[ISN] Linux Security Week - October 1st 2001

From: InfoSec News (isnat_private)
Date: Tue Oct 02 2001 - 02:27:27 PDT

  • Next message: InfoSec News: "[ISN] NIST Awards $5M to Boost Infrastructure Security"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  September 30th, 2001                        Volume 2, Number 39n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Improving the
    security of open Unix platforms," "Focus on Operating Systems," and
    "Denying Denial of Service."  Also this week, there are a few good
    articles in the General section regarding cyber-terrorism.
    This week, advisories were released for uucp, man, openssh, squid, and
    setserial. The vendors include Conectiva, Mandrake, and Red Hat.
     Are you tired of rebuilding servers hit by NIMDA? 
     EnGarde Secure Linux was designed from the ground up as a secure
     solution, starting with the principle of least privilege, and carrying it
     through every aspect of its implementation.
     * http://www.engardelinux.org 
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Improving the security of open UNIX platforms
    September 27th, 2001
    This article takes a look at a little shell application that uses an
    innovative approach to increasing open UNIX security. A step-by-step
    analysis of the code is provided. The author's areas of expertise are in
    Web programming and cutting-edge network security development.
    * Focus on operating systems
    September 25th, 2001
    Crackers are immediately going to concentrate on the most popular systems
    in order to affect the highest number of systems. As Linux becomes ever
    more popular, the attention it receives, as far as finding vulnerabilities
    is concerned, is going to be greatly increased.  Linux was initially
    developed to create an operating system with the user at its heart.
    | Network Security News: |
    * Denying Denial of Service
    September 28th, 2001
    Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
    have been around for years, but with reports that 4,000 DoS attacks are
    launched each week, it's clear the problem isn't close to being resolved.
    In fact, in a recent poll of Information Security readers, 90 percent said
    they remained either "very concerned" or "somewhat concerned" about DoS or
    DDoS (see Reader Poll).
    * Battle Brews Over Authentication
    September 27th, 2001
    "Security and identity are facets of almost every big issue in the digital
    world today," said Esther Dyson, chairman of EDventure Holdings and former
    chairman of ICANN. "They touch it all: privacy, anonymity, integrity of
    data and safety assets, freedom of speech, legitimacy, trust and trust
    worthiness, branding, visibility of marketers and visibility to marketers.
    * Expert: Net security's a losing battle
    September 26th, 2001
    The complexity of the Internet is increasing more rapidly than our ability
    to secure it, according to Internet security expert Bruce Schneier.  At
    the opening of the annual Information Security Solutions Europe (ISSE)
    conference in London on Wednesday, Schneier, who is chief technology
    officer of Counterpane Internet Security, claimed that the problem of
    Internet security will never be resolved.
    * You've just been hacked. Now what? Here's how to avoid resorting to
    panic mode.
    September 24th, 2001
    The first reaction to a security breach is almost always denial. This must
    be a network glitch or a stupid joke. Once the severity of the situation
    sinks in, however, a variety of emotions ensue--anger at the perpetrator,
    betrayal by the security vendors that didn't prevent it from happening and
    finally, sheer panic.
    | Cryptography News:     |
    * International Cryptography Institute 2001 announced by ISSE Center
    September 27th, 2001
    More than 20 students recently sat in a room on the 12th floor of a New
    York office building to learn how to hack into Linux systems. But it
    wasn't an underground session run by computer criminals; instead, these
    students hoped to learn how to protect their computer systems and
    E-commerce Web sites from attack.
    * Godfather of encryption hits back
    September 26th, 2001
    Godfather of encryption Phil Zimmerman has responded to attacks directed
    at him over the use of encryption software in the terrorist attacks on the
    US.  Zimmerman, who created the Pretty Good Privacy (PGP) encryption
    software a decade ago, apparently came under fire from some members of the
    internet community after it emerged that the US Government is
    investigating whether PGP, or a similar technology, was used by the
    hijackers to co-ordinate the attacks securely.
    * Terrorists and steganography
    September 24th, 2001
    Guess what? Osama Bin Ladin uses steganography. According to nameless
    "U.S. officials and experts" and "U.S. and foreign officials," terrorist
    groups are "hiding maps and photographs of terrorist targets and posting
    instructions for terrorist activities on sports chat rooms, pornographic
    bulletin boards and other Web sites."
    |Vendors/Tools/Products: |
    * New release of the LSM-based SELinux prototype
    September 27th, 2001
    The SELinux web site including the mail list archive has been updated. The
    site includes a new release of the LSM-based SELinux prototype. This
    release contains many bug fixes and improvements to both LSM and SELinux
    and is based on the lsm-2001_09_23 patch against kernel 2.4.10. The
    release includes new and reworked hooks to control additional operations.
    |  General News:         |
    * Cyber Liberties Group Sound Alarm Over Anti-Terror Proposal
    September 28th, 2001
    Civil liberties groups are concerned that the anti-terrorism bill proposed
    by the Bush Administration would lump small-time hackers in with murderous
    terrorists.  The draft proposal from Attorney General John Ashcroft would
    expand law enforcement's freedom to catch and punish terrorists.
    * In Response To Attacks ICANN Eyes Security Matters
    September 28th, 2001
    This is one meeting I would love to be involved with. How exciting! "The
    body that manages the Internet's worldwide addressing system will meet in
    November as planned, but will shuffle its agenda to address Internet
    "security and stability" issues as they relate to the global dangers
    highlighted by the Sept.
    * EFF: Surveillance Legislation Continues to Threaten Privacy
    September 27th, 2001
    The Electronic Frontier Foundation (EFF) urges continued activism against
    the "Anti-Terrorism Act" (ATA), proposed by the US Department of Justice,
    and related legislation (presently 3 bills), because many provisions of
    the bills would dramatically alter the civil liberties landscape through
    unnecessarily broad restrictions on free speech and privacy rights in the
    United States and abroad. Your urgent action is needed TODAY.
    * Cyberterrorists: our invisible enemies
    September 24th, 2001
    As Attorney General John Ashcroft fielded reporters' questions last
    Tuesday about the attack on the World Trade Center and the Pentagon, one
    journalist asked if a new computer worm, discovered only hours earlier,
    was in any way related to the terrorist strikes. It was not, Ashcroft
    assured the nation--or at least, there was as yet no evidence linking it
    to Osama bin Laden and his ilk.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 07:57:24 PDT