- Knocker is a TCP security port scanner written in C, using threads. It can analyze hosts and the network services which are running on them. Both a console version and a GTK+ version are available.
- Kontalk is a free software, secure and distributed instant messaging driven by the community. Kontalk protocol is based on XMPP with end-to-end encryption in both server-to-server and server-to-client. Kontalks is basically for phone, but it's also available for desktop now (GNU/Linux, Windows, and macOS).
- Legibly Password Generator
- generates 30 thirteen characters long passwords // used character groups: A-Z, a-z, 0-9, special: #+,.-;:_= // but without hardly distinguishable ones like l, 1, O, 0 // the output of each password is split up after four characters for a better readability // the first six characters contain at least one character of each group of characters, because some systems do not store larger passwords // every password starts with letters, because some systems cannot handle digits or special signs at the start // in one single password is no character more than ones // the randomness is large enough, that the passwords are very unique
- libreCMC is an embedded GNU/Linux distro with the focus of providing a platform that is 100% free software and that does not contain non-free blobs. While libreCMC is currently a hard fork of the popular OpenWRT project, it uses a linux-libre kernel and does not contain non-free parts.
- The exploitation of buffer overflow and format string vulnerabilities in process stacks are a significant portion of security attacks. 'libsafe' is based on a middleware software layer that intercepts all function calls made to library functions known to be vulnerable. A substitute version of the corresponding function implements the original function in a way that ensures that any buffer overflows are contained within the current stack frame, which prevents attackers from overwriting the return address and hijacking the control flow of a running program. The true benefit of using libsafe is protection against future attacks on programs not yet known to be vulnerable. The performance overhead of libsafe is negligible, it does not require changes to the OS, it works with existing binary programs, and it does not need access to the source code of defective programs, or recompilation or off-line processing of binaries.
- Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
- Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval. This approach presents many problems, in particular in the modern mobile age, that result in many frustrations: * Vault availability: If your vault is not available, you cannot use any of your services. * Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity. * Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault. Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues: * Network sync: Keeping data secure in transit is non-trivial and adds security risks. * Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit. * Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom. * Defensive destruction: Reliability issues and again, risk total identity loss. Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues. Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes. Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.
- Mod security
- 'Mod_security' is an intrusion detection and prevention module for Apache Web servers. Its purpose is to protect vulnerable applications by detecting and (optionally) rejecting attacks. In addition to request filtering (using regex), it can create Web application audit logs. Unlike other similar projects, Mod_security can analyse POST payloads.
- MongooseIM is aimed at large, complex enterprise level projects where real-time communication is critical for business success. It provides high availability, ease of deployment, development and reliability in production. The MongooseIM platform includes server-side components and client libraries. It has also contributed to open source third party XMPP libraries: Smack for Android and XMPP framework for iOS. Built around proven technologies XMPP/Jabber, it adds a simple client/server REST API for front-end and back-end integration.
- Not-So-Bad Distribution is an automated Web-based distribution system designed for distributing free software on the internet, where users cannot trust the network and cannot entirely trust the software maintainers. NSBD authenticates packages with GNU Privacy Guard (GnuPG) or "Pretty Good(Tm) Privacy" (PGP(Tm)) digital signatures so users can be assured that packages have not been tampered with, and it limits the maintainer to only update selected files and directories on the user's computer. NSBD's focus is on security, leaving as much control as is practical in the users' hands. NSBD handles automated updates by supplying a means of checking for updates to packages and automatically downloading and installing the updates. This "automated pull" style of distribution has the same effect as the "push" style of distribution, but gives more control to the user. A direct "push" style is also supported, which is especially appropriate for situations where there are multiple contributors to a shared server (for example, a shared web-page server). NSBD can "pull" directly over http or by using rsync to minimize network usage.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.