Chicago Best Price DirectoryYou are here » Chicago Best Price » Links Directory » Computers » Security (0)
Security RSS FeedsOpenSUSE Adds SELinux - LinuxSecurity.com: Beginning with openSUSE 11.1, SUSE users will have an additional option regarding security frameworks. In addition to AppArmor, we will be adding SELinux capabilities in openSUSE 11.1, which will allow users to enable SELinux in openSUSE if they wish. Have you hear that openSUSE 11.1 will have the options to enable SELinux? My question is how useful will enabling SElinux on SUSE will be without a useful security policy? I guess we will have to wait and see if this move will help the distributions security. ...Feed Source: www.linuxsecurity.com Open Vulnerability Assessment System - LinuxSecurity.com: As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organized forked development with the name of OpenVAS - at last a decent and free Vulnerability Scanner! OpenVAS is a network security scanner which contains a graphical user front-end to help find problems in remote systems and applications. Have you tested it out? ... Attacking PHP Weak PRNGs: mt_srand and "Random Numbers" - LinuxSecurity.com: PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these algorithms are seeded by a single 32 bit dword when they are first used in a process or one of the seeding functions srand() or mt_srand() is called. This is a great article by Stefan Esser on attacking php PRNG. He explains the attack in such a way that it's easy to understand. ... EnGarde Secure Community 3.0.20 Now Available - LinuxSecurity.com: Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.... New SELinux Userland Project Site - LinuxSecurity.com: Tresys have announced the launch of a new source repository, bugtracker and wiki for the SELinux userland code, which may be found here. The site utilizes trac for project management and git as the source code management system. Developers should use this new repository instead of the old sourceforge site. Have you heard that Tresys has created a page for SELinux userland projects? There is some great information on it if you are interested in SELinux.... Karmetasploit - LinuxSecurity.com: In 2004 Dino Dai Zovi and Shane Macaulay presented All Your Layer Are Belong To Us at Pacsec in Tokyo. This presentation focused on the insecure behavior of wireless clients. Accompanying the presentation was a tool called KARMA (KARMA Attacks Radioed Machines Automatically). This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application. The services side of KARMA was written in Ruby, making it a perfect match for integration with version 3 of the Metasploit Framework. Have you heard about the new security tool called Karmetasploit? It's said to work well for integrating with the Metaspliot Framework.... Mandriva: Subject: [Security Announce] [ MDVSA-2008:178 ] xine-lib - LinuxSecurity.com: Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-0073). ... Mandriva: Subject: [Security Announce] [ MDVSA-2008:177 ] xine-lib - LinuxSecurity.com: Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue.... Mandriva: Subject: [Security Announce] [ MDVSA-2008:176 ] mtr - LinuxSecurity.com: A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option (CVE-2008-2357). The updated packages provide mtr 0.73 which corrects this issue.... Mandriva: Subject: [Security Announce] [ MDVSA-2008:175 ] yelp - LinuxSecurity.com: A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs (CVE-2008-3533). The updated packages have been patched to correct this issue.... Review: Hacking Exposed Linux, Third Edition - LinuxSecurity.com: "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack. ... Security Features of Firefox 3.0 - LinuxSecurity.com: Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security. Read on for more security features of Firefox 3.0. ... IBM Business Transformation - IBM's Business Transformation. Business Week
writes about IBM's focus on business transformation services: "BM, with
its legions of PhDs and closets full of patents, is not built to duke
it out with the likes of Dell. Palmisano's strategy promises a neat
escape. Instead of battling in cutthroat markets, he takes advantage of
all the low-cost technology by packaging it, augmenting it with
sophisticated hardware and software, and selling it to customers in a
slew of what he calls business transformation services. That way IBM
rides atop the commodity wave -- and avoids drowning in it." [E M E R G I C . o r g]... MSNBC: "HERE COME THE VLOGS - MSNBC: "HERE COME THE VLOGS".
MSNBC: Ready for your close-up? Here come the vlogs is a great snapshot of videoblogging by Michael Rogers. He namechecks all our favorites including Rocketboom, Ryanne, Jay, Human Dog, Steve Garfield, and Dylan. He also mentions the tools making it easier to find videoblogs, such as ANT and ... Do The VoIP Math. - Do The VoIP Math.
Russell Shaw does the math and shows how VoIP is cheaper than a cell
phone only.I agree. Which is why I think the wireless companies need to
be in the VoIP business and fast . [VoIP Watch]... Blog, Vlog, Podcast, Mobcas - Blog, Vlog, Podcast, Mobcast. So many new words, so little time.
Blog (web log), Vlog (video web log), Podcasting (including audio in
your RSS (really simple syndication) feed for download into an Apple
iPod or other MP3 player) and Mobcasting (mobile podcasting) an Andy Carvin
acronym which posits the use of smart phones to create podcasts -- are
all relatively new words that represent one extremely big idea --
unfettered plebeian access to the fifth estate.
Until a few years ago, governments (secular or non) had almost
complete control of information. That made (and continues to make)
information a form of currency -- like the military and other stores of
economic value. These "new words" are much more powerful than the
technologies they represent, they speak a new language of information
and, to be sure, currency.
The value you will place on this information is in direct
proportion to the use you have for it. Most people won't care about the
ranti...
Small telecom carriers focus on providing choices. - Small telecom carriers focus on providing choices.
WASHINGTON - As traditional competitive local exchange carriers (CLECs)
retool to keep up with U.S. regulations and battle the huge regional
Bells, a range of new business models are emerging. [InfoWorld: Top News]... Ten To Watch in Mobile Content - Ten To Watch in Mobile Content. This is not a definitive list, just
a list of smart young blood in the mobile content sector. Notice that
except for one, none of them are CEOs (yet), but you’ll hear a lot
from and about them in the next few years (that was the criteria). Just
a way of recognizing the people in the second wave of mobile content
(in no particular order):
» Greg Clayman, Vice President, Wireless Strategy and Operations, MTV Networks
» Rio Caraeff, mobile head at Universal Music
» Thomas Ryan, Senior VP, Mobile Development, EMI Music
» ...
Telesym Podcast: the Future of VoWLAN. - Telesym Podcast: the Future of VoWLAN.
If you're interested in where Voice over IP over WLAN is heading in the
enterprise, listen to this interview with Telesym: I met over in
Bellevue, Wash., today with Telesym, a firm that extends an
enterprise-based phone exchange (PBX) system into laptops, handhelds,
and "scanners": bar-code devices used in retail and logistics by store
and floor personnel. I spoke with Mike Houston, Telesym's director of
Marketing, Ken Myer, senior VP of sales and marketing, and Jennifer
Gehrt, a founding partner at Communiqué Public Relations about
Telesym's position in the market, but more largely about the future of
VoWLAN. (Ken had to leave for a meeting, so I spoke primarily with Mike
in this podcast). You'll hear at the outset of the recording after my
introduction a conversation we had using Telesym technology: I was on a
USB headset connected to a Telesym client running under Mac OS X; Mike
w... CLEC New Business Model - CLECs search for new business models.
WASHINGTON - Recent months have been tough for competitive local
exchange carriers (CLECs), as their allies get gobbled up by
competitors and the government dismantles network-sharing regulations.
But CLECs say they will survive by adopting new business models and
focusing on customer relations. [InfoWorld: Top News]... Podcasting The Night Away. Forbes: - Podcasting The Night Away. Forbes:
"For now, Podcasting is no threat to radio as we know it. But pay
attention to it. It may not always be called Podcasting, and it may not
always be free in the way it is now, but as we've seen with MP3s, these
things sometimes have a funny way of taking on a life of their own." [Adam Curry's Weblog]...
New Free VoIP, Video & P2P IM Client using Open Standards. - New Free VoIP, Video & P2P IM Client using Open Standards. ineen
is new P2P IM software with VoIP and Video that's easy and free to use.
The client was built using Xten's eyeBeam SDK and makes use of SIMPLE
for P2P IM and Presence. VoIP is supported by SIP and the Video media
is H.263[+]. You can use ineen to call over other networks as well,
including: Free World Dialup, SIPphone, & iptel.org.
Xten will be demonstrating ineen at VON next week. [SIPthat.com]... Searching for weather, by web or phone - Searching for weather, by web or phone
As a kid, I would stare for hours at repetitious weather reports on TV.
Boring, you say? Not to me - I love weather. And since I've worked
here, I've wondered why Google doesn't do weather. It seemed like a
perfect 20% project
for me, so now I'm pleased to report that you can get
current conditions and a forecast
by typing [weather Chicago], or whatever your U.S. location is (zipcodes are also fair game). If you prefer, use
Google SMS
to send a text message to the U.S. five digit shortcode 46645 (GOOGL on
most mobile phones) followed by your meteorological query.
Ben Sigelman
Sof... VON 2005 - Spring 2005 VON: In the News Today. Investors Business Daily - March 7th: Internet Telephone Service Buzz Comes Calling At Big Trade Show
Mercury News - March 6th: Phone calls destined to be sent like e-mail, as packets of data (requires subscription)
[The Jeff Pulver Blog]... SODA - SODA. A month
or so ago, I was reading a Gartner handout for a conference, and came
across an acronym they invented- SODA[1]. SODA (Service-Oriented
Development of Applications), as Gartner defines it, consists of the
following areas: []... Yahoo Web Service API - Yahoo Web Service API.
Yahoo joins the growing number of web sites exposing their API as Web
Services. Their API is available from Yahoo Developer Network . []... Copyright © 2008, Chicago Best Price. All Rights Reserved. |