PHP is an open-source server-side scripting language, and it is a widely used. The Apache/Nginx/Lighttpd web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-five php security best practices for Linux and Unix sysadmins for configuring PHP securely.
Debian Linux project released today bug fixes for lighttpd and gaim package that allows remote attacks and DoS attacks.
It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
An updated autofs package that fixes a bug is now available under RHEL 4.x server and desktop systems.
The smaba has a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error.
=> KDE 4 Review : Ars Technica reviews KDE 4.0 – KDE 4.0 was officially released last week after extensive development. The long-awaited 4.0 release ushers in a new era for the popular open-source desktop environment and adds many intriguing new features and technologies. Unfortunately, the release comes with almost as many new bugs as it does features, and there is much work to be done before it sparkles like the 3.5.x series.
=> Every aspect of computer users’ lives â€” from their heartbeat to a guilty smile — could be monitored and immediately analysed under the futuristic system detailed in Microsoftâ€™s patent application.
=> Asus Launches Windows Version of its Eee PC – Hackers no longer have to resort to their own devices to get Windows on Asus’s Eee PC.
=> Crispin Cowan, the Linux security expert behind StackGard, the Immunix Linux distro and AppArmor, has joined the Windows security team.
Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your systemâ€™s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:
A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.