Welcome!


In an era where everybody is connected to a potentially harmful Internet with an increasing number of complex and distributed applications, controlling what the computers do has become significantly harder. At the core, simple actions (executing software, e-commerce, etc.) rely on trus...
Speedy disk backups are gaining in popularity as networking demands increase, but the traditional tape data protection won't disappear overnight. Maybe it's time to think about the best of both worlds.
Users of the popular Mplayer media device are being urged to upgrade to the latest version, due to a bug.
It's no secret to technical developers that security issues need to be taken into consideration when developing policies. However, the extent of those security issues can easily be overlooked by many organizations.
Does the open source community provide world-class security technology? Can organizations stop dealing with commercial vendors for security software? To avoid any undue suspense, the answers are: 'Emphatically yes' and 'Maybe, but you probably need to make an investment of some kind.'
Seemingly everyone has insight into the open source versus closed source security debate. Each side provides plausible arguments for the benefits of their own model and points out drawbacks of the other. The proponents of open source argue that the source code is open and available for...
As the state of the art in operating systems (OS) continues to advance, an unnerving trend has emerged: vulnerabilities in tightly integrated operating systems. How do you address this? With an effective combination of educated staff, proper procedures, and technology.
As a decision maker in your IT organization, you're aware that your Linux systems share is growing (if your enterprise follows today's business trend). Linux installations are now available on every major hardware platform. New projects in development include Linux systems in an increa...
Symantec's CTO talks about comprehensive security and how today's IT organizations must address it.
This article presents a Linux kernel module capable of verifying digital signatures of ELF binaries before running them. This kernel module is available under the GPL license and has been successfully tested for kernel 2.5.66 and above
Enterprises worried about cybersecurity should pay more attention to their own employees than to the as-of-yet unrealized threat of cyberterrorism, two cybersecurity experts warned a group of IT professionals. (800 words)
As with its last software update, the Apache Software Foundation said that 2.0.46 was the 'best version of Apache available' and recommended that users of prior Apache versions upgrade.
Our Hero uncovers Microsoft's ingenious, covert marketing efforts to promote Linux and open source via its own products' security vulnerabilities. This column is intended for mature audiences with a keen eye for sarcasm. (1,600 words)
The list is misleading in that many readers and editors would have seen this as an FBI certification of the relative equality of security problems between systems running Microsoft Windows and those running Unix.
PureSecure is much more polished, more complete, and more fully featured than its free software counterpart ACID. It's not free for commercial use, however. (1,200 words)
All it takes is time and free software to set up a powerful intrusion detection system for your Unix system. Follow along as Joe Barr installs ACID on his system and discovers a big security hole. (1,450 words)
All vendors have made mistakes at some time, and no vendor seems to be any better or worse than the other. Fortunately, these mistakes do not appear to be malicious -- just the result of a game of Chinese Whispers. (1,200 words)
If you want to do two-way synchronization with rsync, you'll need to run it twice. unison does two-way synchronization by default and well, thank you. How to make unison work for you.
Our hero ponders Windows XP's fast user switching, which leads him to Microsoft's approach to adding features to its operating systems, which leads him to the beautiful simplicity of the Unix philosophy of each tool doing one thing well, which leads him to rsync. Read on, it all makes ...
From denial, to diagnosis, to rebuilding and hardening the system, Joe walks us through the life cycle of a hack. (1,700 words)
This week Joe Barr presents the first of two columns about stealth scans, and NMAP, a port scanner used by attackers and system administrators alike. (1,400 words)
Bob Toxen, the author of Real World Linux Security: Intrusion Prevention, Detection, and Recovery, boasts an impressive résumé as a writer, developer, creator, and software architect. Cameron Laird conducted a lively discussion with Toxen on security, Linux hacking, open source develop...