Web HostingWeb Hosting

How DNSSEC Works

The domain name system (DNS) is the phone book of the Internet: it tells computers where to send and retrieve information. Unfortunately, it also accepts any address given to it, no questions asked.

Complete story

The DNSSEC Root Signing Ceremony

The root DNS zone contains information about how to query the top-level domain (TLD) name servers (.com, .edu, .org, etc). It enables Internet users to access domain names in all TLDs, even brand new ones like .software and .bank, making it an integral part of the global Internet.

Complete story

So, you want to be a security pro? Read this first

Of all the high-demand areas in IT, security stands out at the top. According to DICE, the number of security jobs skyrocketed by more than 40% from 2014 to 2015, to 50,000 openings, compared with 16.8% growth the year before. “Security jobs are growing at a far more rapid pace than other areas of technology, which are also growing rapidly,” says Bob Melk, president at DICE.

Read this full article at Network World

5 things you should know about two-factor authentication

One of the best pieces of security advice any computer expert can give you is to enable two-factor authentication for websites that support it. With password breaches so common nowadays, it could be the one thing that keeps hackers from stealing your identity online. Here are five points to help you understand this technology.

Complete story

How one hacker exposed thousands of insecure desktops that anyone can remotely view

Badly configured software used on thousands of machines can let hackers into X-ray scanners, industrial control systems, doctors’ servers storing medical records, and more.

Complete story

Critical glibc Vulnerability Puts All Linux Machines at Risk

Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs. The vulnerability, discovered independently by researchers at Google and Red Hat, has been patched. The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory.

Read this full article at ThreatPost

Hand-on with Kali Linux Rolling

What a nice way to finish a week – three pieces of really good news all in one announcement! Kali Linux (the successor to BackTrack), well known as one of the premier distributions for digital forensics and penetration testing, announced a new release. This by itself already qualifies as very good news. With this release, Kali-Rolling (2016.1), Kali Linux is now officially a rolling distribution. Kali was previously based on the Debian stable distribution, and basically had to track the major release cycles of Debian with their own major releases. Now Kali is based on the Debian testing distribution, so it is continuously updated. The Kali developers have also added continuous notification and updates of the penetration testing tools that they add to Debian to create the Kali distribution.

Read this full article at ZDNet Security

25 Hardening Security Tips for Linux Servers

Securing a system in a production from the hands of hackers and crackers is a challenging task for a System Administrator. This article related is to How to Secure Linux box or Hardening a Linux Box. In this article We’ll explain 25 useful tips & tricks to secure your Linux system

Complete Story

Observium: A Complete Network Management and Monitoring System for RHEL/CentOS

Observium is a PHP/MySQL driven Network Observation and Monitoring application, that supports a wide range of operating systems/hardware platforms including, Linux, Windows, FreeBSD, Cisco, HP, Dell, NetApp and many more. It seeks to present a robust and simple web interface to monitor health and performance of your network.

Complete Story

Common payment processing protocols found to be full of flaws

Credit card users could have their PINs stolen, and merchants could have their bank accounts pillaged, in a set of attacks demonstrated by researchers Karsten Nohl and Fabian Bräunlein at the Chaos Computing Club security conference. Much research has been done into the chips found on credit cards and the readers and number pads used with these cards, but Nohl decided to take a different approach, looking instead at the communications protocols used by those card readers. There are two that are significant; the first, ZVT, is used between point of sale systems and the card readers. The second, Poseidon, is used between the card reader and the merchant’s bank. Nohl found that both had important flaws.

Read this full article at Dark Reading