Operating Systems
Protecting Linux Against DoS/DDoS Attacks
June 27, 2011 Added by:Jamie Adams
When I first heard ridiculous-sounding terms like smurf attack, fraggle attack, Tribal Flood Network (TFN), Trinoo, TFN2K, and stacheldraht, I didn't take them too seriously for a couple of reasons — I worked mainly on non-Internet facing systems, and I was never a victim...
Comments (0)
Ban Windows from Embedded Medical Devices
June 24, 2011 Added by:Danny Lieberman
The combination of large numbers of software vulnerabilities, user lock in created by integrating applications with Windows, complexity of Microsoft products and their code and Microsoft predatory trade practices are diametrically different than Linux and the FOSS movement...
Comments (0)
A Review of the New Backtrack 5 Operating System
June 02, 2011 Added by:Lee Munson
If you are a computer security consultant, there is no better tool to use than Backtrack. If you own a company that has to store important data, then it is vital for you to have a tool like this so your security people can test your network with the same tools the bad guys are using...
Comments (0)
MITM Attack Exploits Windows IPv6 Protocols
April 06, 2011 Added by:Headlines
“All these Windows boxes will default connect to the evil router instead of the legitimate router when this parasitic overlay is running. If Microsoft didn't have that configuration by default, it would negate a lot of the effects of the attack..."
Comments (0)
PS3 Running Linux Serves Up LOIC in Sony DDoS Attack
April 06, 2011 Added by:Headlines
There is more than a touch of irony to the notion that a "jailbroken" PlaySation3 running an unsanctioned Linux operating system, the very impetus for the legal action brought by Sony against Hotz and Egorenkov, would be employed in a DDoS attack against Sony domains...
Comments (1)
Defeating Protections on Popular Gaming Consoles
March 30, 2011 Added by:Bozidar Spirovski
Manufacturers lock their consoles through a firmware protection mechanism that allows only signed code to run, and a lot of people attempt to bypass these protections to run custom code. Bypassing is illegal, but we are going to discuss some methods for different consoles...
Comments (0)
Pwn2Own Winner Charlie Miller Discusses OS Security
March 13, 2011 Added by:Anthony M. Freed
"Apple doesn't have a perceived security problem by customers and so they haven't had a need to invest heavily in it. I've done what I can to try to educate people that Apple products aren't magical and can have security problems like every other product..."
Comments (0)
Hewlett Packard to Switch to WebOS on Future PC’s
March 11, 2011 Added by:Dan Dieterle
It looks like Microsoft may be forced into making a decision. To change and adapt to the times, or continue with business as usual and end up becoming obsolete. But hey, they still have the XBox right?
Comments (1)
U.S. Gov Configuration Baseline for Red Hat Enterprise Linux
March 01, 2011 Added by:Jamie Adams
On February 28 the U.S. Government Configuration Baseline (USGCB) for Red Hat Enterprise Linux 5 was released. The long awaited Security Content Automation Protocol (SCAP) content is the next phase in supplanting the legacy Bourne shell scripts known as the System Readiness Review (SRR) scripts...
Comments (0)
Using Ninja to Monitor And Kill Rogue Privilege Escalation
February 22, 2011 Added by:Rod MacPherson
Once a hacker (if they have malicious intent we'll call them crackers) has found a way onto a system s/he then usually needs to jump to the Administrator or system or root account. Ninja is a program for Linux (and presumably most Unix like OSes) that monitors for such privilege escalation...
Comments (4)
The “Magic” Vulnerability – Revised
February 16, 2011 Added by:PCI Guru
You have options to avoid a failing vulnerability scan because of an unsupported OS. The best method, and the one I most recommend, is do not use unsupported operating systems in the first place. However, as a former CIO, I do understand the real world and the issues IT departments face...
Comments (1)
DISA UNIX STIG for Red Hat Enterprise Linux 5 and 6
February 10, 2011 Added by:Jamie Adams
Organizations which use Red Hat Enterprise Linux 5 and must adhere to the DISA UNIX STIG have been stuck with documentation and assessment tools which only support up to Red Hat Enterprise Linux 4. This frustrates system administrators because they must deal with false positives From SRR scripts...
Comments (2)
What is an "Undecillion"?
February 03, 2011 Added by:Ron Baklarz
The protocol allows for 340 undecillion addresses, which is 340 trillion groups of one trillion networks each that can handle a trillion devices. If the IPv4 pool of 4.3 billion addresses were the size of a golf ball, the new 340 undecillion IPv6 addresses would be about the size of the sun...
Comments (2)
Why Microsoft Shops Have to Worry About Security
January 26, 2011 Added by:Danny Lieberman
If you are a real hacker, look for companies with security administrators who are certified for Microsoft ISA server and you will have nothing to worry about. But if your target security administrators are facile with Wireshark, Ratproxy and Fiddler and Metasploit, then you should be really worried...
Comments (12)
The Case for an Open Source Physical Security Software
January 18, 2011 Added by:Guy Huntington
The open source formula usually delivers free software with a low yearly license. Use of this software should lower enterprises overall physical security budget over time as opposed to paying proprietary vendors large purchase amounts and annual license fees...
Comments (0)
Tips for Deploying Secure Shell in Linux and UNIX
January 10, 2011 Added by:Jamie Adams
Secure Shell is the best method for remote access due to its flexibility and security. It makes it attractive for system administrators as well as system developers and architects. The ability to easily execute commands on remote systems and retrieve files over “secure” channels is seductive...
Comments (14)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox