Open Source Security Tools and Applications
- March 28, 2019
The NSA answered lingering questions around what kind of support it would provide for Ghidra after releasing the tool as open source with a patch that fixed serious bugs.
- March 15, 2019
The NSA's reverse-engineering tool, Ghidra, was released to the public and despite some initial concerns experts are generally bullish on the prospects for the free software.
- March 06, 2019
The National Security Agency launched its highly anticipated reverse-engineering tool, Ghidra. The free software offers features found in high-end commercial products.
- February 25, 2019
A WinRAR bug that affects every version of the app over the past 19 years was discovered and patched. But it's unclear if the millions of the app's users will get the needed fix.
- January 08, 2019
The National Security Agency plans to release an open source version of its GHIDRA reverse engineering tool during RSA Conference in March, but details about the tool are scarce.
- December 27, 2018
Adam Baldwin, director of security for NPM, talks chains of trust and new NPM security initiatives that will bring automated alerts to help highlight potentially malicious activity.
- November 28, 2018
A compromised NPM package targeted a popular bitcoin wallet with cryptocurrency-stealing code and experts say the issue highlights the lack of a chain of trust in open source software.
- June 28, 2018
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing.
- April 18, 2018
IBM has made a new open source AI toolbox that's designed to provide practical defenses for real-world AI systems based on how threat actors can attack AI models.
- March 30, 2018
Kaspersky's KLara tool has been made open source in an effort to help security professionals search related malware samples more easily and efficiently with distributed Yara rules.
- March 22, 2018
Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software.
- September 15, 2017
Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- January 03, 2017
A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.
- September 30, 2016
The cure for a low-severity OpenSSL vulnerability proves worse than the disease, as it opened a new, critical flaw, forcing the OpenSSL Project to rush out a new set of patches.
- June 10, 2016
Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- July 22, 2015
According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.
- April 28, 2015
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.
- March 23, 2015
A new open source security tool from CERT, dubbed 'Tapioca,' shows that Android app vulnerabilities are ubiquitous, according to new research from IBM.
- March 20, 2015
News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.
- March 13, 2015
News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.
- February 23, 2015
Use of Cisco's OpenAppID application-layer traffic-detection tool is still modest compared to Snort, but the networking giant says it can help enterprises improve traffic visibility on internal applications.
- February 13, 2015
News roundup: While data sharing can boost intelligence and improve security, recent events show the benefits don't always outweigh the pitfalls. Plus: Chip-enabled POS systems coming quickly; MongoDB databases exposed; sophisticated phishing scams.
- October 08, 2014
Yahoo says a reported attack was not the result of a Shellshock exploit, but researchers have found new vulnerabilities in SSH key-management and network-attached storage systems.
- October 03, 2014
Shellshock and Heartbleed showed how flawed even ubiquitous open-source software components can be, but experts say that doesn't necessarily mean the open-source security model is to blame.
- April 24, 2014
A number of tech giants have pledged financial help to OpenSSL and other open source projects after the Heartbleed bug exposed numerous issues.
- March 04, 2014
Experts say Microsoft's EMET security tool remains valuable to enterprise security teams if used as one layer in a larger security strategy.
- February 25, 2014
The networking giant unveils a new strategy highlighting Sourcefire technology, including new open source application firewall features for Snort.
- December 18, 2013
CloudFlare hopes its open-sourced Red October server encryption software, based on the 'two-man rule,' can help thwart rogue insiders and secure Web.
- December 05, 2013
A new website built by Troy Hunt enables possible data breach victims to discover compromised accounts from several high-profile breaches.
- April 11, 2012
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn.
- September 16, 2010
Microsoft's popular Web framework, ASP.NET, fails to protect encrypted cookies that store online credentials on some popular banking and shopping websites.
- October 21, 2009
The popular Metasploit Framework remains a free and open source hacking tool. Creator HD Moore joins Rapid7 as CSO, Metasploit architect.
- August 28, 2009
Attackers forced Apache to shut down its website for several hours Friday morning, using a compromised SSH key to gain access to one of its servers.
- March 23, 2009
SWFScan analyzes Adobe Flash to identify dozens of source code errors.
- September 30, 2008
Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise
- March 12, 2008
A new feature developed for the Tor network helps avoid websites from blocking Tor by using relays with IP addresses not listed in the Tor directory.
- February 28, 2008
Sourcefire, maker of the popular Snort open source IDS tool, said its Chief Executive E. Wayne Jackson III would step down.
- January 29, 2008
Barracuda Networks is looking for works of prior art in hopes of beating back patent infringement charges levied by Trend Micro with the U.S. government.
- May 23, 2007
Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine.
- November 07, 2006
Snort users frowned when Check Point tried to acquire Sourcefire last year. But they are more optimistic about Sourcefire's plans to go public.
- August 17, 2006
The open source pen-testing platform is used nearly universally by security assessment firms -- even those that buy "competitive" products from Core, Immunity and others, but big licensing and platform changes are in the works.
- February 10, 2006
Safend Protector lets you define who can use USB ports, what those ports can be used for and who can use wireless connections.
- October 13, 2005
With Check Point acquiring Sourcefire and its Snort open source IDS, users fear it may be the beginning of the end for one of the industry's most popular security tools.
- August 01, 2005
The security vendor creates new opportunity to show skills with its 3D System and the popular open source IDS.
- December 16, 2004
Developers of the popular open-source tool are starting to charge commercial customers who bring nothing to the project's development.
- April 01, 2003
Marcus Ranum explains how network packet analyzers offer a worm's-eye view of what's traversing an enterprise network.
- December 18, 2002
Vulnerabilities discovered in Secure Shell could lead to system crashes or remote execution of code.
- February 27, 2002
Commercial grade of Snort arrives