Computer Security & Technology

A lot of us who use Linux at work/school or have always grown up using Unix commands and using the Unix shell for years and more often than not, there are instances where a ls command comes more naturally than the dir command at the command prompt when using Windows.

For the most part, a lot of us work around this drawback using the excellent tool: Cygwin. Cygwin is available for windows users here.The Cygwin tools are ports of the popular GNU development tools for Microsoft Windows. They run thanks to the Cygwin library which provides the UNIX system calls and environment these programs expect.

With these tools installed, it is possible to write Win32 console or GUI applications that make use of the standard Microsoft Win32 API and/or the Cygwin API. As a result, it is possible to easily port many significant Unix programs without the need for extensive changes to the source code. This includes configuring and building most of the available GNU software . Even if the development tools are of little to no use to you, you may have interest in the many standard Unix utilities provided with the package. They can be used both from the bash shell (provided) or from the standard Windows command shell.

While Cygwin would be an obvious choice for many Unix/Linux power users, there is an excellent and a much simpler alternative to using Cygwin. In this article, I will show you how to run your Unix commands right in the windows command prompt.

go on reading »

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

In this article, I will introduce you to some well known tools which security analysts use for Network Security Risk assessment, to know more about the layout of the network they are trying to test and also gather intelligence about that company, which the security analyst can use later on to conduct further tests and poke it for its weak points. The more information we can obtain, the more we can advice our client company of any potential problem areas and provide a better Network Security Risk Assessment. This whole process is called footprinting.

Footprinting:(Definition from Wikipedia)

Footprinting is the technique of gathering information about computer systems and the entities they belong to. This is done by employing various computer security techniques, as Ping Sweeps, TCP Scans, UDP Scans, OS Identification, Network Enumeration, Registrar Queries, Organizational Queries, Domain Queries, Network Queries, POC Queries and DNS Interrogation

go on reading »

This article lists some Computer Security Terms and Computer Security Terminology. For anyone reading any of the computer security terms below for the first time, I highly recommend that you Google these keywords and learn more about them.

Adware: The difference between Adware and Spyware is very subtle. Both Adware and Spyware is installed without the user’s permission on a machine. An Adware’s main purpose is to display targetted ads based on the user behaviour it is tracking.

It is not uncommon for people to confuse “adware” with “spyware” and “malware”, especially since these concepts overlap. For example, if one user installs “adware” on a computer, and consents to a tracking feature, the “adware” becomes “spyware” when another user visits that computer, and interacts with and is tracked by the “adware” without their consent.
go on reading »

While WordPress in general is pretty secure grounds up, it is still vulnerable to the many kinds of security exploits out there.

WordPress Security Tip # 1: Upgrade your WordPress Blog

Keeping your WordPress blog up to date by installing the latest version of WordPress. You may think it is pain to update every time, but in terms of security and if you don’t want your blog to be hacked, this is very very crucial.

WordPress has detailed and simple instructions on how to update your blog. Check them out and keep your blog up-to-date. You can subscribe to the WordPress Development blog at http://wordpress.org/development/feed/ which will keep you up-to-date on the latest WordPress patches or the latest WordPress releases.

WordPress Security Tip # 2: Remove the version string in your header.php file of your WordPress theme

Again, if you don’t keep your WordPress blog up-to-date with the latest version, WordPress is kind enough to let potential hackers know that you did not update your blog. Say, you want to find a list of WordPress blogs still running WordPress 2.2, a simple google search would generate a list.

go on reading »

Is Open Source Software Really more Secure?

The constant stream of Windows vulnerability attacks result not solely due to security holes in the Operating System, but also because of the ubiquity of Windows as both a client and server operating system makes it a prime target for any malicious intent. While open source zealots declare Linux to be inherently more secure by virtue of its communal development process, Linux has yet to attain the level of success of Windows and thereby remains a lesser target to hackers, making such claims difficult to quantify fairly.

Linux market share is rapidly growing, and some claim that the operating system may become scrutinized more closely for vulnerabilities, creating the possibility of more attacks as it becomes more attractive to hackers. However, this scrutiny certainly has a benign effect, as well. Turnaround times for patches in Linux and other popular Open Source offerings have traditionally been very rapid, which allows proactive organizations and individuals to more quickly reap the benefits of a strong patch management strategy.

The security of open source software has been both idealized and made the subject of targeted disinformation.

Generally, two philosophies exist:

that open source is more secure because it is more rigorously reviewed;
and, that proprietary software is more secure because access to the source code is limited.

While seeming contradictory, both schools of thought have validity depending on circumstances. Open source philosophy states that open source software cannot rely on obscurity for security — because the source code is transparent, security
must be implemented well at the source code level. Also, open collaboration is thought to result in the earlier discovery and correction of security flaws—an aspect of the thesis that “given enough eyeballs, all bugs are shallow.”

Even the most ardent open source believers would say that neither of these two claims actually guarantees the security of all open source code. As Gartner analyst John Pescatore states,

“…just releasing source code on the Internet doesn’t mean that the software is more secure, and it often can result in less-secure software.”

Having enough eyeballs reviewing the code depends on the open source project having a strong community, with many sharp individuals contributing to reviewing the source code. Projects such as OpenSSL, Apache and the Linux kernel itself enjoy such large communities, and consequently have excellent security records. Lesser-known projects for which community enthusiasm is spare may not deliver the same level of security.

Overall, two factors generally assure a greater capability to be more security-hardened than proprietary software: broad community involvement and trusted certifications or evaluations, such as Common Criteria.

Conversely, in open source projects for which community enthusiasm has yet to build, proprietary software may be more
secure, as well as have a richer feature set. For this reason, it is recommended that one blend open source software with proprietary offerings to adequately meet an organization’s or an individual’s desired security requirements.

For more information check out “The Benefits of Open Source,” a short excerpt from Unix System Security Tools, at:
http://www.albion.com/security/intro-7.html.