Security DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement




Security DevCenter Articles

101 to 150 of 211 Prev Next

New Version of Apache by Noel Davis
Noel Davis looks at a new release of Apache; buffer overflows in VNC, Icecast, Progress, and Solaris' Xsun; and problems in LogWatch, talkd, popper_mod, EMU Webmail, wwwisis 3.x, and OpenLinux's KDE. 04/08/2002

Log File Tool Vulnerabilities by Noel Davis
In this week's Security Alerts, Noel Davis reports on problems with two popular log file analysis tools, analog and LogWatch, as well as security holes in Java Web Start, libsafe, phpBB2, and Posadis. 04/01/2002

Java Runtime Environment Vulnerability by Noel Davis
Noel Davis looks at a local root vulnerability in Webmin; a bug in BSD-based TCP/IP stacks; a vulnerability in the Java Runtime Environment; buffer overflows in listar, Imlib, and Open Unix and UnixWare 7's rpc.cmsd; and problems in Netscape, QPopper, PHP's move_uploaded_file() function, Penguin Traceroute, PHP Net Toolpack, and Mandrake's kdm. 03/25/2002

zlib Compression Library Bug by Noel Davis
In this week's Security Alerts, Noel Davis reports on a bug in the zlib compression library; buffer overflows in efingerd and many RADIUS servers; and problems in CVS, rsync, PureTLS, xtux, SMS Server Tools, and GNU fileutils. 03/18/2002

.NET Framework Essentials, 2nd Ed.: Web Services, Part 4 by Hoang Lam, Thuan L. Thai
This fourth and final excerpt from O'Reilly's .NET Framework Essentials, covers Web services and security from the perspective of both system-level and application-level security. 03/18/2002

Buffer Overflows in OpenSSH and mod_frontpage by Noel Davis
In this week's Security Alerts, Noel Davis reports on buffer overflows in OpenSSH and mod_frontpage, a fix for Zope, and more. 03/11/2002

Buffer Overflows in PHP Forms and mod_ssl by Noel Davis
In this week's Security Alerts, Noel Davis reports buffer overflow problems in PHP forms and mod_ssl, as well as security holes in Oracle 8 and 9 systems, User Mode Linux, and the webtop application of Caldera's Open UNIX and UnixWare systems. 03/04/2002

Emerging Technology Briefs: Identity by Rael Dornfest
A brief look at the state of the emerging identity, membership, and preferences fabric for the Internet. 02/27/2002

Insecure Web Proxy Servers by Noel Davis
Some Web proxy servers appear to be vulnerable to attack. Abuses include bypassing firewall restrictions and sending spam email. In this week's Security Alerts, Noel Davis covers this topic plus a handful of other important issues. 02/25/2002

Flaws in LIDS, CUPS, and Sawmill by Noel Davis
In this week's Security Alerts, Noel Davis finds flaws in LIDS, CUPS, and Sawmill. 02/19/2002

Buffer Overflows Abound by Noel Davis
This week Noel Davis looks at buffer overflows in mutt, groff, OpenServer's lpstat, and mIRC; and problems in Plesk, OpenLDAP, mrtgconfig, dnrd, Perdition, DeleGate, BSCW, Oracle9iAS Web Cache, and FreeBSD's AIO. 02/11/2002

AIM Filter's Back Door and gzip's Buffer Overflow by Noel Davis
In this week's Security Alerts, Noel Davis sees a buffer problem in gzip, a vulnerability in OpenBSD's lpd, and problems in the AIM Filter that was to protect users from buffer overflow attacks. 02/04/2002

Buffer Overflows in RealPlayer and GNU Chess by Noel Davis
In this week's Security Alerts, Noel Davis reports on buffer overflows in Real Player and GNU Chess, a vulnerability in PHP-Nuke, and a security bug in rsync. 01/28/2002

Problems with sudo, at, and efax by Noel Davis
In this week's Security Alerts, Noel Davis details problems with sudo, the at command, the efax program, and other open source apps and commands. 01/22/2002

ProFTPD's DoS Problem and Slash's Weak Link by Noel Davis
In this week's Security Alerts, Noel Davis reports on a denial-of-service attack for ProFTPD, vulnerabilities in Slash code, and other problems. 01/14/2002

Problems with Pine and Stunnel by Noel Davis
In this week's Security Alerts, Noel Davis reports on a vulnerability in Pine's URL viewer that grants the user's permission to an attacker. 01/07/2002

Snort 'n Dragon by Richard Forno and Kenneth R. van Wyk
Snort and Dragon are two intrusion-detection programs that allow you to detect hackers trying to break into your system. This is the third in a series of excerpts from Chapter 7 of Incident Response. 12/20/2001

Vulnerability in login by Noel Davis
In this week's Security Alerts, Noel Davis reports on a vulnerability that lets remote attackers access root through login, a problem in JRun Java app server software that exposes souce code of JavaServer pages, and a glitch in the script utility that lets users overwrite arbitrary files. 12/17/2001

New Vulnerability in OpenSSH by Noel Davis
A new vulnerability in OpenSSH can be exploited by a local attacker to execute arbitrary code with the permissions of the root user. Noel Davis also covers problems in OpenBSD, wmtv, Auto Nice Daemon, NetDynamics, Xitami Web server, libgtop_daemon, xtel, Lotus Domino, OpenServer's setcontext and sysi86, SuSE's Postfix installation, and fml. 12/10/2001

Buffer Overflow in WU FTP daemon by Noel Davis
In this week's Security Alerts, Noel Davis reports on a buffer overflow in a popular FTP daemon, as well as problems with procmail, Hypermail, and Red Hat and BSDI's UUCP applications. 12/03/2001

A New Version of OpenSSH by Noel Davis
A new release of OpenSSH fixes a variety of bugs, including a security vulnerability, while Red Hat's Stronghold has a vulnerability that can be used to disclose sensitive system files. Details on these and more in this week's Security Alerts. 11/26/2001

SSH on Mac OS X for Worry-Free Wireless by Derrick Story and Rob Flickenger
FTP over a public wireless network? Don't even think about it. Here's how to set up secure transmission of your private data and webcam images on open networks using SSH and Mac OS X. 11/21/2001

SSH Buffer Overflow by Noel Davis
The big news this week is that the SSH Communications Security recommends that users stop using the SSH1 protocol and replace it with SSH2. Users of OpenSSH should upgrade to version 2.3.0 as soon as possible. Learn more about the SSH buffer overflow problem, plus other alerts, in this column. 11/19/2001

Ethereal and NMap by Richard Forno and Kenneth R. van Wyk
This is the first in a series of excerpts from Chapter 7 of Incident Response, covering the nmap port scanner and the Ethereal network scanner. 11/15/2001

Network Scanning by Chris Coleman
Hackers have utilities that allow them to scan a server and discover which ports have daemons listening on them. Chris Coleman reviews tools and other rescources to help you prevent these hackers from gaining control of your computer. 11/15/2001

A DoS Attack via Tux by Noel Davis
In this week's Security Alerts, Noel Davis highlights a DoS attack on Tux, the Web server in the Linux kernel, and other vulnerabilities in open source software, Novell, Cisco, and Mac OS 10.1. 11/13/2001

NoCatAuth: Authentication for Wireless Networks by Rob Flickenger
Even an open community wireless network needs to keep track of who's using it, to prevent abuse. NoCat uses a system that authenticates users and grants priveleges based on user class. 11/09/2001

Time and Tide Wait for No Protocol by Richard E. Silverman
An analysis of the SSH Keystroke Timing Attack, by Richard Silverman, author of SSH, The Secure Shell: The Definitive Guide. 11/08/2001

Linux syncookies Vulnerability and an scp/sftp bug by Noel Davis
In this week's Security Alerts, Noel Davis reports on a vulnerability in the cookie used by netfilter, a weakness that allows an attacker to access the Web admin template in Lotus Domino, and a bug in some versions of scp and sftp. 11/05/2001

Linux Buffer Overflows and an old SSH Daemon by Noel Davis
In this week's Security Alerts, Noel Davis reports on a bug in the Linux kernel that can allow files that exceed a user's quota limits; an old daemon hanging around in SSH 2; and vulnerabilities in Red Hat's printing system. 10/29/2001

A Root Exploit and DoS in the Linux Kernel by Noel Davis
In this week's Security Alerts, Noel Davis looks at a root exploit and a denial-of-service attack in the Linux kernel; buffer overflows in Snes9x and Oracle 9i Web Cache; and problems in PAM's login, Squid, Apache, Mac OS X, W3Mail, sdiff, and looking-glasses. 10/22/2001

Firing up Firewalls by Chris Coleman
A firewall is an important weapon in your defense against hackers. Chris Coleman helps you get started with all the tools needed to install a firewall. 10/19/2001

A Sysadmin's Security Basics by Mike DeGraw-Bertsch
A checklist of network security items includes user passwords, email client settings, firewalls, a DMZ, SSH and a list of tools to check your network. 10/18/2001

Vulnerabilities in Lotus Domino, Zope, and Cisco Secure PIX Firewall by Noel Davis
In this week's Security Alerts, Noel Davis reports on vulnerabilities in Zope, Mandrake and Caldera uucp packages, PHP Nuke, Lotus Domino, and more. 10/15/2001

Vulnerabilities in sendmail, speechd, and OpenServer vi by Noel Davis
In this week's Security Alerts, Noel Davis reports problems in sendmail, Solaris Yellow Pages, CDE ToolTalk, speechd, FreeBSD login, OpenServer vi, Hushmail's Web-based email server, and FreeBSD's OpenSSH. 10/08/2001

PAM Modules by Jennifer Vesperman
While most Pluggable Authentication Modules are designed for authentication, programmers have written ones to handle a host of other issues. Jennifer Vesperman introduces to some of the more useful modules available. 10/05/2001

OpenSSH Problems by Noel Davis
In this week's Security Alerts, Noel Davis reports that sftp is the weakest link in OpenSSH. Find out what to do about it and problems with Websphere, Red Hat setserial, and Apache running on OS X. 10/01/2001

Introduction to PAM by Jennifer Vesperman
Pluggable Authentication Modules provide a solution to the difficulties of user authentication. Jennifer Vesperman introduces PAM and helps you get started. 09/27/2001

Buffer Overflows in uidadmin by Noel Davis
In Security Alerts for Sept. 24, 2001, Noel Davis warns about buffer overflows in Open Unix and UnixWare's uidadmin, an exploit in glFTPD, a vulnerability in the Web-based email system Basilix, and more. 09/24/2001

Accessing Secure Mail from Palm Devices with Eudora 2.1 by Derrick Story
If your Palm OS device has been denied email access to a secure server, Eudora has good news -- its SSL-enabled email client and web browser. And the best part ... it's a free download. 09/21/2001

Protect Your Network from the Nimda Worm by Noel Davis
The Nimda worm, first reported on Sept. 18, 2001, exploits a range of vulnerabilities in Microsoft servers, email clients, and web browsers to attack and infect server and client machines. In this special Security Alert, Noel Davis details the worm's methods of attack, shows how to tell if your network has been infected, and how to patch the problems. 09/21/2001

Linux Virus Reported by Noel Davis
In this week's Security Alerts, Noel Davis warns about a Remote Shell Trojan Linux-based virus, buffer overflows in fetchmail, and problems in the BSD Line Printer Daemon. 09/18/2001

Buffer Overflow in OpenServer's Mana by Noel Davis
This week Noel Davis warns about a buffer overflow in OpenServer's mana; symbolic link race conditions in Solaris' patchadd and the Netscape 6.01a installation scripts; and problems in ProFTPd, Conectiva Linux's tcltk, NetBSD's dump, mailman, mod_auth_mysql, Directory Manager, Taylor UUCP, screen, PHProjekt, and Red Hat's lpd. 09/10/2001

Buffer overflows in OpenUnix 8 utilities and the Solaris printer daemon by Noel Davis
In this week's Security Alerts, Noel Davis looks at buffer overflows in OpenUnix 8 utilities, vulnerabilities in the Macromedia ColdFusion server and other weak links in your system. 09/04/2001

Serious Problem with sendmail by Noel Davis
In this week's Security Alerts, Noel Davis looks at a serious problem with sendmail; buffer overflows in HP-UX ftpd, UnixWare su, and AOLserver; and much more. 08/27/2001

Quake 3 Arena Buffer Overflow by Noel Davis
In this week's Security Alerts, Noel Davis warns of a remote root compromise in the back-up and recovery tool Arkeia, an attack against Web browsers that can send data to arbitrary TCP ports, and a buffer overflow in Quake 3 Arena. 08/20/2001

More Telnet Daemon Vulnerabilities by Noel Davis
Noel Davis shows us buffer overflows in Linux telnet daemons, IBM AIX telnet daemons, the Kerberos 5 telnet daemon, Window Maker, and Solaris' xlock; temporary-file race conditions in AllCommerce and rcs2log; and vulnerabilities in ZyXEL Prestige 642R and 642R-I ADSL routers, groff, OpenLDAP, fetchmail, UnixWare Package Tools, docview, and ColdFusion Server 5. 08/13/2001

Security Alerts: Linux IP Masquerading by Noel Davis
Noel Davis shows us buffer overflows in xloadimage, ucd-snmp, Oracle dbsnmp, and xmcd's cda; and vulnerabilities in phpMyAdmin, wvdial, Slackware's man, Linux IP masquerading, and Slackware's locate. 08/06/2001

IPFilter on OpenBSD by Mike DeGraw-Bertsch
IPFilter is a firewall widely used by BSD and Solaris. Mike DeGraw-Bertsch explains how to set it up on OpenBSD and explains a basic ruleset. 08/02/2001

Linux Kernel Bug by Noel Davis
Noel Davis shows us a bug in Linux Kernels newer than 2.4.3; a buffer overflow in Solaris' dtmail; vulnerabilities in CylantSecure, PHPLib, top, Apache, tar, Firewall-1, Arkeia backup software, and IRIX's netprint; and talks about the configuration of Cayman DSL routers. 07/30/2001

101 to 150 of 211 Prev Next


Sponsored by: