Many, many innovations come from the Linux and Unix world. Few are more intriguing to me than port knocking. Port knocking works on the concept that users wishing to attach to a network service must initiate a predetermined sequence of port connections or send a unique string of bytes before the remote client can connect to the eventual service.
Here's a list of the 10 best security Live CD Distros. It's a nice compilation with brief descriptions of tools and such with handy download links.
Hackers are actively seeking out unpatched versions of the Mambo content management system, which recently repaired a serious security hole. Sites running on Mambo should upgrade to the latest version as soon as possible.
This week, Coverity announced the initial results of its code scans, churning out numbers for 32 open source projects. Somewhat tellingly, the average defect density of just the LAMP (Linux, Apache, MySQL, and Perl/PHP) stack was .290. These numbers are all well and good, but what are open source developers supposed to do with them now?
A test has revealed that a Linux server is far less likely to be compromised than a Windows one. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.
The Globus Consortium Journal (http://www.globusconsortium.org/journal) this month features Grid security perspectives from a range of experts from both the open source and vendor community. Highlights include:
As a result of articles referring to the threat of Worms and Viruses attacking Linux systems, many new Linux users are in a panic. To help them out and calm any panic stricken nerves, I've completed a brief, encouraging and straightup list for protecting your Linux home system.
Recently, I started looking more closely at some of the security add-ons for Linux and was surprised to find so many kernel-related projects out there. Now that I have been enlightened, I will share some of what I've learned. In this article, I'll give an overview of what's out there.
An exploit that takes advantage of a recently-patched bug in Mozilla Corp.'s Firefox browser has gone public.