Slashdot Mirror

JohnnyDime writes "The Center for Internet Security (CIS) has released a security benchmark and auditing tool for FreeBSD versions 4.8 and later. This is a free download available from cisecurity.org. CIS is a non-profit, consensus driven organization that uses experts from the public, private, and academic sectors to develop security guidance for operating systems and applications."

JohnnyDime writes "The Center for Internet Security (CIS) has released a security benchmark and auditing tool for FreeBSD versions 4.8 and later. This is a free download available from cisecurity.org. CIS is a non-profit, consensus driven organization that uses experts from the public, private, and academic sectors to develop security guidance for operating systems and applications."

Aetius writes "The Center for Internet Security has released a set of security standards and tools for several operating systems. Here's the ZDNet story. I checked out the Linux standard and it is a pretty good coverage of the basics; about the only thing missing was a simple firewall treatment. I installed it on my wide-open desktop system (RH 7.3) and scored a 6.61 out of 10, which doesn't seem too bad. The scanner code isn't open source, but it's perl so you can at least look at it. You have to register to download it. If nothing else, the PDF of the standards is a good read. Enjoy."

joestump98 writes: "In an effort much like Ralph Nader's effort to increase safety standards for the car industry, The Center for Internet Security plans to pressure software vendors into shipping products with the 'highest security settings available, making them less vulnerable to viruses and hacking ...' Some of its members include Intel and Stanford. The best part is they will be releasing testing tools for all of the major operating systems, including Linux."

joestump98 writes: "In an effort much like Ralph Nader's effort to increase safety standards for the car industry, The Center for Internet Security plans to pressure software vendors into shipping products with the 'highest security settings available, making them less vulnerable to viruses and hacking ...' Some of its members include Intel and Stanford. The best part is they will be releasing testing tools for all of the major operating systems, including Linux."

Wanker writes "An Eastern European hacker group has spent the last year systematically exploiting known bugs in IIS to steal customer and credit card info. Read about it at the SANS security site." Says SANS, "The FBI and Secret Service are taking the unprecedented step of releasing detailed forensic information from ongoing investigations" of the IIS, MS SQL Server and Windows NT breakins. We don't normally post news about exploits, but the scale here is massive: more than a million credit cards have been taken in a blackmail-extortion operation that has been going on for a year. Speculation is welcome as to why NT sysadmins don't install service packs for known vulnerabilities... Update: 03/09 03:37 AM GMT by J : Microsoft says, Don't Be A Victim!.

If you are an NT admin or know someone who is, note especially:

"Within a day or two, the Center for Internet Security will release a small tool that you can use to check your systems for the vulnerabilities and also to look for files the FBI has found present on many compromised systems...

"The Center's tools are normally available only to members, but because of the importance of this problem, the Center agreed to make the new tool, built for the Center by Steve Gibson of Gibson Research) available to all who need it."