OpenSSH is a set of FREE computer programs providing encrypted communication sessions over a computer network using the ssh protocol. OpenSSH allows telnet, rlogin and FTP users to encrypt all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks.

OpenSSH server and client version 5.1 has just been released and available for download.

Some notable features are:

• Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) and ssh-keygen(1).
• sshd now support CIDR address/masklen matching.
• Added an extended test mode (-T) to sshd(8) to request that it write its effective configuration to stdout and exit.
• ssh(1) now prints the number of bytes transferred and the overall connection throughput for SSH protocol 2 sessions when in verbose mode.
• Added a MaxSessions option to sshd_config(5) to allow control of the number of multiplexed sessions supported over a single TCP connection.

See the complete list of features here

Fujitsu claims that their latest 2.5-inch HandyDrive, an external hard disk drive is the World’s highest capacity. This 220 grams, 500GB monster, with password lock tool security and the ability to save 35% of power in standby mode is  approximately £181.

The drive has a distinctive internal shock-endurance mechanism that helps reduce the effect of impact and lends increased data protection.

Fujitsu will also release 160GB, 250GB, 320GB and 400GB versions of their HandyDrive.

Debian has released bug fixes for lighttpd and gaim packages.

Gaim, a multi-protocol instant messaging client, was discovered to be vulnerable to several integer overflows in its MSN protocol handlers, allowing remote attackers to execute arbitrary code.

Lighttpd, a fast webserver with minimal memory footprint was discovered to have several local and remote vulnerabilities listed below:

1. lighttpd 1.4.18 and other versions before 1.5.0 do not properly calculate the size of a file descriptor array. This allows remote attackers to cause a denial of service by using large number of connections that will lead to a system crash.

2. connections.c in lighttpd before 1.4.16 might accept connections greater than the configured maximum. This allows remote attackers to cause a denial of service with a large number of connection attempts.

The updates fix the multiple Denial of Service (DOS)  issue in lighttpd and the execution of arbitrary code and buffer overflow problems in gaim.

Otto Moerbeek who works as an OpenBSD developer discovered and fixed a bug in OpenBSD that has been traced back to an AT&T version of Unix from 1975.

OpenBSD is a variant of the Berkeley Software Distribution (BSD), a widely used, open-source, Unix-like operating system. BSD’s variants include NetBSD, FreeBSD and OpenBSD which forms the basis of Apple’s Mac OS X Operating system. Moerbeek found the bug in yacc, a parser generator developed by Stephen C. Johnson at AT&T  that has been a standard part of Unix since the 1970s. He found the bug through the process of testing a new implementation of malloc, a general purpose memory allocator. A user informed him that compiling large C++ projects are sometimes failing on a Sparc64 hardware platform using the new malloc.

The new malloc was able to trigger the bug because its new features give it a better chance of catching buffer overflows, Moerbeek said. He noted that the bug is only triggered on Sparc64 systems.

“Funny thing is that I traced this back to Sixth Edition Unix, released in 1975,”  Moerbeek wrote  in a note describing the bug.

The latest bug, which affected the yacc parser generator, followed Marc Balmer’s discovery last May of a 25-year old flaw that exist in BSD variants and derivatives like Mac OS .

Edge Tech has unveiled its latest secure flash drive called the DiscGo Secure Guardian. The Guardian flash drive is a hardware encryption-secured flash drive with rugged, anodized-aluminum housing that can withstand extreme elements such as rough treatment, water, dirt, and sand. The drive has surpassed all US Government imposed rules and regulations about data encryption by using a 256-bit AES hardware encryption. The drive features dual-channel SLC flash memory, with a write speed of 16MB/s and a read speed of 25MB/s. The Guardian flash drive makes good use of complex passwords to make all the data stored inside it more secure. You cannot store any data outside of the drive’s encrypted section. The drive is designed to erase all the data stored on it after 8 failed passwords.

What makes the Sellgino Dragon Security biometric drive unique from the existing USB drives with built-in security features? Well, it has a biometric-enabled fingerprint sensor that detects the live skin layer while sensors found on other devices scan only the surface of the finger.

By detecting the live layer of the skin, the Dragon Security feature has a higher accuracy rate than others even  if you fail to wash your hands. The device is an XP and Vista plug and play and can store up to 10 fingerprints. The drive’s current capacity is capped at only 2GB.

Characteristic

• Access to “ Double Encryptions Access System Design “
• Strong Security System with “ Live Skin Detection Design “
• Sensitivity Ergonomics Swipe Sensor based on DES 128bits
• Available Life Waterproof as option
• Support to Nand Flash Memory from 128MB to 2GB
• Easy to register 10 fingers with useful GUI
• Firmware up-grade service
• No required driver installation

Specification

• USB Interface: USB 1.1 & 2.0 compatible
• OS: Windows 2000 / XP / 2003server / VISTAR
• Memory Capacity: 128MB/256MB/512MB/1GB/2GB
• Data Speed: 8MB/s (Read), 7MB/s (Write)
• Sensor Pixels: 192 x 16 True Point Pixels @ 500ppi
• Capturing & Swipe Speed: 160frame/sec & < 16cm/sec
• ESD Resistance: IEC 61000-4-2 Level 4 (+/- 15KV;air mode)
• Operating & Storage Temp.: 10℃∼+60℃ / -10℃∼+70℃
• Language: English, Korean, Japanese, Chinese and so on
• Power: USB Bus- Power (DC4.5V∼DC 5.5V)
• Material: Plastic ABS Alloy , Steel , Epoxy
• Dimension: (L)75 x (W)21 x (H)11 mm
• Weigh: Approxi. 13 grams