Group items tagged

"With so many articles about Linux security on the internet, you may feel overwhelmed by how to properly secure your Linux systems. With this guide, we walk through different steps, tools, and resources. The main goal is to have you make an educated choice on what security defenses to implement on Linux. For this reason, this article won't show any specific configuration values, as it would implicate a possible best value. Instead, related articles and resources will be available in the text. The goal is to make this guide into a go-to article for when you need to secure your Linux installation. If you like this article, help others and share it on your favorite social media channels. Got feedback? Use the comments at the bottom. This document in work in progress and last updated in September 2016"

"With so many articles about Linux security on the internet, you may feel overwhelmed by how to properly secure your Linux systems. With this guide, we walk through different steps, tools, and resources. The main goal is to have you make an educated choice on what security defenses to implement on Linux. For this reason, this article won't show any specific configuration values, as it would implicate a possible best value. Instead, related articles and resources will be available in the text. The goal is to make this guide into a go-to article for when you need to secure your Linux installation. If you like this article, help others and share it on your favorite social media channels. Got feedback? Use the comments at the bottom. This document in work in progress and last updated in September 2016"

"Computer security researchers who expose hackable vulnerabilities in digital products face plenty of occupational hazards: They can have their work censored by threats of lawsuits from the companies whose products they hack, or they can even be criminally indicted if their white-hat hacking runs afoul of the Computer Fraud and Abuse Act. But one still-mysterious encounter between security researchers and the law points to a newer, equally troubling possibility: They can have their work subpoenaed in a criminal investigation and used as a law enforcement tool."

"Computer security researchers who expose hackable vulnerabilities in digital products face plenty of occupational hazards: They can have their work censored by threats of lawsuits from the companies whose products they hack, or they can even be criminally indicted if their white-hat hacking runs afoul of the Computer Fraud and Abuse Act. But one still-mysterious encounter between security researchers and the law points to a newer, equally troubling possibility: They can have their work subpoenaed in a criminal investigation and used as a law enforcement tool."

"Nov 30, 2015 By Greig Paul in HOW-TOs Security UEFI (Unified Extensible Firmware Interface) is the open, multi-vendor replacement for the aging BIOS standard, which first appeared in IBM computers in 1976. The UEFI standard is extensive, covering the full boot architecture. This article focuses on a single useful but typically overlooked feature of UEFI: secure boot. "

"Nov 30, 2015 By Greig Paul in HOW-TOs Security UEFI (Unified Extensible Firmware Interface) is the open, multi-vendor replacement for the aging BIOS standard, which first appeared in IBM computers in 1976. The UEFI standard is extensive, covering the full boot architecture. This article focuses on a single useful but typically overlooked feature of UEFI: secure boot. "

"At CoreOS Fest, Greg Kroah-Hartman, maintainer of the Linux kernel, declares that almost all bugs can be security issues."

"At CoreOS Fest, Greg Kroah-Hartman, maintainer of the Linux kernel, declares that almost all bugs can be security issues."

"Some advocates present HTTPS as synonymous with "security"-but this is not semantics. by Scott Gilbertson - Jul 11, 2016 12:00 pm UTC"

"Some advocates present HTTPS as synonymous with "security"-but this is not semantics. by Scott Gilbertson - Jul 11, 2016 12:00 pm UTC"

"Having access to the source code is an undeniable benefit in ensuring the security of a piece of software"

"Having access to the source code is an undeniable benefit in ensuring the security of a piece of software"

"Fact does not come from the grand leaps of discovery but rather from the small, careful steps of verification. That is the premise of the Open Source Security Testing Methodology Manual also known as the OSSTMM (pronounced as "awstem") It is a peer-reviewed manual of security testing and analysis which result in verified facts."

"January 07, 2016 The first WordPress update of 2016 is out and like many other incremental updates, it is being triggered by a security vulnerability. The single security issue being patched in WordPress 4.4.1 is a cross site scripting vulnerability that could have potentially enabled a site compromised."

"January 07, 2016 The first WordPress update of 2016 is out and like many other incremental updates, it is being triggered by a security vulnerability. The single security issue being patched in WordPress 4.4.1 is a cross site scripting vulnerability that could have potentially enabled a site compromised."

"File transfer between Linux systems (and perhaps all POSIX systems in general) is in some ways a neglected subject. The arcane protocols in common use are far from secure, and the SSH replacements offer too much power and complexity. Servers holding highly sensitive data... "

"File transfer between Linux systems (and perhaps all POSIX systems in general) is in some ways a neglected subject. The arcane protocols in common use are far from secure, and the SSH replacements offer too much power and complexity. Servers holding highly sensitive data... "

"oo often, the policies and practices of law enforcement and intelligence agencies can be disastrous for security."

"This BIOS replacement, UEFI, caused some serious problems with "alternative" platforms. For some time, it was thought UEFI would render Linux uninstallable on any system certified for Windows 8 and up. Eventually Microsoft saw fit to require vendors to include a switch that allowed users to disable UEFI, so that their favorite Linux distribution could be installed. And then some Linux distributions set out to fully support Secure Boot (Red Hat, Ubuntu, SUSE, to name a few). "

"This BIOS replacement, UEFI, caused some serious problems with "alternative" platforms. For some time, it was thought UEFI would render Linux uninstallable on any system certified for Windows 8 and up. Eventually Microsoft saw fit to require vendors to include a switch that allowed users to disable UEFI, so that their favorite Linux distribution could be installed. And then some Linux distributions set out to fully support Secure Boot (Red Hat, Ubuntu, SUSE, to name a few). "

[... It has been sixteen months since I retired - or thought I was retiring - from my monthly column. A lot has happened since. First, my company was purchased by Seagate, and I am now part of the Seagate Government Solutions organization. That, of course, now changes what I write about in this column a bit as I am now a vendor, but I am still going to deal with the big issues facing storage and data movement. I will do my best to continue to not mention vendors unless I am referencing things that are in the news. Secondly, this will not be a monthly column - I'll likely post something every few months. And lastly, I want to thank those who have written in and asked me to keep writing. Thank you! The topic this month is going to be rootkits, which are nasty security issues that I think we all need to start thinking about, as well as what to do about them. ...]

" Black Market Threat Intelligence Havocscope provides security threat intelligence and business risk assessments of the global black market.The pages listed below provides key security threat data. Market Risk RankingCountry Risk Ranking Prices From the Black MarketProfits from Illegal Business Reported DataMarket Value Intelligence and information is categorized through the following sections. Each section provides the latest risk assessments and threat intelligence of criminal black markets. Business RiskEnvironmental Threats Substance Abuse"

"School scores lowest among 485 colleges and universities in SecurityScorecard scan. by Sean Gallagher (US) - Sep 12, 2015 1:35pm CEST"

"Just as defenders find their feet, lawmakers move to outlaw security research entirely. by Sebastian Anthony - Oct 5, 2015 10:15am CEST"

"Jan 14, 2016 By Greg Bledsoe in HOW-TOs Security Servers SysAdmin Server hardening. The very words conjure up images of tempering soft steel into an unbreakable blade, or taking soft clay and firing it in a kiln, producing a hardened vessel that will last many years. Indeed, server hardening is very much like that"

"Jan 14, 2016 By Greg Bledsoe in HOW-TOs Security Servers SysAdmin Server hardening. The very words conjure up images of tempering soft steel into an unbreakable blade, or taking soft clay and firing it in a kiln, producing a hardened vessel that will last many years. Indeed, server hardening is very much like that"

"New York State wants to ban secure phones like the iPhone (and the latest Androids) to make snooping easier. But punishing Apple for good security isn't just unfair, it endangers us all."

"Robin "Roblimo" Miller The transparency of open software means that security vulnerabilities are visible and can't be quietly swept under the rug."

"Robin "Roblimo" Miller The transparency of open software means that security vulnerabilities are visible and can't be quietly swept under the rug."

"IoT is about to explode, perhaps literally, if privacy and security issues aren't fixed. by Sean Gallagher (US) - Oct 30, 2015 9:50am CET"

"IoT is about to explode, perhaps literally, if privacy and security issues aren't fixed. by Sean Gallagher (US) - Oct 30, 2015 9:50am CET"

"hacked FREE Become An Insider Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld, IT World and Network World Learn more. Other Insider Recommendations Java 101 primer: Composition and inheritance 6 simple tricks for protecting your passwords Free course: "JavaScript: The Good Parts" Free Course: The Dark Side of Technology Careers Website defacements? Database dumps? Mysterious files? Here's how to tell if your Web application has been hacked -- and how to secure it once and for all"

"hacked FREE Become An Insider Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld, IT World and Network World Learn more. Other Insider Recommendations Java 101 primer: Composition and inheritance 6 simple tricks for protecting your passwords Free course: "JavaScript: The Good Parts" Free Course: The Dark Side of Technology Careers Website defacements? Database dumps? Mysterious files? Here's how to tell if your Web application has been hacked -- and how to secure it once and for all"