]]>
]]>
You start with 1 GB online storage for free, which can be easily increased. Become a Pro user by buying additional storage or by trading unused local disk space for more online storage.
Is this a place someone could do dangerous denunciations?
Have you ever wanted to view an RSS or ATOM feed in a web based feed reader such as Google Reader or Bloglines, but could not because the feed required user authentication or used an invalid SSL certificate?
Image-based Password Manager remembers your passwords and automatically fills in forms.
WatchDox is the easiest way to send documents securely, and control and track who views, prints or forwards them.
]]>Marketers, corporations, criminals, and governments all monitor your online activities. Some even use filters to completely block your access to information. BitBlinder is software that gives you back your online freedom.
Un fil de discussion très intéressant sur le comment de la sécurisation d'un système FreeBSD.
Quelques astuces pour sécuriser (encore plus) son système FreeBSD
Very secure FTPd est un outil très complet, stable, sécurisé et performant à la fois. Il permet une gestion du serveur à la carte selon les besoins de l’administrateur, sa relative complexité ne doit surtout pas être un frein à son utilisation car au final on se rend bien compte que les multiples possibilités d’utilisations font de VsFTPd un logiciel puissant, hautement configurable. Sans nul doute, ce logiciel est ce qui se fait de mieux en la matière ! Dans le cadre de cet article, nous allons faire en sorte que l’espace disque soit partagé de deux manières. Un utilisateur que l’on nommera paul aura les droits suivants : lecture, écriture et suppression. Le deuxième qui s’appellera tom pourra uniquement avoir accès en lecture seule, il ne pourra en aucun cas uploader, déplacer où encore supprimer un fichier contrairement à paul. Autre point important, l’accès au serveur en anonyme sera tout simplement refusé par soucis de sécurité.
This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.
Commençons tout d’abord par expliquer les quelques termes alambiqués du titre de ce billet pour les néophytes : * SFTP signifie « Secure File Transfer Program », c’est un programme permettant de transférer des fichiers en utilisant une liaison chiffrée par SSH (Secure SHell) ; attention à ne pas confondre SFTP avec FTPS qui signifie pour sa part « File Transfer Protocol over SSL » ! * chroot est un programme permettant de changer le répertoire racine d’un processus afin que ce dernier n’ai accès qu’à une partie limitée de l’arborescence. * scponlyc est un shell limité destiné uniquement aux transferts de fichiers dans un chroot. Le but du jeu est donc de permettre à un utilisateur de transférer des fichiers sur un serveur de manière sécurisée sans qu’il n’obtienne pour autant un shell et sans qu’il lui soit permit de voir l’arborescence du serveur.
SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall. However, forwarding an individual port still requires you to change where your program connects, telling it to use a non-standard port on localhost rather than the standard port on the remote machine, and it requires a separate port forward for each machine you want to access. Dynamic port forwarding via SOCKS provides a more convenient alternative. The examples in this article assume that you reside behind a restrictive firewall which does not allow outgoing SMTP connections except to a designated mail server. You want to connect to a different mail server, mail.example.net, on port 25. You have an SSH account on a machine shell.example.org, which does not reside within the restrictive firewall and can thus access port 25 on mail.example.net.
In this HowTo, I will explain how you can secure your network from virus and other malware, by installing ClamAV and integrating it with SafeSquid, to scan all in-coming content for virus, and block all infected content at the HTTP Gateway, even before it enters your network. Virus Security In SafeSquid SafeSquid has built-in connectivity to various daemon based anti virus software like ClamAV, Sophos, Avast, F-Prot, NOD32 and Kaspersky. It also has a universal ICAP (Internet Content Adaptation Protocol) client that can be used to connect to ICAP based security software like Dr.Web ICAP, Kaspersky Antivirus for Proxy Server, Trend Micro InterScan Web Security and Symantec Scan Engine. You can even use multiple anti virus software with SafeSquid to simultaneously scan in-coming content. This does not cause any significant latency, since SafeSquid has a multi-threaded architecture.
djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.
]]>
djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.
An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.
his article describes how to implement SSL-enabled name-based vhosts - that is secure virtual hosts which share the same IP address and port - with the SNI-capable mod_gnutls module for Apache’s httpd web server.
]]>
SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.