Network and Computer Security

The May 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out.

Summary:

Movie Plot Threat Contest: Status Report
Who Owns Your Computer?
Crypto-Gram Reprints
Identity-Theft Disclosure Laws
When “Off” Doesn’t Mean Off
News
RFID Cards and Man-in-the-Middle Attacks
Software Failure Causes Airport Evacuation
Counterpane News
Microsoft’s BitLocker
The Security Risk of Special Cases
Comments from Readers

As usual it is an excellent reading, but if you don’t have time to read it all, make sure you read at least the Who Owns Your Computer? and Microsoft’s BitLocker articles, they are especially enlightening!

There aren’t enough good open source security related software so new ones are always welcome.

On the heels of Snort and Prelude, we know have OSSEC.

Here are the version 0.8 release notes:

OSSEC HIDS is an Open Source Host-based Intrusion
Detection System. It performs log analysis, integrity
checking, rootkit detection, time-based alerting and
active response.
It runs on most operating systems, including Linux,
OpenBSD, FreeBSD, Solaris and Windows.

This is the first version offering native support for
Windows (XP/2000/2003). It includes as well a new set
of log analysis rules for sendmail, web logs (Apache
and IIS), IDSs and Windows authentication events.

The correlation rules for squid, mail logs, firewall
events and authentication systems have been improved,
now detecting scans, worms and internal attacks.
The active-responses were also refined, with support
to IPFW (FreeBSD) added.

See here for the OSSEC homepage.