Better open source hygiene would have spooked GHOST
<em>This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.</em>
<em>This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.</em>
Open source code is lower quality than proprietary code. At least, that's how many people now perceive it.
At the moment I'm a bit of a security grouch. I keep seeing product after product that has significant vulnerabilities. And this isn't just happening with the things I deal with at work. Even Election Day had me grousing about the state of our software security.
As I moved into the information security position at my new company a few weeks ago, I was anxious to do a full assessment of our security defenses. But I was immediately sidetracked by, not one, but two major vulnerabilities that couldn't be ignored. Those were fires that had to be put out before I could do anything else.
Oh no, another zero day is out! No one goes home until it's fixed!
I was Shellshocked last week.
Atlanta -- Sophisticated attacks like Stuxnet aren't necessary to compromise industrial control systems for dams, power plants, chemical plants and the like. Rather, simple phishing attacks followed up by using tools that are easily available through Metasploit will do the trick, security pros were told at a conference in Atlanta this week.
Shellshock/bash bug exploits can force compromised servers to act as bots and, depending on the types of privileges the servers have, attackers can make them do a lot worse. So corporate security pros should patch important affected machines as soon as possible.
A prominent Linux kernel developer has been jailed by Russian authorities after protesting publicly in Moscow's Manezh Square against the conflict in Ukraine.
The Secure Shell (SSH) protocol and software suite is used by millions of system administrators to log into application and service accounts on remote servers using authentication methods that include passwords, tokens, digital certificates and public keys. But when improperly managed, SSH keys can be used by attackers to penetrate the organization's IT infrastructure.
Anyone hoping to gain Microsoft certification in Office 365 better know the ins and outs of provisioning, security, syncing, identities and troubleshooting for the cloud version of Microsoft's flagship productivity suite.
Former Microsoft CEO Steve Ballmer is apparently chasing ownership of the L.A. Clippers in earnest, reportedly meeting yesterday with Shelly Sterling, who's running the team since her husband, Donald, was banned from the NBA.
Many companies are dangerously exposed to threats because they don't properly manage the Secure Shell cryptographic keys used to authenticate access to critical internal systems and services.
Two different hacker groups are exploiting the same still-unpatched vulnerability in Internet Explorer (IE) with almost-identical attack code, a security researcher said Tuesday.
If there's one overarching theme of Amazon Web Services' second annual cloud user conference, it's that this company is aiming for enterprise.