Forwarded by: newsletter-adminsat_private +---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 9th 2001 Volume 2, Number 27n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, the most interesting articles include "How to stay in front of VPN management," "Encrypted Tunnels using SSH and MindTerm HOWTO," and "Kerberos: Computer Security's Hellhound." If you are not already a member of our linux security discussion list, I encourage you to participate. Send an email with "subscribe" in the subject to: security-discuss-requestat_private This week, advisories were released for samba, xinetd, zope, scotty, and webmin. The vendors include Caldera, EnGarde, Immunix, Mandrake, and SuSE. http://www.linuxsecurity.com/articles/forums_article-3291.html We have released a FAQ for the EnGarde server platform. It outlines the most common issues LIDS, the WebTool, FTP, MySQL and general usage. The FAQ can be accessed at: http://www.engardelinux.org/engardefaq.html HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * A Study In Scarlet - Exploiting Common Vulnerabilities in PHP Applications July 6th, 2001 This paper is based on my speech during the Blackhat briefings in Singapore and Hong Kong in April 2001. The speech was entitled "Breaking In Through the Front Door - The impact of Web Applications and Application Service Provision on Traditional Security Models". It initially discussed the trend towards Web Applications (and ASP) and the holes in traditional security methodology exposed by this trend. http://www.linuxsecurity.com/articles/documentation_article-3290.html * Your Network's Secret Life July 5th, 2001 You may already be quite familiar with a tool in your system called top that we discussed on this very corner back in our Tweaking Tux series. What top does is provide a graphical (ncurses-based) interface to your system's performance, load average, CPU usage and so on. You can fire up top from the command line with top. http://www.linuxsecurity.com/articles/network_security_article-3281.html +------------------------+ | Network Security News: | +------------------------+ * How to stay in front of VPN management July 8th, 2001 As companies build larger and larger VPNs, they are faced with a chore that grows with the networks: effective management. It's an important issue to pay attention to because a good VPN management platform is not just a matter of convenience it can also save companies money. http://www.linuxsecurity.com/articles/network_security_article-3295.html * Intrusion Detection Systems Terminology, Part One: A - H July 5th, 2001 Intrusion Detection Systems (IDS) are still very much in their infancy, but in terms of development they are growing at an extraordinary rate. The terminology associated with IDS is also growing at rapidly. This article is intended to introduce readers to some IDS terminology, some of it basic and relatively common, some of it somewhat more obscure. http://www.linuxsecurity.com/articles/intrusion_detection_article-3282.html * How to stop a service denial attack before it stops you July 4th, 2001 It's not easy to defend a federal Web server against distributed service denial attacks, but it?s not impossible either. For years now, the government has been under the gun in an undeclared cyberwar with hackers around the globe. The simplest and so far the most common attack is denial of service, which keeps a server so busy with fake data traffic that it can't do its real job. http://www.linuxsecurity.com/articles/intrusion_detection_article-3276.html +------------------------+ | Cryptography News: | +------------------------+ * Kerberos: Computer Security's Hellhound July 5th, 2001 Kerberos is an authentication protocol that lets clients and servers reliably verify each other's identity before establishing a network connection. Developed at MIT in the late 1980s, Kerberos takes its name from the three-headed hound in Greek mythology that guards the entrance to Hades. http://www.linuxsecurity.com/articles/network_security_article-3287.html * Using a Cryptographic Hardware Token with Linux: the OpenSSL Project's New Engine July 3rd, 2001 In this article, I discuss our experience of integrating a hardware cryptographic token under Linux, using another open-source project known as OpenSSL. Public Key Infrastructure (PKI) is a critical technology in today's computer oriented world. Without it there would be no secure e-commerce transactions or secure connections. http://www.linuxsecurity.com/articles/cryptography_article-3272.html * Encrypted Tunnels using SSH and MindTerm HOWTO July 2nd, 2001 First written as an article for LinuxSecurity.com, this document describes how to use SSH and the Java-based program MindTerm to create quick, secure, and reliable VPN-like tunnels over insecure networks. http://www.linuxsecurity.com/articles/documentation_article-3265.html +------------------------+ | General Security News: | +------------------------+ * Cybercrime Skyrockets, Say Security Reports July 8th, 2001 Cybercops say computer crime incidents more than doubled last year, creating a virtual crime wave across computer systems all over the world. More than 21,000 incidents, up from nearly 10,000 in 1999, were reported in 2000 to Carnegie Mellon University's Software Engineering Institute, which tracks online criminal activity in the United States and helps victims. This year's first quarter saw more than 7000 reported incidents. http://www.linuxsecurity.com/articles/hackscracks_article-3293.html * Open source the answer to dog-eat-dog security July 3rd, 2001 So I believe, ultimately, for security to be real, it must be "open sourced". This concept involves distributing the instructions making up an application with the finished program itself. In this way, the processes underpinning an e-commerce transaction can be made transparent not just what is being done on your system but how it is being done open to inspection by all. http://www.linuxsecurity.com/articles/forums_article-3269.html * Kernel Security Extensions USENIX BOF Summary July 2nd, 2001 Emily Ratliff posted a summary of the recent USENIX "Birds of a Feather" (BOF) discussion about the Linux Security Module effort. This effort is trying to devise a set of Linux kernel hooks to support "plugging in" to Linux support for advanced security policies. http://www.linuxsecurity.com/articles/server_security_article-3264.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 01:37:39 PDT