+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 17th, 2001 Volume 2, Number 37n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting security articles include "Public Key Infrastructure Overview," "GPG: the Best Free Crypto You Aren't Using," and "Information Warfare: How to Survive Cyber Attacks." As you might expect, many cryptography articles were released in response to the tragedy. If you are interested in the crypto debate, I invite you read what is available. ## It has been a tragic week. Our own Dave Wreski writes, "Today's events mark more than a display of courage by Americans, an effort to exact retribution on those who committed this senseless act, and how this country will be changed as a result. It directly impacts us all on an international scale as individual architects of the global Internet." Special: International Security, Privacy and Solidarity http://www.linuxsecurity.com/feature_stories/feature_story-92.html This week, advisories were released for fetchmail, sendmail, xinetd, bugzilla, apache-contrib, uucp, and xloadimage. The vendors include Caldera, Conectiva, Red Hat, and SuSE. http://www.linuxsecurity.com/articles/forums_article-3667.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * UnderLinux Interviews Elias Levy September 12th, 2001 Josue writes, "The underlinux brazilian site has an interesting interview with one of the most important security experts in the world. Aleph1 the bugtraq moderator answer some questions about de present and the future of computers security. http://www.linuxsecurity.com/articles/forums_article-3657.html * GPG: the Best Free Crypto You Aren't Using, Part I of II September 11th, 2001 Ten years after Phil Zimmermann released PGP v.1.0 (Pretty Good Privacy), PGP has evolved from an underground tool for paranoiacs to the gold standard, even an internet standard, for e-mail encryption. GnuPG, the GNU Privacy Guard, is a 100% free alternative to commercial PGP and is included in most Linux distributions. http://www.linuxsecurity.com/articles/cryptography_article-3649.html +------------------------+ | Network Security News: | +------------------------+ * SSL toolkit flaw poses risk September 14th, 2001 A vulnerability has been discovered in versions of software development toolkits from RSA Security, which could allow an attacker to bypass SSL client authentication. In a security notice on the issue, RSA said the vulnerability meant that hackers "might potentially gain access to data intended only for authorised users". http://www.linuxsecurity.com/articles/cryptography_article-3671.html * Automatic patching: Will it make the world safe from worms? September 13th, 2001 Worms and viruses often target specific vulnerabilities in common software. But what if the terms were reversed? Rather than attacking the vulnerability of software for malicious purposes, what if the worm or virus actually attempted to secure the software by applying a patch? Like it or not, it is already happening. http://www.linuxsecurity.com/articles/intrusion_detection_article-3643.html * Information Warfare: How to Survive Cyber Attacks September 11th, 2001 As an information security professional, I take an extreme interest in information warfare, as it is closely connected to the infosec field. Thus, I was excited to read Information Warfare: How to Survive Cyber Attacks, and see what it offered from the information security point of view. http://www.linuxsecurity.com/articles/documentation_article-3650.html * Public Key Infrastructure Overview September 11th, 2001 Public key cryptography supports security mechanisms such as confidentiality, integrity, authentication, and non-repudiation. However, to successfully implement these security mechanisms, you must carefully plan an infrastructure to manage them. A public key infrastructure (PKI) is a foundation on which other applications, system, and network security components are built. http://www.linuxsecurity.com/articles/cryptography_article-3651.html * Stealth encoding bypasses IDS protection September 10th, 2001 Cisco's Intrusion Detection System (IDS)is not the only technology that fails to protect ISS Web servers against stealth unicode attacks. An advisory by eEye Digital Security, reports that network and server sensors from ISS, Dragon Sensor 4.x, Snort (prior to version 1.8.1) and components of Cisco Secure IDS are affected by the issue. Symantec and Network Associates have stated that their products are not vulnerable. http://www.linuxsecurity.com/articles/network_security_article-3662.html +------------------------+ | Cryptography News: | +------------------------+ * Senator calls for encryption crackdown September 15th, 2001 The horror of Tuesday's coordinated attacks on the commercial and military centers of America has prompted the U.S. Congress to call for a global ban on "uncrackable" encryption products. http://www.linuxsecurity.com/articles/cryptography_article-3672.html * Crypto-Gram September 15 September 15th, 2001 In this month's crypto-gram, Bruce Schneier talks about the events of September 11, and how it may affect our liberties, the NSA's Dual Counter Mode, and general news. "Unfortunately, the quickest and easy way to satisfy those demands is by decreasing liberties. http://www.linuxsecurity.com/articles/cryptography_article-3673.html * NSA begins crypto upgrade September 10th, 2001 The National Security Agency is beginning a 15-year, multibillion-dollar effort to modernize the nation's cryptographic systems, which are rapidly growing obsolete and vulnerable. Cryptographic systems encode messages and include such tools as secure telephones, tactical radios and smart cards. http://www.linuxsecurity.com/articles/government_article-3640.html +------------------------+ | Vendors/Products: | +------------------------+ * Biometrics: Just in a James Bond Flick? Not Anymore! September 12th, 2001 The word 'Biometry' basically comprises of two words : bio + metry. The word 'bio' refers to life or a living being and the word 'metry' refers to 'measurement'. So 'Biometric' can be summed up as: the science of measurement of physical attributes(unique) to a living being (for authentication /authorization.) http://www.linuxsecurity.com/articles/projects_article-3656.html * PGP bolsters security package September 10th, 2001 PGP Security will unveil this week at NetWorld+Interop 2001 in Atlanta an easier-to-use version of its CyberCop network vulnerability-assessment tool that will help customers more quickly find and fix security weaknesses in PCs, servers, switches and firewalls. http://www.linuxsecurity.com/articles/cryptography_article-3641.html +------------------------+ | General Security News: | +------------------------+ * This is how we know Echelon exists September 14th, 2001 The European Parliament published its report into the Echelon spying system last week in which it concluded it did exist, was against the law and that the UK had a lot of explaining to do. http://www.linuxsecurity.com/articles/government_article-3669.html * Hackers Discuss Retaliatory Cyberstrikes September 13th, 2001 Although the U.S. government has yet to publicly identify suspects in Tuesday's terrorist attacks on America, some hackers are already plotting counterstrikes against Islamic Web sites, according to postings in Internet newsgroups. So far, the impact of the planned retaliatory hacking has been limited. http://www.linuxsecurity.com/articles/hackscracks_article-3666.html * Report: Echelon engaged months in advance of attack September 13th, 2001 The U.S. National Security Agency engaged the so-called Echelon communications monitoring network, following on warnings of possible terrorist attacks, as long as three months ago, the Frankfurter Allgemeine Zeitung newspaper reported. http://www.linuxsecurity.com/articles/privacy_article-3665.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 03:08:21 PDT