[ISN] Linux Security Week - September 17th 2001

From: InfoSec News (isnat_private)
Date: Tue Sep 18 2001 - 01:04:46 PDT

  • Next message: InfoSec News: "[ISN] OPEN LETTER: Tragedy followed by travesty."

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  September 17th, 2001                        Volume 2, Number 37n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting security articles include "Public
    Key Infrastructure Overview," "GPG: the Best Free Crypto You Aren't
    Using," and "Information Warfare: How to Survive Cyber Attacks."  As you
    might expect, many cryptography articles were released in response to the
    tragedy.  If you are interested in the crypto debate, I invite you read
    what is available.
    ## It has been a tragic week.  Our own Dave Wreski writes, "Today's events
    mark more than a display of courage by Americans, an effort to exact
    retribution on those who committed this senseless act, and how this
    country will be changed as a result. It directly impacts us all on an
    international scale as individual architects of the global Internet."
      Special: International Security, Privacy and Solidarity 
    This week, advisories were released for fetchmail, sendmail, xinetd,
    bugzilla, apache-contrib, uucp, and xloadimage.  The vendors include
    Caldera, Conectiva, Red Hat, and SuSE.
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * UnderLinux Interviews Elias Levy
    September 12th, 2001
    Josue writes, "The underlinux brazilian site has an interesting interview
    with one of the most important security experts in the world. Aleph1 the
    bugtraq moderator answer some questions about de present and the future of
    computers security.
    * GPG: the Best Free Crypto You Aren't Using, Part I of II
    September 11th, 2001
    Ten years after Phil Zimmermann released PGP v.1.0 (Pretty Good Privacy),
    PGP has evolved from an underground tool for paranoiacs to the gold
    standard, even an internet standard, for e-mail encryption. GnuPG, the GNU
    Privacy Guard, is a 100% free alternative to commercial PGP and is
    included in most Linux distributions.
    | Network Security News: |
    * SSL toolkit flaw poses risk
    September 14th, 2001
    A vulnerability has been discovered in versions of software development
    toolkits from RSA Security, which could allow an attacker to bypass SSL
    client authentication.  In a security notice on the issue, RSA said the
    vulnerability meant that hackers "might potentially gain access to data
    intended only for authorised users".
    * Automatic patching: Will it make the world safe from worms?
    September 13th, 2001
    Worms and viruses often target specific vulnerabilities in common
    software. But what if the terms were reversed? Rather than attacking the
    vulnerability of software for malicious purposes, what if the worm or
    virus actually attempted to secure the software by applying a patch? Like
    it or not, it is already happening.
    * Information Warfare: How to Survive Cyber Attacks
    September 11th, 2001
    As an information security professional, I take an extreme interest in
    information warfare, as it is closely connected to the infosec field.
    Thus, I was excited to read Information Warfare: How to Survive Cyber
    Attacks, and see what it offered from the information security point of
    * Public Key Infrastructure Overview
    September 11th, 2001
    Public key cryptography supports security mechanisms such as
    confidentiality, integrity, authentication, and non-repudiation. However,
    to successfully implement these security mechanisms, you must carefully
    plan an infrastructure to manage them. A public key infrastructure (PKI)
    is a foundation on which other applications, system, and network security
    components are built.
    * Stealth encoding bypasses IDS protection
    September 10th, 2001
    Cisco's Intrusion Detection System (IDS)is not the only technology that
    fails to protect ISS Web servers against stealth unicode attacks.  An
    advisory by eEye Digital Security, reports that network and server sensors
    from ISS, Dragon Sensor 4.x, Snort (prior to version 1.8.1) and components
    of Cisco Secure IDS are affected by the issue. Symantec and Network
    Associates have stated that their products are not vulnerable.
    | Cryptography News:     |
    * Senator calls for encryption crackdown
    September 15th, 2001
    The horror of Tuesday's coordinated attacks on the commercial and military
    centers of America has prompted the U.S. Congress to call for a global ban
    on "uncrackable" encryption products.
    * Crypto-Gram September 15
    September 15th, 2001
    In this month's crypto-gram, Bruce Schneier talks about the events of
    September 11, and how it may affect our liberties, the NSA's Dual Counter
    Mode, and general news. "Unfortunately, the quickest and easy way to
    satisfy those demands is by decreasing liberties.
    * NSA begins crypto upgrade
    September 10th, 2001
    The National Security Agency is beginning a 15-year, multibillion-dollar
    effort to modernize the nation's cryptographic systems, which are rapidly
    growing obsolete and vulnerable.  Cryptographic systems encode messages
    and include such tools as secure telephones, tactical radios and smart
    | Vendors/Products:      |
    * Biometrics: Just in a James Bond Flick? Not Anymore!
    September 12th, 2001
    The word 'Biometry' basically comprises of two words : bio + metry. The
    word 'bio' refers to life or a living being and the word 'metry' refers to
    'measurement'. So 'Biometric' can be summed up as: the science of
    measurement of physical attributes(unique) to a living being (for
    authentication /authorization.)
    * PGP bolsters security package
    September 10th, 2001
    PGP Security will unveil this week at NetWorld+Interop 2001 in Atlanta an
    easier-to-use version of its CyberCop network vulnerability-assessment
    tool that will help customers more quickly find and fix security
    weaknesses in PCs, servers, switches and firewalls.
    | General Security News: |
    * This is how we know Echelon exists
    September 14th, 2001
    The European Parliament published its report into the Echelon spying
    system last week in which it concluded it did exist, was against the law
    and that the UK had a lot of explaining to do.
    * Hackers Discuss Retaliatory Cyberstrikes
    September 13th, 2001
    Although the U.S. government has yet to publicly identify suspects in
    Tuesday's terrorist attacks on America, some hackers are already plotting
    counterstrikes against Islamic Web sites, according to postings in
    Internet newsgroups.  So far, the impact of the planned retaliatory
    hacking has been limited.
    * Report: Echelon engaged months in advance of attack
    September 13th, 2001
    The U.S. National Security Agency engaged the so-called Echelon
    communications monitoring network, following on warnings of possible
    terrorist attacks, as long as three months ago, the Frankfurter Allgemeine
    Zeitung newspaper reported.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 03:08:21 PDT