PUBLIC MARKS from camel with tag security

PassKool is a deterministic password generator. It tries to generate passwords that more or less sound like English. As PassKool generator is deterministic, identical inputs will give the same password. The security here relies on a secret passphrase used to generate the final password. A passphrase is usually easier to remember than a cryptic password. If you happen to forget the password, you can still retrieve it using PassKool. PassKool can also create deterministic password with random content. This may sound contradictory but the deterministic parameter is the seed used for the random generator. Here's a short example for a "root" account on some Unix/Linux box. By default, the password has a length of 12 characters. python passkool.py "root" "top secret phrase" ---> Generated password : quencatithro If you call this command again, you will find the same password.

Xen is a GPLed virtualization solution available in Debian 4.0 Etch repositories. This article help you to create a coherent Xen installation, with backups and minimum security enhancements. This guide fits my vision of a Xen setup. If it does not fit yours, you are free to adapt it to your needs, or to not use it. For information In this guide, i use the term "virtual host". Be aware that Xen use its own terminology. In a Xen setup, instanciated (aka. started) virtual hosts are called "Domains". Once your computer configured for Xen, all the operating systems run in "domains". The original operating system, where the Xen's control tools are installed, is called "dom0" (for domain No zero). All the guest operating systems are said to be installed in a "domU" (for User domain). As i'm a little lazy (well, yeah... very lazy), i don't want to endure this mind twisting, and i will mainly use the "virtual host" term in this guide. So, if you read this guide, don't by angry at me because of the terms i use.

Last Ubuntu versions enable you to install software by clicking on a link in your browser. If you want to install only some of the software list in this page, you can do it by simply clicking on the links put on the packages' names. This is not a security breach, since these packages are installed using apt-get and your configured repositories. It's only a little helper for lazy people :D

Nimbus provides a free, open source infrastructure for remote deployment and management of virtual machines, allowing you to: * Create compute clouds (make your own EC2 style service). For examples, see the science clouds page. * Deploy "one-click" auto-configuring virtual clusters (see the cloud clusters page). They adapt on the fly into new network and security contexts so you can set them up once and run them over and over again, even across different clouds. * Serve clients that are compatible with the Amazon EC2 service, see What is the EC2 frontend? * Integrate VMs on a set of resources already configured to manage jobs (i.e., already using a batch scheduler like PBS). See What is the Workspace Pilot? * Interface to Amazon EC2 resources, see What is the EC2 backend? * Easily experiment with new remote protocols and backends, see What is the RM API?

The XenAccess project was inspired by ongoing research within the Georgia Tech Information Security Center (GTISC). The purpose of this library is to make it easier for other researchers to experiment with the many uses of memory introspection without needing to focus on the low-level details of introspection. If you are using this library and come up with a useful extension to it, we are always happy to receive patches.

In this HowTo, I will explain how you can secure your network from virus and other malware, by installing ClamAV and integrating it with SafeSquid, to scan all in-coming content for virus, and block all infected content at the HTTP Gateway, even before it enters your network. Virus Security In SafeSquid SafeSquid has built-in connectivity to various daemon based anti virus software like ClamAV, Sophos, Avast, F-Prot, NOD32 and Kaspersky. It also has a universal ICAP (Internet Content Adaptation Protocol) client that can be used to connect to ICAP based security software like Dr.Web ICAP, Kaspersky Antivirus for Proxy Server, Trend Micro InterScan Web Security and Symantec Scan Engine. You can even use multiple anti virus software with SafeSquid to simultaneously scan in-coming content. This does not cause any significant latency, since SafeSquid has a multi-threaded architecture.

Subscribing to the security mailing lists is a must for every sysadmin, but who has the stamina and the determination to actually read them, and then analyze the impact of both the threat and the proposed fix? A more casual user with no life-or-death-critical servers would happily settle for a solution that would download and install the security patches automatically. As always in Linux, there is more than one way of achieving this.

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no warranty, it's free to use, copy and give away. WHAT POUND IS: 1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers. 2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information. 3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers. 4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones. 5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers. 6. a request redirector: requests may be distributed among servers according to the requested URL. Pound is a very small program, easily audited for security problems. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required) and should thus pose no security threat to any machine.

The WiKID Strong Authentication Server is a dual-source two-factor authentication system. PINs are encrypted on a software token and sent to the WiKID server. If the PIN is correct, the encryption valid and the account active, a one-time password is generated, encrypted and returned to the user's token where it is decrypted and presented for use with a network-based services. While there are a number of tutorials on how to combine WiKID's two-factor system a variety of systems (such as SSH, OpenVPN, Apache and SSL-VPNs), this is the first to address how to install the WiKID Server. We assume that you have already configured an RPM-based server. In general, it is best to have WiKID be the only service running on the server. This configuration will minimize potential security risks.

Développée avec la Mairie de Paris et l’INSERM, la solution OpenTrust-PAM (Portal Access Manager) d’IdealX est désormais libre au téléchargement sous licence GPL. OpenTrust PAM est un « reverse-proxy », assurant le SSO (Single Sign On), qui interagit avec les systèmes d’authentification des applications mises à disposition, grâce aux protocoles Web.

Preventing SSH Dictionary Attacks With DenyHosts | HowtoForge - Linux Howtos and Tutorials

onPHP5.com - Clickable, Obfuscated Email Addresses

Appelé POBS, permet de faire n'importe quoi avec votre code

Traduction d'un Billet original de Simon Willison. Seul le lien original fait référence

Vous pouvez définir dans celui-ci les limites des ressources par utilisateur

Zimki is a JavaScript application development platform that enables you to produce web applications quickly, simply and with no upfront costs. Zimki takes away all the annoying chores about creating web applications. Things like setting up a server, checking security and enabling backups are all done for you meaning you can get on with what you enjoy: developing.

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Secure your Web-Applications on the fly

An OpenID identity is just a URL. You can have multiple identities in the same way you can have multiple URLs. All OpenID does is provide a way to prove that you own a URL (identity). And it does this without passing around your password, your email address, or anything you don't want it to. There's no profile exchange component at all: your profiile is your identity URL, but recipients of your identity can then learn more about you from any public, semantically interesting documents linked thereunder (FOAF, RSS, Atom, vCARD, etc.).

The Hardening-Patch is a patchset that adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within those applications or the PHP core itself.