+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 27th, 2001 Volume 2, Number 34n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "DDoS effort ill-placed," "NIST Special: Intrusion Detection Systems," and "Researchers develop SSH cracker." Also this week, good news for security vendors and professionals in "Internet Security Revenue To Exceed $14 Billion by 2005," and "Every job requires commitment to network security." This week, advisories were released for fetchmail, groff, ucd-snmp, ipfw, sdb, gdm, telnetd, procfd, openssl prng, dump, sendmail, and tcp wrappers. The vendors include Caldera, Conectiva, FreeBSD, Mandrake, NetBSD, Progeny, and SuSE. http://www.linuxsecurity.com/articles/forums_article-3562.html Maximize your security with EnGarde! EnGarde was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. http://www.engardelinux.org EnGarde Quick Start Guide - This is a document that provides you with the information necessary to quickly begin using your EnGarde system. http://www.guardiandigital.com/docs/EnGardeManual/ESLQuick-1.0.1.pdf HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Unix, Linux Admins Urged To Upgrade Sendmail Security August 24th, 2001 Security experts and vendors of Linux and other Unix-like operating systems are urging network administrators to replace some versions of popular e-mail server software known as Sendmail, because the most recent open-source versions can provide a doorway for local hackers. http://www.linuxsecurity.com/articles/server_security_article-3561.html +------------------------+ | Network Security News: | +------------------------+ * DDoS effort ill-placed August 23rd, 2001 It's no secret that the Distributed Denial of Service (DDoS) attack is the biggest security threat to commercial networks since the advent of the virus. In fact, hackers are now using viruses as the data delivered by zombies, further complicating DDoS attacks. http://www.linuxsecurity.com/articles/network_security_article-3554.html * Using SSH August 21st, 2001 SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols which handle sensitive information in an unsecure manner. Telnet broadcasts sensitive information such as usernames and passwords unencrpyted whereas SSH encrypts them, so that a malicious user trying to retrieve them with a, i.e. some sniffer could have no use for them as such. http://www.linuxsecurity.com/articles/host_security_article-3534.html * NIST Special: Intrusion Detection Systems August 20th, 2001 This document translated from PDF by Cryptome provides a great overview of Intrusion Detection Systems. Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusions, defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network. http://www.linuxsecurity.com/articles/intrusion_detection_article-3530.html +------------------------+ | Cryptography News: | +------------------------+ * Carnivore to add wireless to its menu? August 24th, 2001 Federal law enforcement officials may use a controversial surveillance technology to monitor e-mail and other text messages delivered through wireless devices, such as cell phones--a fact that has one telecommunications group concerned. http://www.linuxsecurity.com/articles/privacy_article-3564.html * Tool dumbs down wireless hacking August 22nd, 2001 A hacking tool which can recover the encryption keys used to "protect" data sent over wireless networks has been released on the Internet. AirSnort is one of the first tools that automates the process of breaking in wireless networks and takes advantages of flaws in the Wired Equivalent Protocol (WEP) which were highlighted by a group of cryptographers a couple of weeks ago. http://www.linuxsecurity.com/articles/cryptography_article-3542.html * Researchers develop SSH cracker August 22nd, 2001 Researchers at the University of California at Berkeley have discovered more vulnerabilities in Secure Shell (SSH) which allow an attacker to learn significant information about what data is being transferred in SSH sessions, including passwords. SSH was designed as a secure channel between two machines, based on strong encryption and authentication. But by observing the rhythm of keystrokes, and using advanced statistical techniques on timing information collected, attackers can pick up significant details. http://www.linuxsecurity.com/articles/cryptography_article-3547.html +------------------------+ | Vendors/Tools | +------------------------+ * Internet Security Revenue To Exceed $14 Billion by 2005 August 23rd, 2001 The worldwide market for Internet security experienced significant growth this past year. According to IDC, all security software markets - firewalls, encryption software, security authentication, authorization, and administration (3A), and antivirus software - grew 25% or more in 2000, with the firewalls segment growing the most at 42%. http://www.linuxsecurity.com/articles/general_article-3552.html * Every job requires commitment to network security August 20th, 2001 It is not enough to realize how many attacks occur, or the types of attacks that are happening. We must develop a defensive mindset that will create an on-going sense of urgency about protecting data and systems. We all have responsibility for information security, regardless of whether we work in information technology. http://www.linuxsecurity.com/articles/network_security_article-3533.html +------------------------+ | General Security News: | +------------------------+ * Getting started in computer forensics August 24th, 2001 Many private companies are turning to the military and law enforcement agencies to find computer forensics and security professionals. Some officers are leaving their posts for jobs in the corporate world, sometimes doubling or even tripling their salaries. http://www.linuxsecurity.com/articles/intrusion_detection_article-3560.html * Kevin Mitnick Interview Transcript, Part 1 August 24th, 2001 On the August 20 show of 'The Screen Savers,' Leo Laporte interviewed ex-hacker Kevin Mitnick. They discussed the good and bad aspects of hacking, the peculiar nature of Mitnick's trial and sentence, the current nature of hacking, and much more. Watch the video clips of the entire interview and read the transcript of the first half. http://www.linuxsecurity.com/articles/forums_article-3559.html * Is prosecuting hackers worth the bother? August 22nd, 2001 When you've been hacked, it's wise to evaluate the damage done before calling in the Feds, San Diego Supercomputer Center Security Manager Tom Perrine explained during the tenth annual USENIX Security Symposium in Washington last week, during a talk entitled "Cops are from Mars, Sysadmins are from Pluto: Dealing with Law Enforcement." http://www.linuxsecurity.com/articles/hackscracks_article-3541.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 05:08:10 PDT