Hiawatha is a secure and advanced Web server for Unix. It has been written with security as its main goal. It features advanced access control, prevention of SQL injection and cross-site scripting, banning of clients who try such exploits, the ability to run CGIs under any UID/GID you want, and many other features. These features make Hiawatha an interesting Web server for those who need more security than what the other available Web servers are offering. Hiawatha is also fast and easy to configure.
php_mt_seed finds possible seeds given the very first PHP mt_rand() output after possible seeding with mt_srand(). With advanced invocation modes, php_mt_seed is also able to match multiple, non-first, and/or inexact mt_rand() outputs to possible seed values. php_mt_seed is written in C with optional SIMD intrinsics (SSE4.1/AVX, XOP, AVX2, MIC) and OpenMP. On a modern quad-core CPU, it is able to search the full 32-bit seed space in one minute (or in just seven seconds on Xeon Phi).
C-ICAP Classify is a module that allows classification (labeling) of Web pages, images, and soon video based on content. Labels are placed in HTTP headers. Any PIC-Label META tags are exported into HTTP headers. This allows for creation of very flexible filters according to rules defined by the user, using the ICAP enabled proxy's ACLs. It is not a URL filter, so implementing it with sslBump or similar proxy technologies makes it very difficult to bypass. Text classification is done using Fast Hyperspace (based on Hyperspace from CRM114) and/or a Fast Naive Bayes. Image and video (when implemented) use haar feature detection from the OpenCV library.
Bluelog is a Bluetooth site survey tool, designed to tell you how many discoverable devices there are in an area as quickly as possible. Bluelog differs from most Bluetooth scanners in that it prioritizes speed of reporting over anything else (i.e. it doesn't spend time trying to pull detailed data from a device) and doesn't require any user intervention to function. As the name implies, its primary function is to log discovered devices to file rather than to be used interactively. Bluelog could run on a system unattended for long periods of time to collect data. In addition to basic scanning, Bluelog also has a unique feature called "Bluelog Live", which puts results in a constantly updating Web page which you can serve with your HTTP daemon of choice.
MQ Authenticate User Security Exit (MQAUSX) is a solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It verifies the user's user ID and password (and possibly domain name) against the server's native OS system (or domain controller) or a remote LDAP server. The security exit will operate with WebSphere MQ v6.0, v7.0, v7.1, or v7.5 in Windows, iSeries (OS/400), Unix, and Linux environments. It works with Server Connection, Client Connection, Sender, Receiver, Server, Requestor, Cluster-Sender, and Cluster-Receiver channels of WebSphere MQ queue manager. The MQ Authenticate User Security Exit solution is comprised of 2 components: client-side security exit and server-side security exit.
MQ Standard Security Exit is a solution that allows a company to control and restrict who is accessing a WebSphere MQ resource. The security exit will operate with WebSphere MQ v6.0, v7.0, v7.1, or v7.5 in Windows, IBM i (OS/400), Unix, and Linux environments. It works with Server Connection, Receiver, Requestor, and Cluster-Receiver channels of WebSphere MQ queue manager. The MQ Standard Security Exit solution is comprised of a server-side security exit.
MQ Message Encryption (MQME) is a solution that provides encryption for WebSphere MQ message data while it resides in a queue and in the MQ logs. It uses AES and offers the ability to control who accesses protected queues. This control is obtained through the use of UserID grouping, and group files are similar to the Unix /etc/group file. It also has the ability to generate and validate messages using a SHA-2 digital signature.
skd is a tool for the simple distribution of SSH keys in a growing environment. It allow you to create hosts, group them, and link that group a group of users with keys to easily distribute all affected keys. skd generates a DSA or RSA keypair, which is saved to its database and used as the authentication source for skd itself. This keypair can (and should be) additionally be encrypted using a passphrase. This allows you to simply add a user with their key and press one button to grant (and revoke!) the user's access to all needed hosts.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.