software development, security, opinion
Archive for the ‘security’ Category.
How Secure Is Digital Hospital?. The paperless, wireless, all-digital hospital to be built in Alabama is designed to streamline healthcare and finally bring the medical industry into the technology age. But those nagging security issues raise concerns. By Michelle Delio. [Wired News]
First virus to infect Windows, Linux emerges. A computer virus that can infect PCs running either the ubiquitous Windows operating system or the increasingly popular Linux operating system emerges. [CNET Tech News]
11:02:14 PM [Jake’s Brainpan]
IPTables-tutorial 1.0.1 (Default). A tutorial with example rc.firewall file for use with netfilter. [freshmeat.net]
U.S. Navy:
Secure Windows NT 4.0 Installation and Configuration Guide (paper) [Security Focus]:
The objective of this project is to provide the Navy with clear and concise implementation guidance for the secure installation and configuration of the Windows NT 4.0 Server and Workstation Operating Systems. This guidance is based on the Navy IT-21 standard and is specific to the Naval Tactical Command Support System (NTCSS) and Joint Maritime Command Information System (JMCIS) local area network (LAN) architectures.
This guide covers pre-installation, server and workstation OS installation, and post-installation steps for securing a Windows NT domain. The post-installation portion includes instructions for C2 configuration, auditing, securing the registry, managing the file system, creating system policies and user profiles, controlling user accounts and rights, maintaining system repair data, and installing current service packs and hotfixes.
SANS:
Lion is a new worm, that is very similar to the Ramen worm. However, this worm is much more dangerous and should be taken seriously. It infects Linux machines with the BIND DNS server running. It is known to infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas. The bind vulnerability is the TSIG vulnerability that was reported back on January 29, 2001.
The Lion worm spread via an application called randb. randb scans random class B networks probing TCP port 53. Once it hits a system, it then checks to see if that system is vulnerable. If so it then exploits the system using the exploit called name. It then installs the t0rn rootkit.
Bastille Linux 1.2.0.pre20 (Testing Releases). A comprehensive hardening program for Redhat Linux 6.0. [freshmeat.net]
Not only does the following site help you opt out from various advertisers tracking cookies, but some of the sites (e.g. hitbox)
will give you some idea of what they’re tracking so far.
From debris.com‘
s Opt out of web advertisers’ tracking cookies:
For your anonymous surfing pleasure, here are quick links to opt out of the 3rd-party tracking cookies issued by some of the large banner-ad networks. Some of these links go to an opt-out form, which you must click or submit; others do the opt-out automatically. You may wish to open these in new windows (MacOS users: command-click to do this easily in iCab, IE, Opera, or Navigator).
AdForce, AvenueA, Advertising.com, CoreMetrics (scroll to the bottom), DoubleClick, Engage.com, Enliven, Hitbox, Interadnet, MatchLogic, MediaPlex
24/7 Media claims to have an opt-out tool, but instead links to networkadvertising.org, which is an alliance of online advertisers that does not have your best interests in mind. (They claim that Web advertising is critical to the vitality of the Web! Gad.) Further, networkadvertising.org does not have an opt-out for 24/7 tracking cookies.
Opting out is an imperfect solution to the threats to your privacy — but it’s the best we have. The alternative, disabling cookies entirely, will prevent you from using some websites, e.g. buy.com, E*Trade, AmeriTrade, MicroWarehouse, CDW, Yahoo Mail or most other services that require you to log in. Some other popular sites can be used when you have cookies disabled, but the site’s functionality is limited (e.g. Amazon, Ebay).
Microsoft warns of hijacked certificates. According to Microsoft, someone posing as a Microsoft employee tricked VeriSign, which hands out so-called digital signatures, into issuing the two certificates in the software giant’s name on Jan. 30 and Jan. 31.
(See also News.com.)
[via Tomalak’s Realm]
Shawn Bayern at Yale:
“Secure Single Sign-on: Principles, Goals, and Compromises“.
See also: Yale’s “Central Authentication Service“.
You are currently browsing the archives for the security category.
