Another howto by me concerning encryption. However this one will be pretty intense on graphics. I have a step-by-step guide on how to do a manual full encryption of the system.
Due to a bug current in the ubuntu installation, you cannot encrypt the swap partition directly during the manual install. The install will just hang. Here's a link to the bug report: https://bugs.launchpad.net/ubuntu/+bug/231451
This article is a step by step guide to do a full encryption of a Linux system. The author provides snapshots in showing you how to do this.
NSA takes its Flask architecture to the open-source community to offer an inexpensive route to trusted systems.Architecture created by the National Security Agency and expanded with help from the open-source community will save the Defense Department and intelligence agencies millions in hardware costs.
With Flask, “we can guarantee that high-integrity data can’t be corrupted by untrustworthy entities or that sensitive data doesn’t leak to untrustworthy entities,” said Stephen Smalley, one of the chief developers of Flask at NSA. The best part is that the technology requires no specialized hardware or operating system.
What do you think about the Flask architecture? This article looks at this security architecture and how SELinux came about from it and it's impact on open source security.
With security becoming ever more important, I've been reviewing the various guides available to harden the VMware Virtual Infrastructure.
So far the results have been disappointing, though I've looked at the CISecurity VMware ESX Benchmark and the VMware VI3 Hardening Guidelines. Now for the US Government's Defense Information Systems Agency's Security Technical Implementation Guide (STIG)-a long-awaited document that all levels of the U.S. government will follow to harden and protect their VMware VI3 installations.
At first look at VM security you might think it's just like securing any hardware install OS. However, VM security come with it's own set of challenges. This likes at the security issues with hardening VMware ESX.
Gibraltar Firewall 2.6, a Linux firewall distribution based on Debian, was launched yesterday as announced by Rene Mayrhofer. This will be the last release that will use the Linux kernel 2.4, as the next Gibraltar editions will use the 2.6 kernel. Among other things, this edition of Gibraltar offers improved traffic shaping performance (the iptables marking rules were re-ordered and the pre-defined traffic classes were improved), and allows SSL Explorer plugins to be installed.
Have you ever used the Gibraltar Firewall? Gibraltar provides the user with a web interface for setting up their firewall. Now it's available for the Linux 2.6 kernel. Also in this release they added full WLAN access point functionality.
Source: searchsoftwarequality - Posted by Bill Keys
A recent security assessment of an application by Ounce Labs has resulted in the discovery of two vulnerabilities that can affect Java Web applications that use the Spring Framework.
Spring has been downloaded more than 5 million times to date, which means the security vulnerabilities identified could affect countless companies that use this framework."One of the problems is there's no default checking to make sure the users are only submitting fields that are visible in the form," Berg said. "That means someone can submit additional data in a request and put it into the Java bean."
"The vulnerabilities are not flaws [in the framework]. The issue is developers not understanding the complexity of the framework they're using." Ryan Berg Chief scientist, co-founder, Ounce Labs. So is this a security flaw in the framework or how developers are using it?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include 'Principle of Least Privilege Prevails, Says Red Hat Security Expert,' 'Security System Auditing Tool for UNIX/Linux,' and "Relay Server Attack Tactic Dupes Auto-reporting.'
This is likely the last announcement posting for today, and maybe for this month. It is to announce availability of John the Ripper 1.7.3 Pro for Linux (stable release) and 1.7.3.1 Pro for Mac OS X (currently in public beta).I'd like to thank Alain Espinosa for the optimized NTLM code, and for
kindly placing it in the public domain. This release of JtR Pro includes Alain's code with slight modifications, as well as replacement code for the password file loader; I am going to roll these into the next revision of the jumbo patch.
Have you heard John the Ripper 1.7.3 Pro for Linux was just release? Test it out for yourself and let us know what you think about this release.
