PUBLIC MARKS from fredbird with tag securite

This is the official homepage of KeePass, the free, open-source, light-weight and easy-to-use password manager.

A cross-platform Password Manager

Detecting rootkits on your machine running GNU/Linux I know of two programs which aid in detecting whether a rootkit has been installed on your machine. They are Rootkit Hunter and Chkrootkit.

Sur mon serveur web, j'ai une série de répertoires dont je voulais pouvoir garantir l'intégrité. Il me fallait savoir si quelqu'un ou quelque chose avait modifié mes fichiers. Comment vérifier?

Le logiciel, dénommé SecuBat Framework, agit comme le ferait un pirate informatique: il attaque les sites web dynamiques afin d'identifier les forces et faiblesses de leurs systèmes de sécurité. Il les sollicite par des attaques croisées XSS (Cross-Site Scripting Attacks) ou par des injections SQL, c'est-à-dire en insérant des scripts Javascript ou des fragments de code SQL dans leurs formulaires, pour interroger leurs bases de données ou modifier leurs pages.

Use this tool to generate all the necessary codes needed to password protect a directory or selects files within it on your site via .htaccess. It encrypts the desired passwords, then outputs the corresponding codes to put inside your .htaccess and .htpasswd files.

This article looks at five common Web application attacks, primarily for PHP applications, and then presents a case study of a vulnerable Website that was found through Google and easily exploited. Each of the attacks we'll cover are part of a wide field of study, and readers are advised to follow the references listed in each section for further reading. It is important for Web developers and administrators to have a thorough knowledge of these attacks. It should also be noted that that Web applications can be subjected to many more attacks than just those listed here.

KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Guarddog is a firewall configuration utility for Linux systems. Guarddog is aimed at two groups of users. Novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hastle of dealing with cryptic shell scripts and ipchains/iptables parameters.

Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems.

Dans l'article suivant je vais essayer de faire un point sur la sécurité de Linux, et surtout donner quelques bases pour rendre votre système plus sécurisé. Je ne suis pas expert en sécurité, loin s'en faut, mais voici ce que j'ai appris au cours de ces années.

In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. The result is a stale policy that may no longer be effective…or possibly even dangerous.

WASTE is an anonymous, secure, and encryped collaboration tool which allows users to both share ideas through the chat interface and share data through the download system. WASTE is RSA secured, and has been hearalded as the most secure P2P connection protocol currently in development. For technical information please see "information", but for more information on download and installation, please see "downloads". Looking for other WASTE projects? Please choose "projects", or if you are interested in the main WASTE sourceforge project, see "sourceforge". Or, if you just need some help with WASTE, see "documentation".

Free open-source disk encryption software for Windows XP/2000/2003 and Linux

Les sytèmes pare-feu (firewall) permettent de définir des règles d'accès entre deux réseaux. Néanmoins, dans la pratique, les entreprises ont généralement plusieurs sous-réseaux avec des politiques de sécurité différentes. C'est la raison pour laquelle il est nécessaire de mettre en place des architectures de systèmes pare-feux permettant d'isoler les différents réseaux de l'entreprise : on parle ainsi de « cloisonnement des réseaux »

La sécurité des hôtes sur un réseau, et donc sur le Net, est un vaste problème. L'objectif de ce document n'est certes pas d'être une référence à l'usage des spécialistes, mais plutôt un exposé des connaissances de base qui permettent d'entrevoir les dangers encourus par un utilisateur tel qu'un internaute câblé ou "ADSLisé".

In the recesses of your computer, 20-30 invisible processes run silently in the background. Some hog system resources, turning your PC into a sluggish computer. Worse yet, other useless processes harbour spyware and Trojans - violating your privacy and giving hackers free reign on your computer. ProcessLibrary.com is an invaluable resource for anyone who wants to know the exact purpose of every single process

We have been well conditioned to recognize and delete the endless stream of spam, phishing attempts, Nigerian scams, and virus attacks we get every day in our inboxes. We have been so far behind for so long in the battle with computer security that we have almost forgotten some of the most basic insecurities that we put up with day after day.

This page will serve as a free utility for remotely verifying a port is open or closed. It will be useful for users who wish to check to see if a server is running or a firewall or ISP is blocking certain ports.

302 Exploit: How somebody else's page can appear instead of your page in the search engines.

This lesson covers how to configure SSL/TLS support for Apache. This enables sensitive information that flows between browsers and servers, such as credit card numbers, to travel securely and not be accessible by malicious third parties. The lesson starts with an overview of SSL and its cryptographic foundations and continues with step by step configuration of SSL certificates and the mod_ssl Apache module.