[ISN] Linux Security Week - July 30th, 2001

From: InfoSec News (isnat_private)
Date: Tue Jul 31 2001 - 00:34:51 PDT

  • Next message: InfoSec News: "[ISN] German Uber-Hacker Dies"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  July 30th, 2001                            Volume 2, Number 30n    |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, the most interesting articles include "Building a Secure User
    Environment with SSH ChRootGroups," "Understanding RSA/DSA
    authentication," and "OpenSSH key management, Part 1."  Also this week, a
    bill in the House is causing law officials "to be more forthright" and
    submit detailed reports on the usage of the Carnivore system. More
    information about this is available in the general section of this
    This week, advisories were released for sugid-exec, telnet, ssh, procmail,
    squid, sendmsg, xil, imp, elm, and phplib.  The vendors include Calera,
    Conectiva, FreeBSD, Mandrake, NetBSD, Red Hat, SuSE, Trustix
    ## EnGarde Secure Linux v1.0.1 ## EnGarde is a secure distribution of
    Linux engineered from the ground-up to provide organizations with the
    level of security required to create a corporate Web presence or even
    conduct e-business on the Web. It can be used as a Web, DNS, e-mail,
    database, e-commerce, and general Internet server where security is a
    primary concern.  
    --> Download: http://www.engardelinux.org/download.html 
    HTML Version:
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Incident Response -- Investigating Computer Crime
    July 26th, 2001
    "I particularly recommend the book for less advanced admins and those
    who don't have a lot of hands-on experience. If you've never been
    through an "incident," this is a very good book to have. If you've
    been through one or two, you might find a few things you've done
    wrong (or right) and some extra ways to prepare for the next time."
    * Installation of a Secure Web Server
    July 26th, 2001
    Web servers are the most exposed servers on the Internet. In order
    for clients/ target groups to be able to access the information
    provided, web servers must be accessible from any point on the
    Internet. In contrast to other public services like DNS and FTP, the
    Web is especially tempting for "Crackers": a succesful "hack" of a
    system can be visualized by changing the appearance of the home page
    to increase awareness of the hacker's presence. 
    * Building a Secure User Environment with SSH ChRootGroups
    July 23rd, 2001
    Chroot alters the effective root directory of a user or process to
    one specified by the root user. Thus far, chroot has not been widely
    used for creating secure user environments; the difficulties involved
    with creating a functional cage are an obstacle that still needs to
    be overcome. This article will provide an overview of SSH
    ChRootGroups feature; which provides a quick and easy way for
    administrators to lock users inside a chrooted cage. 
    | Network Security News: |
    * Commenting a firewall
    July 28th, 2001
    Hopefully, this article will help you understand the principle of
    building a  custom firewall. The firwall used for this article is
    pretty good, and you can  use it, since you can adjust it to your
    needs as it is well commented. It is  ideal for your home network.
    Just copy it, chmod it and off you go.
    * Know Your Enemy: Statistics
    July 25th, 2001
    Over the past several years, the Honeynet Project has been collecting
    and archiving information on blackhat activity. We have attempted, to
    the best of our ability, to log and capture every probe, attack, and
    exploit made against our Honeynet.
    * Network Sniffers
    July 25th, 2001
    Sniffers are tools, also known as network analyzers, used for
    monitoring network traffic. As such, if used by authorized personnel,
    can prove to be of a great value. But, on the other hand, sniffers
    represent significant threat to your network, and are very hard to
    | Cryptography News:     |
    * OpenSSH key management, Part 1
    July 26th, 2001
    In this series, you'll learn how RSA and DSA authentication work, and
    see how to set up passwordless authentication the right way. In the
    first article of the series, Daniel Robbins focuses on introducing
    the RSA and DSA authentication protocols and showing you how to get
    them working over the network. 
    * Understanding RSA/DSA authentication
    July 26th, 2001
    In this series, you'll learn how RSA and DSA authentication work, and
    see how to set up passwordless authentication the right way. In the
    first article of the series, Daniel Robbins  focuses on introducing
    the RSA and DSA authentication protocols and showing you how to  get
    them working over the network.
    | General Security News: |
     * Hacking Vegas at Black Hat and DEF CON: One Geek's Experience
    July 28th, 2001
    DEF CON, which began as a relatively small get-together for members
    of the IS underground, has grown in recent years to become the
    world's largest and most publicized annual gathering of the diverse
    groups that comprise Information Systems Security. 
    * IT managers still overestimate security
    July 27th, 2001
    Only two out of 50 firewalls at a leading Swiss bank were configured
    correctly -- just one  instance of security that is all that it
    should be.   Network security is being overestimated by IT managers
    because they are failing to manage protective  software properly,
    according to a security expert.
    * 'Jam Echelon Day' protest planned
    July 27th, 2001
    Internet activists are planning an international day of protest on
    Oct. 21 in an effort to  jam Echelon, the super-secret global
    surveillance system. But privacy experts warn the protest  is
    unlikely to succeed. Organizers of the cyber-event are encouraging
    the Internet  community to send as many e-mail messages as possible,
    containing  certain "trigger words" that the Echelon system is
    believed to pick up on.  
    * House pulls Carnivore into the light
    July 24th, 2001
    A bill requiring federal law-enforcement officials to be more
    forthright when answering questions  about electronic surveillance
    systems has passed the U.S. House.    The bill, which passed by a
    unanimous voice vote Monday afternoon, would require the attorney
    general and  the FBI director to submit a detailed report on the use
    of systems including Carnivore and its successor,  DCS1000.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 03:03:13 PDT