New – Cross-Account Access in the AWS Management Console | AWS Official Blog https://aws.amazon.com/blogs/aws/new-cross-account-access-in-the-aws-management-console/
Try AWS Key Management Service for more security in the cloud
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with other AWS services including Amazon EBS, Amazon S3, Amazon RDS, Amazon Redshift, Amazon Elastic Transcoder, and Amazon WorkMail. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
Looks like something we should be taking advantage of to manage or keys.
Adding 2 Factor Authentication to a Linux Laptop With Google Authenticator
Have you ever wondered how to provide additional security to your Linux desktop? Google Authenticator can help provide a two-step authentication process that requires both an authentication token and your password to log into your Linux desktop. This would require that an attacker know both your password and have your authentication device to successfully log in to your system.
A pluggable authentication module (PAM) is a way to integrate authentication methods into an API that enables different programs to be developed independent of the underlying OS authentication scheme. Linux provides a PAM system which we would take advantage of in this tutorial to integrate an additional check, along with user password, to grant access to the system.
How to Log in to Linux Desktop With Google Authenticator http://www.maketecheasier.com/login-linux-desktop-google-authenticator/
I think I’ll give 2 factor authentication a whirl on my laptop this weekend. What could possibly go wrong?
A look at the improved password features of PHP 5.5+
It’s of the utmost importance that PHP programmers safeguard account passwords by using the latest and most secure methods. To that end, PHP 5.5 added a new password-hashing library created by Anthony Ferrara (@ircmaxell). The library makes several functions available that you can use to handle one-way password encryption with current best-practice methods. Other features anticipate future security needs so that as computers and hackers get more advanced, you can stay a step ahead of the bad guys. This article gives you an in-depth introduction to the library’s functions and how to make the best use of them.
via PHP renewed: Password security in modern PHP.
This article takes a look at the improved password handling features of PHP 5.5+. Recommended read for anyone working with PHP apps.
Presentation: Attacking WordPress
Attacking WordPress http://www-personal.umich.edu/~markmont/awp/
Good presentation on the nuts and bolts of breaking into a WordPress site and taking control of the server. Uses only open source tools. A must read for anyone that needs to secure a web server.
“FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.” http://www.freeipa.org/page/Main_Page
Kali Linux is a security-focused operating system you can run off a CD or USB drive, anywhere. With its security toolkit you can crack Wi-Fi passwords, create fake networks, and test other vulnerabilities. Here’s how to use it to give your own a network a security checkup
How to Hack Your Own Network and Beef Up Its Security with Kali Linux
http://lifehacker.com/how-to-hack-your-own-network-and-beef-up-its-security-w-1649785071?utm_campaign=socialflow_lifehacker_facebook&utm_source=lifehacker_facebook&utm_medium=socialflow
Flaw in PHP XML Processing Hits Drupal, WordPress. Time To Patch ’em Up.
For the first time, the open-source Drupal and WordPress content management teams have coordinated joint security releases to fix a new vulnerability.
The flaw, first reported by security researcher Nir Goldshlager, is a potential denial-of-service (DoS) issue with PHP’s XML processing module. Drupal and WordPress use the same PHP module, which is why both content management systems are at risk from the same flaw. Drupal is particularly prominent because it is used on U.S. government sites, including WhiteHouse.gov, and WordPress is deployed on more than 60 million sites.
“This bug can be utilized without the aid of any plug-ins, and it functions smoothly on the default installation of WordPress and Drupal,” Goldshlager explained in an advisory (which is running on a WordPress site itself). “Only one machine needed to exploit this vulnerability.”
In an advisory on the drupal.org site, the vulnerability is rated as moderately critical. The Drupal advisory explains that the bug that Goldshlager found is within the PHP XML parser and could trigger CPU and memory exhaustion, in turn causing a DoS condition on the affected site.
via New Flaw Puts Millions of WordPress, Drupal Sites at Risk.
Patches are provided by Drupal 7.31, 6.33 and WordPress 3.9.2.
Paperless Office Is Closer As DocuSign Apps Come To Microsoft Office 365
“Today, Microsoft and DocuSign announced a long-term strategic partnership to make DocuSign’s industry-leading eSignature apps widely available from within Microsoft Office 365. DocuSign’s new solutions, which are built on the Office 365 platform, will include integration within Outlook, Word, SharePoint Online and SharePoint Server 2013”, says the Office team.
via Betanews: Paper is passé — DocuSign eSignature comes to Microsoft Office 365.
DocuSign’s eSignature apps have been available to Google Docs users for some time and the addition of Office 365 just increases the market penetration. As acceptance of digital signatures through trusted apps like DocuSign increases fulfilling the longtime dream of a paperless office becomes more likely.
New Version of KeePass Password Manager Reminds Us We Need Better Security
Dominik Reichl has released KeePass 2.25 for Windows. The open-source password management tool allows users to manage both offline and online passwords via a secure, encrypted container, and is also available in portable form.
Version 2.25 is a minor update, but introduces a new auto-type key sending engine that improves support for sending Unicode characters as well as sending keypresses into virtual machine and emulator windows.
via KeePass introduces new auto-key sending engine, improves entry attachment handling.
New update to the popular password manager. This is one of those utilities that everyone should consider using. And it’s open source. And it’s free. And it runs on Windows, Mac, and Linux. And there’s a portable version. And it works with virtual machines. And why aren’t you using it?
You can find all the details on the KeePass Password Safe website, the official website of KeePass.