[ISN] Linux Security Week - July 9th 2001

From: InfoSec News (isnat_private)
Date: Mon Jul 09 2001 - 01:00:57 PDT

  • Next message: InfoSec News: "[ISN] Security Not Vital To Online Financial Services Users"

    Forwarded by: newsletter-adminsat_private
    |  LinuxSecurity.com                         Weekly Newsletter        |
    |  July 9th 2001                            Volume 2, Number 27n      |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, the most interesting articles include "How to stay in front of
    VPN management," "Encrypted Tunnels using SSH and MindTerm HOWTO," and
    "Kerberos: Computer Security's Hellhound."  If you are not already a
    member of our linux security discussion list, I encourage you to
    participate.  Send an email with "subscribe" in the subject to:
    This week, advisories were released for samba, xinetd, zope, scotty, and
    webmin.  The vendors include Caldera, EnGarde, Immunix, Mandrake, and
    We have released a FAQ for the EnGarde server platform.  It outlines the
    most common issues LIDS, the WebTool, FTP, MySQL and general usage.  The
    FAQ can be accessed at:
    HTML Version available:
    | Host Security News: | <<-----[ Articles This Week ]-----------------+
    * A Study In Scarlet - Exploiting Common Vulnerabilities in PHP
    July 6th, 2001
    This paper is based on my speech during the Blackhat briefings in
    Singapore and Hong Kong in April 2001. The speech was entitled "Breaking
    In Through the Front Door - The impact of Web Applications and Application
    Service Provision on Traditional Security Models". It initially discussed
    the trend towards Web Applications (and ASP) and the holes in traditional
    security methodology exposed by this trend.
    * Your Network's Secret Life
    July 5th, 2001
    You may already be quite familiar with a tool in your system called top
    that we discussed on this very corner back in our Tweaking Tux series.
    What top does is provide a graphical (ncurses-based) interface to your
    system's performance, load average, CPU usage and so on. You can fire up
    top from the command line with top.
    | Network Security News: |
    * How to stay in front of VPN management
    July 8th, 2001
    As companies build larger and larger VPNs, they are faced with a chore
    that grows with the networks: effective management. It's an important
    issue to pay attention to because a good VPN management platform is not
    just a matter of convenience it can also save companies money.
    * Intrusion Detection Systems Terminology, Part One: A - H
    July 5th, 2001
    Intrusion Detection Systems (IDS) are still very much in their infancy,
    but in terms of development they are growing at an extraordinary rate. The
    terminology associated with IDS is also growing at rapidly. This article
    is intended to introduce readers to some IDS terminology, some of it basic
    and relatively common, some of it somewhat more obscure.
    * How to stop a service denial attack before it stops you
    July 4th, 2001
    It's not easy to defend a federal Web server against distributed service
    denial attacks, but it?s not impossible either.  For years now, the
    government has been under the gun in an undeclared cyberwar with hackers
    around the globe. The simplest and so far the most common attack is denial
    of service, which keeps a server so busy with fake data traffic that it
    can't do its real job.
    | Cryptography News:     |
    * Kerberos: Computer Security's Hellhound
    July 5th, 2001
    Kerberos is an authentication protocol that lets clients and servers
    reliably verify each other's identity before establishing a network
    connection.  Developed at MIT in the late 1980s, Kerberos takes its name
    from the three-headed hound in Greek mythology that guards the entrance to
    * Using a Cryptographic Hardware Token with Linux: the OpenSSL
    Project's New Engine
    July 3rd, 2001
    In this article, I discuss our experience of integrating a hardware
    cryptographic token under Linux, using another open-source project known
    as OpenSSL.  Public Key Infrastructure (PKI) is a critical technology in
    today's computer oriented world. Without it there would be no secure
    e-commerce transactions or secure connections.
    * Encrypted Tunnels using SSH and MindTerm HOWTO
    July 2nd, 2001
    First written as an article for LinuxSecurity.com, this document describes
    how to use SSH and the Java-based program MindTerm to create quick,
    secure, and reliable VPN-like tunnels over insecure networks.
    | General Security News: |
    * Cybercrime Skyrockets, Say Security Reports
    July 8th, 2001
    Cybercops say computer crime incidents more than doubled last year,
    creating a virtual crime wave across computer systems all over the world.  
    More than 21,000 incidents, up from nearly 10,000 in 1999, were reported
    in 2000 to Carnegie Mellon University's Software Engineering Institute,
    which tracks online criminal activity in the United States and helps
    victims. This year's first quarter saw more than 7000 reported incidents.
    * Open source the answer to dog-eat-dog security
    July 3rd, 2001
    So I believe, ultimately, for security to be real, it must be "open
    sourced". This concept involves distributing the instructions making up an
    application with the finished program itself. In this way, the processes
    underpinning an e-commerce transaction can be made transparent not just
    what is being done on your system but how it is being done open to
    inspection by all.
    * Kernel Security Extensions USENIX BOF Summary
    July 2nd, 2001
    Emily Ratliff posted a summary of the recent USENIX "Birds of a Feather"
    (BOF) discussion about the Linux Security Module effort.  This effort is
    trying to devise a set of Linux kernel hooks to support "plugging in" to
    Linux support for advanced security policies.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 01:37:39 PDT