Automated detection and response to attacks
One of the biggest problems with security is the amount of setup effort and continuous maintenance it often requires. OSSEC provides a degree of assurance and active protection with a minimal setup cost and little maintenance. OSSEC is lacking in a few features I would really love to see (like telling me what changed within a file as opposed to just telling me that the file has changed) and lacks some ease of use features (like mass configuration and change management), but weighed against the simplicity of setup and management I think it's still worth it.
- "Dive Deep" by Heike Jurzik, Linux Pro Magazine, April 2008, http://www.linux-magazine.com/w3/issue/89/086-087_command.pdf
- OSSEC: http://www.ossec.net/
- Tripwire: http://sourceforge.net/projects/tripwire/
Buy this article as PDF
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.
Popular desktop environment continues the Gnome 2 legacy – with new support for the Gnome 3 toolkit.
The Obama White House has issued a memorandum telling all US government agencies they must use HTTPS for all websites and web communication.
New program will dial up security for the Firefox browser.
Red Hat's community distro embraces the cloud.