Security Projects
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Rep. Stephen Horn, R-Calif., who made a name for himself by grading government agencies on their Y2K computer readiness in the months leading up to last year's millennial date rollover, is at it again, gearing up to release a report card . . .
A new site devoted to shutting down the FBI's Carnivore email surveillance system has launched, "Stop Carnivore", http://www.stopcarnivore.org. The site explains what Carnivore is, why it is wrong, what you can do, and how it hurts the Internet. Below is a quick summary on the major issues the site deals with. . . .
A lack of funding is threatening a public-private initiative aimed at preventing cyberattacks similar to the denial-of-service attacks against Yahoo, eBay and others in February.
Linux developers have begun an ambitious project to identify security problems with the open source operating system before they trouble end users. The Linux Kernel Auditing Project is an attempt to audit the Linux kernel for any security holes. The project . . .
The Information Security Education Research Center (ISC) of the Korean Advanced Institute of Science and Technology (KAIST) said Sunday that no hackers among the 3,664 teams worldwide managed to conquer its third level server and win in the First World Information . . .
Schools and libraries that receive federal funds to help pay for their Internet access would be required to add filtering software to their systems under an amendment to an appropriations bill approved by the U.S. Senate. The Senate voted 95-3 Tuesday . . .
Exhibitionism at its worst. "Other interpretations exist. The hacking underground, for example, sees this sort of thing as part reconnaissance, and part publicity stunt, and one in which no truly elite cracker would participate for fear of having their best . . .
Soon after rebuilding the system I started talking to someone on IRC that identified themselves as the person that had cracked our system. He was connecting from the same places that the cracker had been coming from and seemed to know . . .
Federal agencies will have to demonstrate a ``compelling need'' to gather the data, publicly disclose how any collected personal information would be safeguarded and get the authorization of the agency head. For example, using a cookie on a State Department Web . . .
This report examines whether P3P is an effective solution to growing public concerns about online privacy. The report surveys earlier experience with "cookie" technology and notes similarities. The report finds that . . .
"The Midwest's largest computer security convention opens today in St. Paul's RiverCentre. RootFest organizers estimate that as many as 1000 people may attend RootFest this year. It is hoped that the con will be broadcast in both audio and video in . . .
Brian Paxton writes, "It's an attempt to audit the linux kernel for any security vulnerabilities and/or holes and/or possible vulnerabilities and/or possible holes, and of course without adding more bugs or drawbacks to the existing kernels. The suggested kernels to be audited are 2.0.x kernel series , 2.2.x kernel series, and the 2.3.x/2.4.x kernel series. The group and it's work shall be dealt and worked with via a mailing list."
Solar's kernel security enhancement patch is now available for the recently-released 2.2.16 Linux kernel. "This patch is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the . . .
This article presents a walkthrough of Bastille Linux, a popular hardening program for Red Hat and Mandrake, available for free from Jon Lasser, Pete Watkins, myself, and the rest of the Bastille Linux project. This walkthrough won't be the kind . . .
Here is an interview with the authors of Libsafe..."Arash Baratloo and Navjot Singh two of the primary developers for Libsafe, a free software library that protects against security exploits based on buffer overflow vulnerabilities. They work as members of . . .
The CIO Council is asking every federal chief information officer to find and fix the lapses that made a top 10 list of critical Internet security threats. The list, released Thursday, includes problems that have solutions, but the solutions have . . .
The System and Network Security group is is meeting with several key players in the information security arena on Friday to discuss and outline the 10 top security threats. "Tomorrow (June 1) the FBI, Justice Department, GSA, the CIAO . . .
Open source code is not infallible. It is prone to some of the glitches that plague its commercial counterpart. Yet, at the same time, it contains a number of safeguards and checks against any one person's mistake being carried too . . .
The W3C is working on creating a consistent means to find information on a site's security policy. "With a key proof-of-concept event looming in June, the leaders of a World Wide Web Consortium working group on Tuesday outlined changes . . .
Upside has a great article on the security merits of OpenBSD, the operating system developed with security as a specific focus. "... when it comes to OpenBSD, the open-source operating system that for the last three years has built . . .