NEWS

Forensic Dossier - new digital forensic data capture device
Feds warn of Chinese and Russian offensives
Cybercriminal jailed for 30 years in Turkey
Netgear unveils home gateways for broadband service providers
New D-Link 802.11n network camera for home and SMB monitoring

The Vulnerability Economy

REVIEWS

iPhone security software - SplashKey
Voice over IP Security
Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses
Big Book of Windows Hacks

WINDOWS

LANguard Network Security Scanner 9 ***
Eraser 6.03.847
Password Manager XP 2.3.453
File Encryption XP 1.5.127
AutoKrypt 8.14
CryptoExpert 2008 Professional 7.8.7
Tor, Privoxy and Vidalia bundle 0.2.0.32
JSch 0.1.41
Password Safe 3.15.1

ADVISORIES

Ubuntu Security Notice - openssl vulnerability (USN-704-1)
Debian Security Advisory - iceape (DSA-1697-1)
FreeBSD Security Advisory - OpenSSL incorrectly checks for malformed signatures (FreeBSD-SA-09:02.openss)
GFI: Automatic event log monitoring: Let GFI EventsManager do the dirty work!
WordPress Security Plugins
by James Hicks - Friday, 30 November 2007.

WordPress is a powerful publishing platform that is easy to use and offers anyone the possibility to start a blog in no time. Because of its versatility and a large quantity of third-party plugins, WordPress quickly became "the" solution for a large number of bloggers around the world. While some see potential security issues in deploying extra plugins, there are some good ones that will fuel up your blog's security. Here are some of them:

1) AskApache Password Protect

This plugin adds some serious password protection to your WordPress Blog's admin directory. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder.



The plugin is simple, you just choose a username and password and you are done. It writes the .htaccess file, without messing it up. It also encrypts your password and creates the .htpasswd file, as well as setting the correct security-enhanced file permissions on both. This plugin automatically picks all the right settings for where to save the .htpasswd and .htaccess files, but you can easily change those settings to anything you want. You can change it whenever you want right from your WordPress Admin Panel.

2) Force SSL

This plugin will force HTTPS connections for security purposes. Of course, you will need a web server "equipped" with a proper SSL certificate to use it. Force SSL works by redirecting any requests for pages via http to https, so no one will be able to access the contest through an insecure http connection.



Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.


3) Secure Files

This WordPress plugin allows you to upload and download documents that are, because of security purposes, stored outside of your web document root.



Secure Files works by allowing you to create a directory that is outside of your web document root and to upload/download files from it directly from within the WordPress Administrative Interface.

4) Login LockDown

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

 1  |  2  |   Next page >> 








SABSA Foundation Training: make sure you can manage the most successful Security Architecture Certification!

RSA Conference 2009

Vulnerability Scanning

Network Vulnerabilities

Event Log Security