Security Alerts PHP Problems
Noel Davis looks at problems in PHP, Emacs, ftpd-ssl, Lynx, Roaring Penguin pppoe, OpenVPN, RAR, Fedora Core X-Chat, HP-UX xterm, libungif4, and GpsDrive.
Assessing Web App Security with Mozilla
If your web application expects only that users always follow instructions and can never do anything other than what you want, it's probably insecure. You might find it surprising how much information your app exposes to a potentially hostile world. Shreeraj Shah demonstrats how to use Mozilla's LiveHTTPHeaders extension to see what your app does and probe it for vulnerabilities.
Michal Zalewski on the Wire
What motivates a hacker? Perhaps curiosity, the pursuit of knowledge, and the simple joy of saying "Hmm, that's funny! What happens if I ...?" Eccentric security researcher Michal Zalewski exhibits these traits. Fearless interviewer Federico Biancuzzi recently talked with Zalewski about his curious approach to computer security, the need for randomness, and how the hacker mind works.
Security Alerts Ethereal Trouble
Noel Davis looks at problems in sudo, Ethereal, Apache mod_auth_shadow, fetchmailconf, lynx, Mantis, pnmtopng, gnump3d, Squid, unzip, uim, Curl, and imlib.
Security Alerts KWord Trouble
Noel Davis looks at problems in KWord, SPE under Gentoo, wget, Brightstore, eTrust, Unicenter, OpenSSL, XMail, uw-imap, weex, tcpdump, graphviz, up-imapproxy, xloadimage and xli, and Ruby.
Security Alerts XFree86 Trouble
Noel Davis looks at problems in XFree86, cfengine, RealPlayer 10, Helix Player, ClamAV, XSun, Xprt, arc, prozilla, AbiWord, Backupninja, Hylafax, ApacheTop, and libsnmp5.
Big Scary Daemons Information Security with Colin Percival
The recent disclosure of side-channel techniques to retrieve cryptographic secrets on hyperthreading machines caused stirs in security and operating system development communities. Colin Percival, a FreeBSD security officer, reported the vulnerability and weathered the questions and criticisms. Michael W. Lucas recently interviewed him on this vulnerability, vendors' responses, and security research.
Security Alerts MySQL Trouble
Noel Davis looks at problems in MySQL, umount, KDE's kcheckpass, GNOME Workstation Command Center, X.org, Squid, TWiki, ncompress, grip, Turquoise SuperStat, gtkdiskfree, and LessTif.
Securing Web Services with mod_security
Web services build atop HTTP to allow more flexible applications. However, their flexibility and ubiquity do not always protect against vulnerabilities due to the way HTTP works. Fortunately, the mod_security module and some planning can block potential attacks at both the protocol and application level before they start. Shreeraj Shah explains.
Anatomy of an Attack: The Five Ps
The five Ps--Probe, Penetrate, Persist, Propagate, and Paralyze--represent a model of how a security attack progresses. In this excerpt from Managing Security with Snort & IDS Tools, the authors discuss an attack's progression through these five steps, whether the attack is sourced from a person or an automated worm or script, with emphasis on the Probe and Penetrate phases, the stages that Snort monitors.
OpenBSD 3.6 Live
Right on schedule, the OpenBSD team plans to release version 3.6 on November 1. Federico Biancuzzi recently interviewed several members of the core team about new features and changes in the code and the project.
Deploying a VPN with PKI
Security and convenience often conflict with each other. It'd be nice to have access to your office network from anywhere, but you can't trust the Internet. Virtual private networks are one solution. Scott Brumbaugh explains how to deploy a VPN using OpenVPN and OpenSSL.
Security Alerts Linux AMD64 Kernel Bug
Noel Davis looks at a Linux 2.4 kernel bug on AMD64 machines, problems in Samba, changepassword.cgi, MPlayer, the MIT Kerberos 5 administration library, logcheck, Sybase Adaptive Server Enterprise, Konqueror, Debian debmake, Xpdf, and xzgv.
Secure Your Wireless with IPSec
Wireless can make your life much, much easier, but those pesky radio waves won't stay put. Sometimes this is good, but sometimes you want to lock down your network. WEP and MAC address filtering aren't secure enough. IPSec, the same approach used to secure VPNs, is much better. Dan Langille explains how to configure Wifi with IPSec.