Last week 37Signals launched another product as part of their online productivity suite. It’s called Highrise and it is a CRM that complements their well known project management application Basecamp. They have a whole portfolio of Ruby on Rails based apps. Take a look at their Ta-da Lists if you have problems keeping up with your busy schedule. However, when I looked at at their pricing and feature structure I found something that has been one of my biggest pet peeves for a long time.

Source:highrisehq.com

Full article…

Comments: 5 Comments

Karl MacMillan (RedHat) wrote this response to Glenn Faden’s comparison between Sun’s new Solaris Trusted Extensions and SELinux.

Excerpt
The biggest misconception of this article that I want to address is that Red Hat Enterprise Linux 5 is a “trusted operating system”. It is not and hopefully never will be. Instead, Red Hat Enterprise Linux is a general purpose operating system that can meet the same requirements that traditionally required a special-purpose trusted operating system. This distinction may seem small, but it has large implications on the relevance and long-term viability of Red Hat Enterprise Linux and SELinux.

Full article

Comments: No Comments

Seagate is close to releasing a “secure” hard drive for laptops. Obviously, this product is targeted at customers where laptops with sensitive data have been lost and public embarrassment quickly ensued (or at least a quick public dismissal of any risk). It’s an interesting product to be sure.
Full article…

Comments: 1 Comment

Securing and keeping up server environments is tedious enough, but what about all these virtual machines that are popping up all over the network? Blue Lane, which I’ve talked about in the past - here and here, might have found a cure for all those VMs wreaking havoc within your network.
Full article…

Comments: 3 Comments

Glenn Faden, Distinguished Engineer at Sun Microsystems has published this very insightful article about the differences between the Trusted Solaris successor - Solaris Trusted Extensions and Red Hat Enterprise Linux which contains SELinux functionality.

Excerpt:
Overview of the Trusted Extensions and RHEL5 LSPP Systems

The Solaris 10 Operating System provides new frameworks for containment (zones), user rights management (roles and authorizations), and process rights management (privileges). The Trusted Extensions software, introduced in the Solaris 10 11/06 OS, extends these frameworks by adding sensitivity labels to provide a mandatory access control (MAC) policy base that implements multilevel security. Since the Trusted Extensions software preserves all the basic Solaris OS functionality, new features added to the Solaris OS are, by definition, compatible with Trusted Extensions.

The Red Hat Enterprise Linux 5 OS includes SELinux, which is a framework for describing a security policy based on security contexts. A security context consists of a user identity, a role, a type, and an optional MLS level or range. The user identity attribute in the security context is independent of the ordinary Linux user identity attributes. The SELinux mandatory access controls remain completely orthogonal to the existing Linux access controls. As a result, a process must pass standard policy controls before anything from the SELinux module applies.

Neither RHEL5 LSPP nor the Solaris 10 11/06 OS enables the use of sensitivity labels by default.

Link to full article

Comments: 1 Comment

We have just added another feature to the Hack Report. We have created a special Security News section on our front page, here you’ll find the latest braking news from the security world. If you have any security stories for us simply submit them via the contact page.

Comments: 1 Comment