|
Softpanorama |
May the source be with you, but remember the KISS principle ;-)
|
Softpanorama, July-September 1998; v.10. No. 3 (0a2) Compiled by N.Bezroukov
Attention: This section should not be considered as an authoritative source of vulnerabilities. Selection of material is arbitrary and strongly dependent on the author current research interests.
see also
tinyproxy 1.1 is a lightweight HTTP proxy designed to do the job with a minimum of system resource use. It's ideal for small networks where a larger HTTP proxy such as squid might be overkill or a security risk. This simplicity also makes tinyproxy an ideal candidate for customization - it takes very little time to read and understand the tinyproxy source, and thus you can start adding your own desired features on short order.
Version 1.1 offers the following new features over 1.0d: Remote proxy monitoring, load management (tinyproxy can be configured to stop accepting new connections after the load reaches a certain point), and a variety of general source cleanups.
Nessus is a free, open-sourced and easy-to-use security auditing tool for Linux, BSD and some other systems. It is multithreaded and plugin based, and has a nice X11 interface. The current version performs 89 security checks against the remote networks.
The actual changes of this version are listed on the download page.
SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. Features include scanning through a firewall, Updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and improved HTML interface.
Karpski is a project that started with the intention of being a simple network mapper and misuse detector. It has since turned into a decent threaded Ethernet-only sniffer with a X-based Gtk interface. It is fairly configurable in terms of ethernet protocols it can support. Version 0.101 only contains bugfixes. This should hopefully compile on the development gtk+'s and should also compile (better) on more recent Slackware systems.
KSniff is a packet sniffer/analyzer developed for the KDE project which supports plugins written in TCL.
mod_ssl provides strong cryptography for Apache via Netscape's Secure Socket Layer (SSL) through the free SSL implementation library SSLeay from Eric A. Young and Tim Hudson. The mod_ssl package was created by Ralf S. Engelschall. This product includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project.
This is one more maintainance release of the stable 2.0 branch. It mainly fixes RSAref-related build problems (librsaref not found) and session cache related runtime problems (segfault of ssl_gcache process).
A tool to be unveiled next week by Vanguard Security Technologies Ltd. Mailguardian Enterprise screens a message's content, subject headers and attachments for specific words and phrases that a corporation deems unacceptable. It supports standard encryption, digital signature and management algorithms, and a feature called RegisteredM@il that authenticates receipts for the delivery of electronic documents, officials said.
The Vanguard tool is controlled centrally by the Mailguardian Manager, which runs on Windows NT and requires an SMTP-based messaging server. The Mailguardian Agent runs on Windows 95, Windows 98 and Windows NT. A third component, Mailguardian Partner, is free of charge and secures communications between a corporation and its business partners, officials said. Unlike other server-based security applications, Mailguardian is easier to implement and prevents traffic bottlenecks, Vanguard officials said. Prices for Mailguardian, which is due to ship in November, start at $2,495 for 25 users. Vanguard Security, of Haifa, is at www.vguard.com. Software.com, of Lexington, Mass., is at www.software.com.
See Israeli startup to show off e-mail security software at Internet World
Omega Engineering learned firsthand the dangers of the disgruntled employee after a logic bomb wiped out all of its research, development, and production programs in one fell swoop. (The tape backup also was destroyed.) In January, charges were filed against 31-year-old Timothy Lloyd, an Omega programmer, for placing the bomb on the network, which detonated 10 days after his termination.
Omega's costs will likely exceed $10 million as engineers and designers rewrite designs and recode programs in what Jim Ferguson, an Omega representative, says will be "an ongoing process for several years." Omega, headquartered in Stamford, Conn., is a privately held company that manufactures measuring devices for agencies such as NASA and the U.S. Navy.
Source: InfoWorld
Recently Network Associates (of McAfee fame) bought Dr.Solomon in a stock swap deal for an estimated $640 million.
The hidden agenda is that it is difficult to AV vendor to survive now, unless it has a monopoly in a local market. File viruses are now quite rare. Macro viruses became a prevalent type of computer viruses, but they are also in danger, as Office 97 provides some (limited) virus protection and disinfection during conversion of old Word Basic to VBA.
It's a diffecult time for anti-virus vendiors and additional mergers are emminent. Symantec called Network Associates' acquisition of Dr.Solomon a reaction to his company's purchase of IBM's antivirus line (last month, Symantec announced it will buy IBM's line of antivirus products.)
He founded Viaweb and after last week's $49 million takeover of Cambridge's Viaweb by Yahoo! own more than a millon (on paper). Viaweb officials say that the name Viaweb, and its popular Viaweb Store, will disappear.
for addtional details
Bell Labs Bell Labs Researcher Finds Flaw in Widely Used Encryption Standard
Copyright © 1996-2008 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Created: May 16, 1997; Last modified: February 28, 2008