In this article you will learn how to set up FreeBSD to use a USB thumbdrive, how to configure and use the Cryptographic File System (CFS), and then for the FreeBSD 5.X users, how to use the brand new Geom Based Disk Encryption system (gbde).
Privacy, Security Archive
Reports on the comp.periphs.printers Usenet newsgroup claim that Lexmark has been planting spyware on its customers' PCs in the form of undocumented software that monitors the use of its printers and silently reports back to a Lexmark-owned company Web site.
Security researchers claimed today that millions of Microsoft customers are at risk from 10 serious security vulnerabilities uncovered in Windows XP patched with Service Pack 2.
Beginning this month, Microsoft will start to publish details about upcoming security updates in a newsletter available to the general public. Previously this information had been available, but only to those who knew about it and would sign a confidentiality agreement, which ended up being a handful of its largest customers.
Microsoft is rejecting claims from security researchers that a spoofing technique discovered on Internet Explorer is a security vulnerability.
In this article we'll discuss the claim made by proponents of open source software that such software is more secure. Is open source really inherently more secure than closed source commercial software? If so, why? And if not, why do so many have that perception? Read Article
SUN Microsystems Java and Microsoft's .NET platforms are no more than programming languages that exploit network potential with the idea that the same software should function on different platforms. Both systems are centered around the principle of running software that doesn't reside on the client machine to provide greater functionality or faster execution, saving connection time and improving public perception of the server to which the client connects. Read Article
Home internet users are suffering from a variety of worms, viruses, and spyware on their machines, and though they are often aware that their computers are acting funny, they often don't have any idea why. Typical home users are not taking the necessary steps to protect themselves from these online threats. These are the findings of a recent study on internet security.
Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products.
Microsoft CEO Steve Ballmer says the task of trying to stay one step ahead of virus writers and hackers will be a never-ending battle.
Microsoft published a patch for a major security flaw in its software's handling of the JPEG graphics format and urged customers to use a new tool to locate the many applications that are vulnerable. Users who have installed SP2 are not vulnerable to the flaw.
Wireless PCs and wireless laptops are being increasingly used in both business and the home. . . Unfortunately, in the enthusiasm with which people have adopted wireless, the question of security has been seriously overlooked.
Managers, mind your patches and VPNs! While none has yet been reported, exploits of the Kerberos vulnerabilities uncovered by MIT researchers could wreak havoc on a network.
The security industry has matured quickly over the past few years with penetration testing becoming one of the norms for organisations adopting best-practice processes. Loosely defined as the process of actively assessing an organisations security measures and completely reliant on consultancy services, security manufacturers have been eager to bridge the gap between product and service and more importantly to reap the benefits of additional profits. Story is here.
This paper discusses the collaboration between security and development in the enterprise software development lifecycle.
While spyware protection on single home machines is quite easy using today's removal tools like AdAware or Spybot Search & Destroy, deploying and managing such tools in corporate networks is still a problem. AdAxis promises to ease both deployment and managability of AdAware in such environments. It provides a facility for pushing reference file updates to corporate network workstations, executing AdAware on workstations remotely without user interaction and monitor the spyware contamination degree of machines.
Much of the attention commanded by computer security issues focuses on threats from external sources. Firewalls and perimeter defense tools are deployed to deny unauthorised entry to the network. Experts look for vulnerabilities and ways to ensure that the perimeter cannot be breached. Administrators monitor network traffic for unusual activities and anomalies, and it is common for users to be warned against suspicious email attachments. Read more.
This paper compiles and distills the known unique classes of attack, which have presented a threat to web sites in the past. Each class of attack will be given a standard name and explained with thorough documentation discussing the key points. The formation of a Web Security Threat Classification will be of exceptional value to application developers, security professionals, software vendors or anyone else with an interest in web security.
This series explores the sort of technologies we could use if we were to build a new platform today. The first 2 parts covered the Hardware and core OS. In this third part we look at security, the file system, file management and throw in a couple of other random ideas for good measure.
This lengthy and highly technical primer provides a gentle yet thorough introduction to elliptical key cryptography (ECC), said to be ideal for resource-constrained systems because it provides more security-per-bit than other types of asymmetric cryptography. The paper is from Certicom, which markets Security Builder toolkits targeting various popular desktop, server, and embedded OSes.