[ISN] Linux Security Week - August 27th 2001

From: InfoSec News (isnat_private)
Date: Tue Aug 28 2001 - 02:57:53 PDT

  • Next message: InfoSec News: "[ISN] Shakeout Threatens Managed Security Clients"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  August 27th, 2001                           Volume 2, Number 34n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
     
    Thank you for reading the LinuxSecurity.com weekly security
    newsletter. The purpose of this document is to provide our readers
    with a quick summary of each week's most relevant Linux security
    headlines.
     
    This week, perhaps the most interesting articles include "DDoS effort
    ill-placed," "NIST Special: Intrusion Detection Systems," and
    "Researchers develop SSH cracker."  Also this week, good news for
    security vendors and professionals in "Internet Security Revenue To
    Exceed $14 Billion by 2005," and "Every job requires commitment to
    network security."
    
    This week, advisories were released for fetchmail, groff, ucd-snmp,
    ipfw, sdb, gdm, telnetd, procfd, openssl prng, dump, sendmail, and tcp
    wrappers.  The vendors include Caldera, Conectiva, FreeBSD, Mandrake,
    NetBSD, Progeny, and SuSE.
    
    http://www.linuxsecurity.com/articles/forums_article-3562.html
    
    Maximize your security with EnGarde!  EnGarde was designed from the ground
    up as a secure solution, starting with the principle of least privilege,
    and carrying it through every aspect of its implementation.
     
    http://www.engardelinux.org 
     
    EnGarde Quick Start Guide - This is a document that provides you with the
    information necessary to quickly begin using your EnGarde system.
     
    http://www.guardiandigital.com/docs/EnGardeManual/ESLQuick-1.0.1.pdf 
     
     
    HTML Version:
    http://www.linuxsecurity.com/vuln-newsletter.html
     
     
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
     
    * Unix, Linux Admins Urged To Upgrade Sendmail Security
    August 24th, 2001
    
    Security experts and vendors of Linux and other Unix-like operating
    systems are urging network administrators to replace some versions of
    popular e-mail server software known as Sendmail, because the most recent
    open-source versions can provide a doorway for local hackers.
    
    http://www.linuxsecurity.com/articles/server_security_article-3561.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * DDoS effort ill-placed
    August 23rd, 2001
    
    It's no secret that the Distributed Denial of Service (DDoS) attack is the
    biggest security threat to commercial networks since the advent of the
    virus. In fact, hackers are now using viruses as the data delivered by
    zombies, further complicating DDoS attacks.
    
    http://www.linuxsecurity.com/articles/network_security_article-3554.html
    
    
    * Using SSH
    August 21st, 2001
    
    SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols
    which handle sensitive information in an unsecure manner. Telnet
    broadcasts sensitive information such as usernames and passwords
    unencrpyted whereas SSH encrypts them, so that a malicious user trying to
    retrieve them with a, i.e. some sniffer could have no use for them as
    such.
    
    http://www.linuxsecurity.com/articles/host_security_article-3534.html
    
    
    * NIST Special: Intrusion Detection Systems
    August 20th, 2001
    
    This document translated from PDF by Cryptome provides a great overview of
    Intrusion Detection Systems. Intrusion detection is the process of
    monitoring the events occurring in a computer system or network and
    analyzing them for signs of intrusions, defined as attempts to compromise
    the confidentiality, integrity, availability, or to bypass the security
    mechanisms of a computer or network.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-3530.html
    
    
    
    
    +------------------------+
    | Cryptography News:     |
    +------------------------+
     
    * Carnivore to add wireless to its menu?
    August 24th, 2001
    
    Federal law enforcement officials may use a controversial surveillance
    technology to monitor e-mail and other text messages delivered through
    wireless devices, such as cell phones--a fact that has one
    telecommunications group concerned.
    
    http://www.linuxsecurity.com/articles/privacy_article-3564.html
    
    
    * Tool dumbs down wireless hacking
    August 22nd, 2001
    
    A hacking tool which can recover the encryption keys used to "protect"
    data sent over wireless networks has been released on the Internet.  
    AirSnort is one of the first tools that automates the process of breaking
    in wireless networks and takes advantages of flaws in the Wired Equivalent
    Protocol (WEP) which were highlighted by a group of cryptographers a
    couple of weeks ago.
    
    http://www.linuxsecurity.com/articles/cryptography_article-3542.html
    
    
    * Researchers develop SSH cracker
    August 22nd, 2001
    
    Researchers at the University of California at Berkeley have discovered
    more vulnerabilities in Secure Shell (SSH) which allow an attacker to
    learn significant information about what data is being transferred in SSH
    sessions, including passwords.  SSH was designed as a secure channel
    between two machines, based on strong encryption and authentication. But
    by observing the rhythm of keystrokes, and using advanced statistical
    techniques on timing information collected, attackers can pick up
    significant details.
    
    http://www.linuxsecurity.com/articles/cryptography_article-3547.html
    
    
    
    
    
    +------------------------+
    | Vendors/Tools          |
    +------------------------+
    
    * Internet Security Revenue To Exceed $14 Billion by 2005
    August 23rd, 2001
    
    The worldwide market for Internet security experienced significant growth
    this past year.  According to IDC, all security software markets -
    firewalls, encryption software, security authentication, authorization,
    and administration (3A), and antivirus software - grew 25% or more in
    2000, with the firewalls segment growing the most at 42%.
    
    http://www.linuxsecurity.com/articles/general_article-3552.html
    
    
    * Every job requires commitment to network security
    August 20th, 2001
    
    It is not enough to realize how many attacks occur, or the types of
    attacks that are happening. We must develop a defensive mindset that will
    create an on-going sense of urgency about protecting data and systems.  
    We all have responsibility for information security, regardless of whether
    we work in information technology.
    
    http://www.linuxsecurity.com/articles/network_security_article-3533.html
    
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
     
    * Getting started in computer forensics
    August 24th, 2001
    
    Many private companies are turning to the military and law enforcement
    agencies to find computer forensics and security professionals. Some
    officers are leaving their posts for jobs in the corporate world,
    sometimes doubling or even tripling their salaries.
      
    http://www.linuxsecurity.com/articles/intrusion_detection_article-3560.html
    
    
    * Kevin Mitnick Interview Transcript, Part 1
    August 24th, 2001
    
    On the August 20 show of 'The Screen Savers,' Leo Laporte interviewed
    ex-hacker Kevin Mitnick. They discussed the good and bad aspects of
    hacking, the peculiar nature of Mitnick's trial and sentence, the current
    nature of hacking, and much more. Watch the video clips of the entire
    interview and read the transcript of the first half.
    
    http://www.linuxsecurity.com/articles/forums_article-3559.html
    
    
    * Is prosecuting hackers worth the bother?
    August 22nd, 2001
    
    When you've been hacked, it's wise to evaluate the damage done before
    calling in the Feds, San Diego Supercomputer Center Security Manager Tom
    Perrine explained during the tenth annual USENIX Security Symposium in
    Washington last week, during a talk entitled "Cops are from Mars,
    Sysadmins are from Pluto: Dealing with Law Enforcement."
    
    
    http://www.linuxsecurity.com/articles/hackscracks_article-3541.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 05:08:10 PDT