 05:58 PM ::: by tylerdurden ::: 2379 Reads
|
|
|
This HowTo is about creating a user-session-safe directory which offers security on- and offline. This is done with PAM, a module named pam_script and EncFS ("Encrypted Filesystem"). This safe directory is used to store credentials and other sensitive information during a session. When a usersession is ended, in the worst case an encrypted directory remains on the harddrive. In the best case everything is removed. This construction is only meant to store information during a session, not for documents or any other valid information.
|
|
|
|
|
 |
|
|
|
|
Posted on May 22, 2006 - 05:28 PM ::: by tylerdurden ::: 2332 Reads
|
|
|
This article shows how you can test your Linux firewall with a tool called FTester (Firewall Tester). With FTester you can check your firewall's filtering policies. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). Furthermore, FTester also provides Intrusion Detection System (IDS) capabilities. http://www.howtoforge.com/test_your_linux_firewall_with_ftester
|
|
|
|
|
|
|
|
|
Posted on Mar 29, 2006 - 06:40 PM ::: by tylerdurden ::: 1556 Reads
|
|
|
|
|
|
|
|
|
|
|
|
Posted on Feb 23, 2006 - 05:25 PM ::: by tylerdurden ::: 1618 Reads
|
|
|
In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. Therefore you can stop SSH dictionary attacks with this tool.DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon.http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
|
|
|
|
|
|
|
|
|
|
Posted on Nov 09, 2005 - 12:15 PM ::: by solrac ::: 2388 Reads
|
|
|
Data received from the client needs further scrutiny to extend the security perimeter from common design elements to application code. To satisfy this requirement, This article offers a new security design framework (free reg. req'd) that covers two common types of vulnerability: action tampering and parameter manipulation (also known as data tampering).
|
|
|
|
|
|
|
|
|
Posted on Nov 03, 2005 - 02:15 PM ::: by tylerdurden ::: 4085 Reads
|
|
|
|
|
|
|
|
|
|
|
|
Posted on Apr 07, 2004 - 05:22 AM ::: by IntnsRed ::: 2260 Reads
|
|
Martin Schulze issued this Debian press release today:
Joint Statement about GNU/Linux Security
Executive Summary:
GNU/Linux vendors Debian, Mandrake, Red Hat, and SUSE have joined together to give a common statement about the Forrester report entitled "Is Linux more Secure than Windows?". Despite the report's claim to incorporate a qualitative assessment of vendor reactions to serious vulnerabilities, it treats all vulnerabilities as equal, regardless of their risk to users. As a result, the conclusions drawn by Forrester have extremely limited real-world value for customers assessing the practical issue of how quickly serious vulnerabilities get fixed.
Full Statement:
|
|
|
|
|
|
|
|
|
Posted on Mar 19, 2004 - 04:50 PM ::: by tylerdurden ::: 2293 Reads
|
|
|
|
|
|
|
|
|
|
|
Posted on Aug 30, 2002 - 02:16 PM ::: by IntnsRed ::: 1239 Reads
|
|
|
<a href="http://www.theregister.co.uk/" target=_blank>The Register is running a <a href="http://www.theregister.co.uk/content/4/26843.html" target=_blank>great article on general GNU/Linux security and Internet anonymity aimed at Linux newbies. The article isn't Debian-specific and doesn't involve a huge amount of detail, but contains a lot of good general concepts and links to learn/read more. Definitely recommended reading.
|
|
|
|
|
|
|
|
|
|
Posted on Jan 17, 2002 - 01:37 AM ::: by IntnsRed ::: 2407 Reads
|
|
An <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=129604" target=_blank>interesting bug was filed today by Florian Weimer. I'll quote the <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=129604" target=_blank>bug report in full:
"Over the past few months, the GNU/Linux community has slowly adopted a way of dealing with security issues which closely resembles the approach suggested by Microsoft last year: more-or-less systematic hiding of security problems from end users, at least for some time.
"Some Debian maintainers seem to participate in this process, and hold back security fixes, waiting for events to happen which are external and not related to the Debian project (for example, other distributors being ready to publish fixes).
"I'm not sure if this approach is desirable, or has the intended effect. However, I do think that it is conflicting with the third item of the Social Contract: The promise, "We Won't Hide Problems", is not held. (The following technical explanation is honored, though, such problem reports never enter the Bug Tracking System before release.)
"However, I do think that the Social Contract needs to reflect this problem. After all, the claim, "We Won't Hide Problems", gives the user a false sense of security and openness.
(end quote) As users of Debian, what's your opinion? Is this mere positioning to highlight Microsoft's security problems and procedures? Is this of concern to the general GNU/Linux community (all distributions) and thus is "bigger than Debian"? Is this an issue that Debian should take a principled moral stand on?
|
|
|
|
|
|
|
|
|
