[ISN] Linux Security Week - April 16th 2001

From: newsletter-adminsat_private
Date: Mon Apr 16 2001 - 04:03:00 PDT

  • Next message: Robert G. Ferrell: "Re: [ISN] Scriptkiddies, China and U.S."

    |  LinuxSecurity.com                         Weekly Newsletter        |
    |  April 16th 2001                           Volume 2, Number 15n     |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security
    newsletter. The purpose of this document is to provide our readers
    with a quick summary of each week's most relevant Linux security
    This week, a few of the most interesting articles include, "Make
    SSH do more," "Tools and Their Signatures, Part One: bind8x.c," and
    "Using Certificate Revocation Lists."  Also, today the i386 version
    of EnGarde Secure Linux will be available for download.  Please see
    engardelinux.org to download it.
    FEATURE STORY: Using GnuPG with Pine for Secure E-Mail
    Many people have no problems sending sensitive data via e-mail. Most
    of us do not know how easy it is for anybody to read it. Just because
    somebody holds the title of "Systems Administrator" does not mean
    they can be trusted. What is stopping them from reading your e-mail?
    Nothing. This is where PGP comes in; it is easy-to-use encryption
    meant for the common person.
    This week, advisories were released for xntp3, ntpd, vim, mailx,
    kernel, pine, netscape, and mc.  The vendors include Conectiva,
    Caldera, Debian, EnGarde, Immunix, Mandrake, NetBSD, Progeny, Red
    Hat, Slackware, SuSE, and Trustix.
    ### FREE Apache SSL Guide from Thawte ###
    Planning Web Server Security? Find out how to implement SSL! Get the
    free Thawte Apache SSL Guide and find the answers to all your Apache
    SSL security issues and more at:
    HTML Version available:
    | Host Security News: | <<-----[ Articles This Week ]-----------------+
    * Make SSH do more
    April 15th, 2001
    However, most people simply connect via  SSH, enter their passwords,
    and type  away. They don't realize that SSH has  advanced
    key-management features that  allow them to avoid having to retype
    their passwords; that its port-forwarding  options can secure other,
    normally insecure, packages; and that they can employ little tricks
    in SSH that would make their lives easier
    * Hacker Tools and Their Signatures, Part One: bind8x.c
    April 12th, 2001
    This article is the first in a series of papers detailing hacker
    exploits/tools and their signatures. This installment will examine
    the Berkley Internet Name Domain exploit bind8x.c. The discussion
    will cover the details of bind8x.c and provide signatures that will
    assist an IDS analyst in detecting it.
    * Feature: Using Certificate Revocation Lists
    April 9th, 2001
    One of the most common kinds of access control for secure web servers
    is Basic Authentication, in which a login and  password are required.
    Access controls can apply to part or all of a web site. The
    restricted area is called the  "authorization realm." Even though
    Basic Authentication is the most common kind of access control, it is
    not the most  secure.
    | Network Security News: |
    * Limiting your security to a firewall could be akin to opening
    Pandora's box
    April 15th, 2001
    The fundamental problem with security is that it's everyone's
    problem, which means  that no one is actually responsible. When
    people talk about security today, they tend to focus on the edge of
    the network, where they deploy firewalls and VPN software to  secure
    access to the network.
    * Anti-Virus with Sendmail and FreeBSD
    April 14th, 2001
    This is a very nice add on for ISPs or someone that wants to
    safeguard all email  coming into their system from viruses.  The
    following article will walk you through  installing and setting up
    several programs, to get this project done.
    | Cryptography News      |
    * Crypto-Gram April 2001
    April 15th, 2001
    The government finally did something right.    That seemed to be the
    common theme at the RSA Data Security Conference on Monday afternoon
    with  encryption experts praising the U.S. government's selection of
    an Advanced Encryption Standard, or AES.
    * Crypto experts: All hail AES
    April 10th, 2001
    The government finally did something right.    That seemed to be the
    common theme at the RSA Data Security Conference on Monday afternoon
    with  encryption experts praising the U.S. government's selection of
    an Advanced Encryption Standard, or AES.
    | Vendors/Products:      |
    * Security flaw found in Alcatel DSL modems
    April 11th, 2001
    Computer industry security experts believe they have discovered a
    vulnerability in certain high-speed modems manufactured by Alcatel,
    the French communications equipment giant.   Though only theoretical
    so far, the problem makes the devices potentially vulnerable to
    malicious hacker attacks.
    | General News:          |
    * Forensics 'DUST' For Cyberprints
    April 13th, 2001
    David Brown reports on advances in forensic science that can catch
    hackers by their behaviour   Experts in forensic computing believe
    that businesses can help to identify the "signature" techniques of
    hackers, by monitoring how they behave inside networks, and which
    tools they use, increasing the chances of prosecution.
    * Linux Security Module Interface Mailing List
    April 12th, 2001
    One of the byproducts of the Linux 2.5 Kernel Summit was the notion
    of an enhancement of the loadable kernel module interface to
    facilitate security-oriented kernel modules.
    * Security cracks require pre-emptive spackling
    April 12th, 2001
    When it comes to hardening your network against hackers, the best
    defense is to keep abreast of developing threats and apply patches
    with due diligence IT SEEMS YOU can't open a newspaper or listen
    to the news these days without learning that yet another company's
    network has been broken in to
    * Privacy activists plan assault on Eschelon, Carnivore
    April 12th, 2001
    Echelon, the international spy network allegedly set up to listen in
    on civilians' electronic  communications, will get some of its most
    public exposure to date this weekend, when a prominent U.S. civil
    rights group runs a full-page advertisement in the New York Times
    Magazine and the New  Yorker.
    * Computer Forensics
    April 9th, 2001
    "The ease of perpetrating a cybercrime, the relative anonymity
    afforded the offender, and the difficulty in pursuing and tracking
    down the offender, all contribute to the rise in the frequency of
    these types of crimes," say Dave Schultz and Jeff Lendino, both
    associate legal counsels for Ontrack Data International, Inc.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 02:58:48 PDT