Language Selection

English French German Italian Portuguese Spanish

Open-Source Security Tools Touted at InfoSec

Filed under
OSS
Security

A well-known security consultant on Tuesday urged cash-strapped businesses to consider using free, readily available open-source security tools and applications to help cope with the rising spate of malicious hacker attacks.

In what has become a recurring theme at this year's InfoSec World conference here, president and principal consultant at Sph3r3 LLC Matt Luallen said enterprises must embrace the same hacking tools used by the bad guys to find potential faults and vulnerabilities within critical information infrastructure.

"You can use open-source applications alongside commercial applications [to cut down on costs]," Luallen said during a show-and-tell with dozens of toolsets that can handle anything from fault identification to spam detection to incident response.

"There are some open-source utilities that blow away commercial products, and you should take advantage of them."

"Some of these tools work so well that, at the very least, you should start evaluating them for widespread use in your organization," Luallen said, seeking to dismiss fears that the absence of product support when using open-source utilities could be a deterrent.

"These open-source tools have better product support-it's called Google Groups. If you do a search on Google Groups, in most situations, you'll have an international community available with answers round-the-clock."

"I'm not here to tell you that you should get rid of commercial products. There are some fantastic commercial products out there. However, in many cases, it is practical, cheaper and even better to look for an open-source alternative," Luallen said.

"Remember, the attack utilities are open-source as well. It's important that you understand the tools the bad guys are using to find holes in your system. You have to use those tools, too, and find the same faults."

Full Story

More in Tux Machines

Real-time enabled Sitara SoC shows up on a COM

Variscite unveiled a Linux-friendly, SODIMM-style COM based on TI’s Sitara AM437x, supporting the updated SoC’s quad-core Programmable Real-time Unit (PRU). The VAR-SOM-AM43 is the first computer-on-module we’ve seen to use the Texas Instruments Sitara AM437x, a single-core Cortex-A9 system-on-chip that clocks to 1GHz. Last month, Adeneo announced an Android 4.4 BSP for TI’s Sitara AM437x development platform. Variscite is supporting its VAR-SOM-AM43 with a Yocto Linux, and soon, Android-ready hardware/software development kit of its own, which includes a VAR-AM43 CustomBoard development board, touchscreens, cables, and more Read more

High-end 'upstream' Linux laptop plans to ship in April

They said in working up hardware, they carefully designed the laptop "chip by chip" to work with open source software. The 4.4-pound laptop runs Linux. This is a GNU-based distribution, more specifically, the Trisquel GNU/Linux, "the strictest of distributions and strips all binary blobs from the Linux kernel." At the same time, they said laptop owners, if they want, can easily install anything less strict, such as Debian and Ubuntu. The machine has a 15.6" display in either 1920x1080 or 3840x2160 with a 60Hz refresh rate, 720p camera and HD Audio. It has a CD/DVD ROM drive. They used Intel Iris Pro Graphics 5200. It has a 48 Wh lithium polymer battery with about eight hours of usage. Read more

Android essentials: 13 apps I can't live without

We spend a lot of time talking about Lollipop and OS-level issues with Android -- but you know what's just as important as the operating system on your phone or tablet? The apps that surround it. The right apps can make your device easier and more enjoyable to use. They can give it powers you didn't know were possible. They can make it feel like your own custom-tailored gadget -- whether you've been using it for two minutes or for two years. Read more

GHOST, a critical Linux security hole, is revealed

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network." This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18. Read more