Source: Raiden's Realm - Posted by Eckie Silapaswang
One of the most prized rights of any American is the right to privacy and security. It's something people in some countries would kill for. Yet now there appears to be a very frightening trend growing. Your privacy and security are being thrown out the window wholesale in favor of easier access by law enforcement. A recent example of this can be seen with the announcement that Microsoft has been providing a tool to investigators that can effectively rip your Windows security to shreds in seconds, exposing all your private data to whoever wants to look at it.
A key point brought up in this article is the fact that prevention of crimes should hold higher priority over that of solving crimes. It seems that breaking security for the sake of forensics would not only make crimes easier to "solve", but also easier to commit. How do you feel about this approach to improving forensics?
Source: Linux Security.com Editors - Posted by Ryan W. Maple
This week security advisories were issued for CUPS, Emacs, KDE, LTSP, OpenOffice.org, b2evolution, blender, cacti, cpio, gpdf, kazehakase, kdelibs, kernel, mozilla-thunderbird, openssh, php, roundup, wordpress, and multiple X11 terminals. The distributors included Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.
In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages.
Building security into your web applications is an important skill to have. Have you thought about adding cryptography to your php programs? If so this article looks at ways of doing so.
Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.
Anyone who has installed the Vietnamese language pack for Firefox could be in danger of having malicious code in their system. Be sure to uninstall this add-on pack if you have recently installed it - unless you enjoy banner ads and opening up your system for future exploits.
Source: Infosecwriters.com - Posted by Eckie Silapaswang
Computer forensics is the application of computer investigation and analysis techniques to determine potential legal evidence. Since computers are vulnerable to attack by some criminals, computer forensics is very important. Understanding computer forensic procedures will help to capture vital information which can be used to prosecute an intruder that compromises a computer or network. Also, deciding on the specific tools for computers or other equipment that is needed to correctly analyze evidence is crucial. These tools are very useful but bigger companies that handle more equipment and information might benefit from something that can combine all these tools into one application.
This article provides a .pdf file delving into the inner workings of computer forensics. Give it a read and see if you can solve a crime today (or maybe later)!
SH’s (secure shell) most common authentication mode is called “interactive keyboard password authentication”, so called both because it is typically done via keyboard, and because openssh takes active measures to make sure that the password is, indeed, typed interactively by the keyboard. Sometimes, however, it is necessary to fool ssh into accepting an interactive password non-interactively. This is where sshpass comes in.
This article looks some of the security concerns with using sshpass. Do you use sshpass? If so do you think about the security issues with it.
Ensuring that users are safe, secure, and protected while they browse the Web is one of the greatest challenges facing browser makers. Browser security involves a delicate balance between protecting the user from the dangers that exist on the Web and overly restricting the user’s freedom to go where she wants and see what she wants while surfing.
One of my favorite new Firefox 3 security features is the Site Identification button. This button replaces and builds upon the ubiquitous “padlock” icon that has for so long been the primary security indicator used in browsers. Firefox 2, for example, indicates that the connection to a site is encrypted by changing the background color of the location bar and displaying a padlock icon.
This article brings up interesting points about the 'padlock' icon, its true meaning, as well as the enhanced features of Firefox 3 which can show more in-depth detail about a particular site. Not only that, but it presents the information in a clearer, more concise manner - just the way we like it!
