Top Open-Source Security Applications
Grok Headline matches for Top Open-Source Security Applications
Must-have open source applications for
consultants
Must-have open source applications for
consultants
02/01/2005 08:49 PMAs a consultant to small businesses trying to get up to speed on
Linux, my must-have applications are OpenOffice.org, MySQLAdmin, and
Rekall. I'm going to include Knoppix as well; although it isn't an
application in the sense of being a single package, I use it as a
system recovery tool rather than an operating system.
For Open-Source Code, The Future Is In
Applications
For Open-Source Code, The Future Is In
Applications
04/09/2005 07:44 PMInformation Week Apr 9 2005 10:51PM GMT
It's time to integrate open source
graphic applications
It's time to integrate open source
graphic applications
02/05/2005 09:47 PMI've been a graphic artist and Web designer for more than a decade,
and in that time, I've seen software companies expend a great deal of
effort in attempts to monopolize the market. Adobe, for instance, took
over the desktop publishing field early on by developing a set of
powerful products, such as Photoshop and Illustrator. Macromedia had
to fight to gain control over the Web design and development business,
and its hold on Web development became apparent only after it
integrated its products. Today, with a remarkable range of Web design
and development applications, Macromedia is the indisputable leader of
the field. It's time open source graphic application developers did
the same.
Ampoliros 3.2.0 open source PHP web
applications platform released
Ampoliros 3.2.0 open source PHP web
applications platform released
01/08/2003 01:06 PMThe Ampoliros Team announces the release of the security focues 3.2.0
Ampoliros release. Ampoliros is an open source PHP web applications
platform.
OSBC: enterprise applications next wave
for open source
OSBC: enterprise applications next wave
for open source
04/06/2005 02:26 AMZDNet Apr 6 2005 5:33AM GMT
Open source on offense in ERP and
business applications market
Open source on offense in ERP and
business applications market
06/03/2004 12:16 PMFlexibility, cost savings, and efficiency have been driving enterprise
users away from proprietary technology to Linux and open source. Now a
recent IDC study shows that one of the last holdouts, the
big-vendor-dominated market of enterprise resource planning (ERP)
applications, is also poised to start taking off for non-proprietary
technology.
New e-book Focuses on Open Source and
Linux Applications for Businesses
New e-book Focuses on Open Source and
Linux Applications for Businesses
06/22/2005 01:51 AMConnect Computing is offering an e-book with CD-Roms that help people
try e-commerce, accounting, and other Open Source / Linux apps. [PRWEB
Jun 21, 2005]
Creating Cross-Platform Applications
with Core Foundation and Open Source
Creating Cross-Platform Applications
with Core Foundation and Open Source
04/11/2005 11:23 PMApple
Developer Connection: “One of the most powerful yet
under-appreciated frameworks in Mac OS X is Core Foundation,
also known as CF... Because CF is open source, developers can compile
and run it on Macintosh as well as other platforms—and this
opens up a number of interesting possibilities.”
(Via
The
Shape of Days.)
Defending Open Source Security
Defending Open Source Security
02/14/2004 08:03 AMOpen Source Security: Still A Myth
Open Source Security: Still A Myth
09/17/2004 11:52 AMOpen Source Law and National Security
Open Source Law and National Security
09/13/2004 05:19 AMHow many paragraphs of rules and regulations can a society have before
no one can predict how it will respond to critical situations? The
answer, as demonstrated on 9/11/2001 is: "Not very many." Lawyers
need to go open source and let the public bang on their code.
An eye opener on open source Internet
security
An eye opener on open source Internet
security
07/26/2004 08:46 AMMissing Open Source Security Tools?
Missing Open Source Security Tools?
06/28/2004 06:16 PMCryptography and the Open Source
Security Debate
Cryptography and the Open Source
Security Debate
07/20/2004 02:34 PMSecurity holes splatter Open Source
Security holes splatter Open Source
06/11/2004 04:54 AMNew flaws foul open-source security
New flaws foul open-source security
06/10/2004 08:05 AMZDNet Jun 10 2004 12:14PM GMT
Open Source a National Security Threat
Open Source a National Security Threat
07/27/2004 11:22 AMDOES open source software enhance
security?
DOES open source software enhance
security?
03/06/2004 02:04 AMMicrosoft, Open Source and National
Security
Microsoft, Open Source and National
Security
04/23/2004 01:24 AMTwo weeks ago, I wondered out loud about the top 10 worst IT business
decisions ever made and nominated HP's decision to follow DEC down the
road to oblivion for top spot. Today I'd like to suggest that the U.S.
Defense Department's continued use of Microsoft's software is likely
to top a future list of this kind.
The equation here is simple. First, recognize that Microsoft's
software security depends crucially on keeping its source code
secret. That's not a comment from an anti-Microsoft bigot -- it's the
testimony given under oath by Microsoft vice president Jim Allchin.
Even limited release of Microsoft's code, Allchin told judge Colleen
Kollar-Kotelly's federal court in May 2002, would threaten national
security because the code is both seriously flawed and widely used in
the Defense Department.
But consider that only nine months later, in February 2003, Microsoft
announced an agreement giving communist China full access to the
source code for Windows and related tools.
Two Open-Source Databases Spring
Security Leaks
Two Open-Source Databases Spring
Security Leaks
05/20/2004 08:20 PMA researcher has found critical flaws in CVS and Subversion; updates
have been posted.
Open-Source Security Tools Touted at
InfoSec
Open-Source Security Tools Touted at
InfoSec
04/05/2005 10:21 PMA security consultant encourages cash-strapped businesses to consider
open-source security tools and utilities to help cope with the
increasing spate of malicious hacker attacks.
Security fears push users to open source
Security fears push users to open source
12/05/2003 05:32 PMPersonal Computer World Dec 5 2003 4:19PM ET
Apple Cites Open Source Core Security
Apple Cites Open Source Core Security
09/02/2004 12:41 AMSlashdot Sep 2 2004 4:37AM GMT
Web Security Errors and an Open Source
Revenue Opportunity
Web Security Errors and an Open Source
Revenue Opportunity
01/14/2003 06:32 PMWeb Security Errors
I normally wouldn't blog this much but so many of us here do web
development that its good for all of us to review these. Yes I know
we all know better but I'd virtually guarantee that we all have done
at least one of these in the last 24 months:
Unvalidated parameters: Information from Web requests isn't validated
before being used by a Web application. Attackers can use these flaws
to attack backside components through a Web application.
Broken access control: Restrictions on what authenticated users are
allowed to do aren't properly enforced. Attackers can exploit these
flaws to access other users' accounts, view sensitive files, or use
unauthorized functions.
Broken account and session management: Account credentials and session
tokens aren't properly protected. Attackers who can compromise
passwords, keys, session cookies, or other tokens can defeat
authentication restrictions and assume other users' identities.
Cross-site scripting flaws: The Web application can be used as a
mechanism to transport an attack to a user's browser. A successful
attack can disclose the user's session token, attack the local
machine, or spoof content to fool the user.
Buffer overflows: Web application components in some languages that
don't properly validate input can be crashed and, in some cases, used
to take control of a process. These components can include CGI,
libraries, drivers, and Web application server components.
Command injection flaws: Web applications pass parameters when they
access external systems or the local operating system. If an attacker
can embed malicious commands in these parameters, the external system
may execute those commands on behalf of the Web application.
Error-handling problems: Error conditions that occur during normal
operation aren't handled properly. If an attacker can cause errors
that the Web application doesn't handle, he or she can gain detailed
system information, deny service, cause security mechanisms to fail,
or crash the server.
Insecure use of cryptography: Web applications frequently use
cryptographic functions to protect information and credentials. These
functions and the code to integrate them have proven difficult to code
properly, frequently resulting in weak protection.
Remote administration flaws: Many Web applications let administrators
access a site using a Web interface. If these administrative functions
aren't very carefully protected, an attacker can gain full access to
all aspects of a site.
Web and application server misconfiguration: Having a strong server
configuration standard is critical to a secure Web application. These
servers have many configuration options that affect security and
aren't secure out of the box. [_Go_]
The full report is here. Nice job guys. Thank you.
And Just One More
Oh and I'd also kick in one other security glitch that's related to
these but not specifically mentioned: Installing Open Source
applications on the quick. You know the drill -- you grab some code,
install it and then poof! The client is running it and is happy so
you kinda ignore it. And you don't realize that the default
installation leaves the password in the clear! Think I'm kidding?
For example a lot of php applications use .inc for include files as
their extension so config.inc is viewable by anyone who knows it
exists.
A Chance for Open Source Revenues
Although I have no actual metrics on this I suspect it is quite
common. Now this makes me think that a possible revenue opportunity
for Open Source authors is something like "Security Check", for $99 or
$X (per server), I'll check over your installation and make sure you
don't have any holes. Given that a lot of Open Source applications
are rolled into hosting / consulting, it would be relatively easy to
pass this type of cost onto the ultimate customer.
Security flaws could corrupt open source
databases
Security flaws could corrupt open source
databases
05/20/2004 04:15 AMMore flaws foul security of open-source
repository
More flaws foul security of open-source
repository
06/09/2004 05:29 PMNOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits."
NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits."
02/17/2004 11:57 PMAs per a recent post, I love to see (and hope to one day do it myself)
Open Source Software in Non-Profits. Seems http://www.nosi.net found
my post:
http://thelostolive.net/tlo/comments.php?id=1786_0_1_0_C
And commented the release of its new guide "Choosing and Using Open
Source Software: A Primer for Nonprofits." And now in their own words:
___snip____
--
From: Katrin Verclas
Email: steering (a) nosi.net
Hi, Kevin -
NOSI actually just released a new...
Open source Internet protocol security
project gets nod from Novell
Open source Internet protocol security
project gets nod from Novell
06/17/2004 03:31 AMAnnouncing Windows Open Source Security
Framework - SafetyNet
Announcing Windows Open Source Security
Framework - SafetyNet
09/23/2004 11:51 PMDatabase, Security, Storage Are Next
Layers For Open Source Commoditization
Database, Security, Storage Are Next
Layers For Open Source Commoditization
01/19/2004 09:36 AMOpen-source activist Bruce Perens joins
open-source defense group
Open-source activist Bruce Perens joins
open-source defense group
05/07/2004 04:33 PMA key leader in the open-source software movement has been appointed
to the board of Open Source Risk Management, which is defending the
legal standing of open-source software.
Do You Suffer from Open Source Phobia? -
six reasons you might relent and be
ready for an extreme makeover - OPEN
SOURCE - Magazine - Darwin Magazine
Do You Suffer from Open Source Phobia? -
six reasons you might relent and be
ready for an extreme makeover - OPEN
SOURCE - Magazine - Darwin Magazine
03/08/2004 11:20 PMhttp://www.darwinmag.com/read/030104/open.html
ASK A GROUP OF corporate IT leaders whether they'd rather stick their
arms into a box of tarantulas or allow open source software (OSS) on
their networks, and odds are most would start rolling up their
sleeves. Not to do any downloading, either.
Slashdot on Open Source Ideas and Open
Source Life
Slashdot on Open Source Ideas and Open
Source Life
06/23/2004 08:27 PM As Canada protects the patents on genes, Download Aborted wonders
whether the genetic code should be considered Open Source. It's
slashdotted here. And as atonement for saying something positive about
the people at Microsoft — man, you folks are rough! —
here's some slashdottism about the anti-Open Source think tanks that
Microsoft is funding. (But I still like the Microsofties I've met. So
there.)...
Online Crime, Compliance Issues, Worker
Mobility, SOA, and Open Source Are
Mega-Trends for IT Security, Says Burton
Group
Online Crime, Compliance Issues, Worker
Mobility, SOA, and Open Source Are
Mega-Trends for IT Security, Says Burton
Group
07/13/2004 05:36 PMOpen source opportunity, open source
risk
Open source opportunity, open source
risk
09/22/2004 10:44 AM
I've been traveling more than usual lately, and while on the road I've
been working my way through the
ITConversations audio
archive. It's full of gems, and one of them is Doug Kaye's
interview
with Philip Greenspun. While discussing the
ArsDigita flameout,
Greenspun offers insightful perspectives on the opportunity, and the
risk, of open source as a business model.
...Open source process for open source
development
Open source process for open source
development
04/05/2005 11:50 AM
Sun has given every possible indication that Open Solaris will be run as a true
open source project. The latest indication is the make-up of the board
of directors:
Casper Dik,
Roy Fielding,
Al Hopper,
Simon Phipps, and
Rich Teer.
(via Simon Phipps - congrats Simon!)
From open source to open services to
open information
From open source to open services to
open information
03/29/2005 12:00 PM
My
March
21 entry about upcoming.org turned out to be an odd juxtaposition
because, on the same day, a new events database called
EVDB was announced and shown at PC
Forum. It's due out shortly in public beta but I haven't seen it, so
for now I only know what you can also learn from reading, among
others:
Dan
Farber,
Ross
Mayfield,
Om Malik,
David
Weinberger, and
Paul
Kedrosky (whose recent archive is missing this morning, yikes).
The consensus seems to be that EVDB will be a Web-2.0-style,
Wiki-style, RSS-friendly, Flickr-and-del.icio.us-like thingy. Sounds
promising! I'll certainly check it out when it's public.
...Microsoft Depends On Shared Source, Dips
Toe In Open-Source Waters (TechWeb)
Microsoft Depends On Shared Source, Dips
Toe In Open-Source Waters (TechWeb)
04/08/2005 04:56 AMTechWeb - The software vendor will add to the 20 products it now
offers for source-code inspection under its Shared Source Initiative.
Microsoft releases source code to open
source community
Microsoft releases source code to open
source community
05/05/2004 04:06 AMAbout a month ago, Microsoft posted some of its source code to
SourceForge. SourceForge is a, if not the, major distribution point
for open source software. Microsoft's code was put there under the
terms of the Common Public License, which allows modification,
addition, redistribution - in short, it allows most of the rights and
privileges that we associate with open source software.
Grok Description matches for Top Open-Source Security Applications
GrokA matches for Top Open-Source Security Applications
Top Open-Source Security Applications
