Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: DHS helping to secure open source code

from [Mike Fetherston] Network Security [Permanent Link]
Subject: RE: DHS helping to secure open source code
Date: Mon, 23 Jan 2006 09:01:04 -0500 
I took a look at the list (http://www.us-cert.gov/cas/bulletins/SB2005.html)
and feel it necessary to state that the amount of vulnerabilities are higher
than what I expected, but that the list also includes Mac OS X, AIX,
FreeBSD, HP-UX, Linux, Sony PSP, Sony Ericsson, QNX, and Symbian. As well,
many web applications are named including WordPress, Webmin, MediaWiki,
Squirrelmail, and countless PHP apps.  What's interesting is that many of
these apps listed in the *nix section are not listed in the Win32 section
even though many may be deployed on the Microsoft platform.  Topping this
list off are many embedded devices including manufacturers such as Linksys,
Netgear, Nokia, LG, Samsung, RIM.

Hope that can help shed some light.

Mike Fetherston


-----Original Message-----
From: Craddock, Larry [mailto:l_craddock@wfec.com]
Sent: Friday, January 20, 2006 12:02 PM
To: Security-Basics (E-mail)
Subject: RE: DHS helping to secure open source code

"US-CERT's (United States Computer Emergency Readiness Team) 2005 year-end
vulnerability statistics found a startling increase in flaws in Unix/Linux
operating systems. The controversial data revealed 812 flaws in Windows,
compared with 2,328 vulnerabilities in various Unix/Linux packages. "

Looks to me like the reason the DHS is funding the project is because they
*do* have some doubts.


Larry Craddock


-----Original Message-----
From: Saqib Ali [mailto:docbook.xml@gmail.com]
Sent: Tuesday, January 17, 2006 6:00 PM
To: Security-Basics (E-mail)
Subject: DHS helping to secure open source code

For people who doubt the secure coding practices in open source projects:

http://www.schneier.com/blog/archives/2006/01/dhs_funding_ope.html
http://www.eweek.com/article2/0,1895,1909946,00.asp
http://news.zdnet.com/2100-1009_22-6025579.html

DHS is funding the security analysis of the source-code for the following
OpenSource applications:

Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and
MySQL

--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
Day
of Resurrection)" Al-Quran 6:15

--------------------------------------------------------------------------
-
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the
case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------------------
--


--------------------------------------------------------------------------
-
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------------------
-





---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Snort as Firewall (WinXP), Neil
Next by Date:  RE: stick a laptop to a LAN, Maxim Kostioukov
Previous by Thread:  RE: DHS helping to secure open source code, Roger A. Grimes
Next by Thread:  RE: DHS helping to secure open source code, Mike Fetherston
Indexes:  [Date] [Thread] [Top] [All Lists]