+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 30th, 2001 Volume 2, Number 39n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Improving the security of open Unix platforms," "Focus on Operating Systems," and "Denying Denial of Service." Also this week, there are a few good articles in the General section regarding cyber-terrorism. This week, advisories were released for uucp, man, openssh, squid, and setserial. The vendors include Conectiva, Mandrake, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-3757.html Are you tired of rebuilding servers hit by NIMDA? EnGarde Secure Linux was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. * http://www.engardelinux.org Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Improving the security of open UNIX platforms September 27th, 2001 This article takes a look at a little shell application that uses an innovative approach to increasing open UNIX security. A step-by-step analysis of the code is provided. The author's areas of expertise are in Web programming and cutting-edge network security development. http://www.linuxsecurity.com/articles/server_security_article-3753.html * Focus on operating systems September 25th, 2001 Crackers are immediately going to concentrate on the most popular systems in order to affect the highest number of systems. As Linux becomes ever more popular, the attention it receives, as far as finding vulnerabilities is concerned, is going to be greatly increased. Linux was initially developed to create an operating system with the user at its heart. http://www.linuxsecurity.com/articles/host_security_article-3729.html +------------------------+ | Network Security News: | +------------------------+ * Denying Denial of Service September 28th, 2001 Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have been around for years, but with reports that 4,000 DoS attacks are launched each week, it's clear the problem isn't close to being resolved. In fact, in a recent poll of Information Security readers, 90 percent said they remained either "very concerned" or "somewhat concerned" about DoS or DDoS (see Reader Poll). http://www.linuxsecurity.com/articles/network_security_article-3756.html * Battle Brews Over Authentication September 27th, 2001 "Security and identity are facets of almost every big issue in the digital world today," said Esther Dyson, chairman of EDventure Holdings and former chairman of ICANN. "They touch it all: privacy, anonymity, integrity of data and safety assets, freedom of speech, legitimacy, trust and trust worthiness, branding, visibility of marketers and visibility to marketers. http://www.linuxsecurity.com/articles/forums_article-3749.html * Expert: Net security's a losing battle September 26th, 2001 The complexity of the Internet is increasing more rapidly than our ability to secure it, according to Internet security expert Bruce Schneier. At the opening of the annual Information Security Solutions Europe (ISSE) conference in London on Wednesday, Schneier, who is chief technology officer of Counterpane Internet Security, claimed that the problem of Internet security will never be resolved. http://www.linuxsecurity.com/articles/network_security_article-3743.html * You've just been hacked. Now what? Here's how to avoid resorting to panic mode. September 24th, 2001 The first reaction to a security breach is almost always denial. This must be a network glitch or a stupid joke. Once the severity of the situation sinks in, however, a variety of emotions ensue--anger at the perpetrator, betrayal by the security vendors that didn't prevent it from happening and finally, sheer panic. http://www.linuxsecurity.com/articles/general_article-3721.html +------------------------+ | Cryptography News: | +------------------------+ * International Cryptography Institute 2001 announced by ISSE Center September 27th, 2001 More than 20 students recently sat in a room on the 12th floor of a New York office building to learn how to hack into Linux systems. But it wasn't an underground session run by computer criminals; instead, these students hoped to learn how to protect their computer systems and E-commerce Web sites from attack. http://www.linuxsecurity.com/articles/organizations_events_article-3751.html * Godfather of encryption hits back September 26th, 2001 Godfather of encryption Phil Zimmerman has responded to attacks directed at him over the use of encryption software in the terrorist attacks on the US. Zimmerman, who created the Pretty Good Privacy (PGP) encryption software a decade ago, apparently came under fire from some members of the internet community after it emerged that the US Government is investigating whether PGP, or a similar technology, was used by the hijackers to co-ordinate the attacks securely. http://www.linuxsecurity.com/articles/cryptography_article-3742.html * Terrorists and steganography September 24th, 2001 Guess what? Osama Bin Ladin uses steganography. According to nameless "U.S. officials and experts" and "U.S. and foreign officials," terrorist groups are "hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other Web sites." http://www.linuxsecurity.com/articles/cryptography_article-3725.html +------------------------+ |Vendors/Tools/Products: | +------------------------+ * New release of the LSM-based SELinux prototype September 27th, 2001 The SELinux web site including the mail list archive has been updated. The site includes a new release of the LSM-based SELinux prototype. This release contains many bug fixes and improvements to both LSM and SELinux and is based on the lsm-2001_09_23 patch against kernel 2.4.10. The release includes new and reworked hooks to control additional operations. http://www.linuxsecurity.com/articles/vendors_products_article-3754.html +------------------------+ | General News: | +------------------------+ * Cyber Liberties Group Sound Alarm Over Anti-Terror Proposal September 28th, 2001 Civil liberties groups are concerned that the anti-terrorism bill proposed by the Bush Administration would lump small-time hackers in with murderous terrorists. The draft proposal from Attorney General John Ashcroft would expand law enforcement's freedom to catch and punish terrorists. http://www.linuxsecurity.com/articles/privacy_article-3759.html * In Response To Attacks ICANN Eyes Security Matters September 28th, 2001 This is one meeting I would love to be involved with. How exciting! "The body that manages the Internet's worldwide addressing system will meet in November as planned, but will shuffle its agenda to address Internet "security and stability" issues as they relate to the global dangers highlighted by the Sept. http://www.linuxsecurity.com/articles/security_sources_article-3755.html * EFF: Surveillance Legislation Continues to Threaten Privacy September 27th, 2001 The Electronic Frontier Foundation (EFF) urges continued activism against the "Anti-Terrorism Act" (ATA), proposed by the US Department of Justice, and related legislation (presently 3 bills), because many provisions of the bills would dramatically alter the civil liberties landscape through unnecessarily broad restrictions on free speech and privacy rights in the United States and abroad. Your urgent action is needed TODAY. http://www.linuxsecurity.com/articles/privacy_article-3746.html * Cyberterrorists: our invisible enemies September 24th, 2001 As Attorney General John Ashcroft fielded reporters' questions last Tuesday about the attack on the World Trade Center and the Pentagon, one journalist asked if a new computer worm, discovered only hours earlier, was in any way related to the terrorist strikes. It was not, Ashcroft assured the nation--or at least, there was as yet no evidence linking it to Osama bin Laden and his ilk. http://www.linuxsecurity.com/articles/government_article-3726.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 07:57:24 PDT