There is a widely held belief that Linux is a completely secure operating system. But to Brad Spengler of the grsecurity project, the belief is far from accurate. And he has the kernel exploits to prove it.

Security company Qualys has released a new open source tool, 'BlindElephant', which can accurately fingerprint web applications down to version level in order to better manage the security issues which now plague such software. According to the company, the need for such a tool is pressing.

A manual about how to access the Internet in the future (satire).

The Tor Project and the Electronic Frontier Foundation have released HTTPS Everywhere, a Firefox extension that activates SSL/TSL encryption on sites that support the security setting, but don't feature it as a default when visiting because of partial support, unsecured trackback links or other issues. To alleviate this problem, HTTPS Everywhere writes all requests in HTTPS.

A newly published Mozilla developers' page characterizes Firefox 4 -- whose first public betas may be only a few weeks away -- as feature-laden.

"We regret to announce that our Google scraper may have to be permanently retired, thanks to a change at Google. It depends on whether Google is willing to restore the simple interface that we've been scraping since Scroogle started five years ago. Actually, we've been using that interface for scraping since Google-Watch.org began in 2002."

Ninja is a privilege escalation detection  and  prevention system for GNU/Linux hosts.

This guide explains how to set up mod_chroot with Apache2 on a Fedora 12 system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications.