security

< unix < computer < technology <
TwitterFacebook
Get flash to fully experience Pearltrees
http://netifera.com/research/ Practical Padding Oracle Attacks This paper discusses how cryptography is misused in the security design of a large part of the Web. Our focus is on ASP.NET, the web application framework developed by Microsoft that powers 25% of all Internet web sites.

research - The ASP.NET Vulnerability - POET attack - BEAST SSL/TLS attack

http://passwordsafe.sourceforge.net/

Password Safe

Whether the answer is one or hundreds , Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list. Security starts with you, the user. Keeping written lists of passwords on scraps of paper, or in a text document on your desktop is unsafe and is easily viewed by prying eyes (both cyber-based and human). Using the same password over and over again across a wide spectrum of systems and web sites creates the nightmare scenario where once someone has figured out one password, they have figured out all your passwords and now have access to every part of your life (system, e-mail, retail, financial, work).
15 June 2011: LPS-Remote Access was certified by AFNIC to connect to the GIG for general telecommuting use. Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive.

Software Protection Initiative - Lightweight Portable Security

http://www.spi.dod.mil/lipose.htm
https://www.ssllabs.com/ssltest/index.html This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or the test results, and we never will.

Qualys SSL Labs - Projects / SSL Server Test

https://www.grc.com/passwords.htm If some device was not following the WiFi Alliance WPA specification by not hashing the entire printable ASCII character set correctly, it would end up with a different 256-bit hash result than devices that correctly obeyed the specification. It would then be unable to connect to any network that uses the full range of printable ASCII characters. Since we have heard unconfirmed anecdotal reports of such non-compliant WPA devices (and since you might have one), this page also offers "junior" WPA password strings using only the "easy" ASCII characters which even any non-fully-specification-compliant device would have to be able to properly handle.

Ultra High Security Password Generator

http://www.pmcma.org/ First public version of pmcma is now available ! We have high expectations for this tool and hope it will get all the attention it deserves from the community. It should be stable on most modern Linux distributions x86 and x64, but any feedback will be greatly appreciated.

pmcma

How to Secure Your Apache Web Server | Wazi

Installing and maintaining a secure web server on Linux can be a challenge. It requires in-depth knowledge of Linux, Apache , and PHP server-side options. One of the main problems is to find the balance between security and productivity and usability. The best solution depends on the specific project requirements, but all installations share certain common characteristics. Here are some best practices for securing a LAMP server, from the server configuration to fine-tuning PHP settings. The task of securing a web server should begin with hardening the Linux operating system. http://olex.openlogic.com/wazi/2011/how-to-secure-your-apache-web-server/

Dooble Web Browser

Dooble is a new Open Source Web browser. The aim of Dooble is to create a comfortable and safe browsing medium. You can read more about Dooble at its Wikipedia page. http://dooble.sourceforge.net/

LogSurfer - Real Time Log Monitoring and Alerting

http://www.crypt.gen.nz/logsurfer/ Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logsurfer is capable of grouping related log entries together - for instance, when a system boots it usually creates a high number of log messages. In this case, logsurfer can be setup to group boot-time messages together and forward them in a single Email message to the system administrator under the subject line "Host xxx has just booted". Swatch just couldn't do this properly. Logsurfer is written in C - this makes it extremely efficient, an important factor when sites generate a high amount of log traffic.
http://nmap.org/ncrack/

Ncrack - High-speed network authentication cracker

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback.

WebInject - (HTTP) Web Application and Web Services Test Tool

What is WebInject? WebInject is a free tool for automated testing of web applications and web services. It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests.

wfuzz - Web application bruteforcer - Google Project Hosting

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver's Dirb, www.open-labs.org)

The Bro Network Security Monitor

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
Introduction Bro is a policy-controlled, event-based distributed intrusion detection system. Bro nodes can exchange events, policy state, network packets, and other information amongst each other.

Broccoli — The Bro client communications library

Scapy

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc. See interactive tutorial and the quick demo: an interactive session (some examples may be outdated) .
forensics

blogs

Wireshark