+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 22nd, 2001 Volume 2, Number 42n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Good Security information is crucial," "An Overview of LIDS," and "Intrusion Detection Systems for the Uninitiated." Also this week, several interesting articles were written on privacy and encryption. This week, advisories were released for w3m, xvt, procmail, zope, openssh, openssl, until-linux, htdig, kernel, apache, and xinetd. The vendors include Caldera, Conectiva, Debian, EnGarde, Immunix, Mandrake, Red Hat, and Trustix. http://www.linuxsecurity.com/articles/forums_article-3872.html ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd90.html * Don't Risk your network installing an insecure OS * EnGarde was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. * http://www.engardelinux.org Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Good security administration is crucial October 20th, 2001 Firms should revamp their security admin rather than just avoiding Microsoft products, warns expert. Firms are being advised to tighten up on security administration rather than switch from Microsoft software to open source operating systems, as fears over digital vulnerabilities mount. http://www.linuxsecurity.com/articles/server_security_article-3884.html * An Overview of LIDS October 18th, 2001 In traditional Unix models, the root user is all-powerful. Root is exempt from the rules and regulations of the filesystem, and has abilities that other users do not: putting interfaces into promiscuous mode, for example. Many folks realized that this uncontrolled access could be a bad thing. Should a vulnerability be found in a program that is run as root, it could cause boundless damage. http://www.linuxsecurity.com/articles/projects_article-3867.html +------------------------+ | Network Security News: | +------------------------+ * Firewalls not perfect but needed these days October 21st, 2001 With the numbers of hackers and viruses these days, everyone who has a computer that's connected to a network -- including the Internet -- should have a firewall or be running behind one. This is a Q&A sessions about firewalls with Patrick Marshall, a Technology columnists for The Seattle Times. http://www.linuxsecurity.com/articles/firewalls_article-3885.html * Firing up Firewalls October 20th, 2001 One of the first lines of defense against hackers is your firewall. The firewall acts as a filter, blocking unwanted packets from reaching your network. In most cases, a properly configured firewall will protect a network from viruses such as the Code Red worm, even if there are vulnerable machines residing inside the network. http://www.linuxsecurity.com/articles/firewalls_article-3880.html * Intrusion Detection Systems for the Uninitiated, Part 2; Installing and Configuring Snort October 17th, 2001 Shashank Pandey returns to Linux.com with part two of his popular series on IDS: Intrusion detection Systems for Linux. Quizzing PortSentry in his last article, in today's Pandey cast a sharp eye over working with snort. And remember in some primitive parts of the world you have to pay for information like this! http://www.linuxsecurity.com/articles/intrusion_detection_article-3860.html +------------------------+ | Cryptography News: | +------------------------+ * Encryption: How Prevalent Is It? October 15th, 2001 Many companies have reassessed their technology initiatives in the month since the tragic attacks on the United States. Some are focusing on security measures for IT systems while others are deepening efforts to secure facilities and intellectual property. http://www.linuxsecurity.com/articles/cryptography_article-3840.html +------------------------+ |Vendors/Tools/Products: | +------------------------+ * Openwall Kernel Security Patch Update October 21st, 2001 The Openwall kernel security patch is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the new features, some versions of the patch contain various security fixes. A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now available. http://www.linuxsecurity.com/articles/host_security_article-3889.html * A Sysadmin's Security Basics October 19th, 2001 System administrators are no longer alone in their concern for security. The increase in high-profile virus attacks, and a general sense of heightened security, means that executives are likely to have security on their mind. It may be easier than ever to enlist their support for securing our networks and systems, and they may be more likely to put up with some inconvenience for users if it means tighter security. http://www.linuxsecurity.com/articles/server_security_article-3876.html * Open source tool put on red alert October 15th, 2001 Hundreds of thousands of websites may be at risk after hackers discovered a vulnerability in a popular web server program. Users running PHP Nuke, a free open source tool for database-based websites, were put on red alert yesterday when it was discovered that hackers were exploiting a recently discovered flaw in the code to take control of servers. The glitch exists in all versions of PHP Nuke and allows unauthorised users to copy files to and from the web server and possibly gain control of the machine. There are over 22,000 users registered at the program's PHPNuke.org website but it is thought that there may be hundreds of thousands of sites running the vulnerable software. http://www.linuxsecurity.com/articles/projects_article-3844.html * Startup offers gains in multilayer security silicon October 15th, 2001 A security processor startup with a design team composed of engineers from Compaq Computer Corp.'s former Alpha operation has introduced a new encryption chip that it claims will shatter the current standards for high-end encryption. http://www.linuxsecurity.com/articles/vendors_products_article-3850.html +------------------------+ | General News: | +------------------------+ * Eric Raymond Responds to Disclosure Rhetoric October 21st, 2001 Cryptographers and security experts have known for years that peer review of open source code is the only reliable way to verify the effectiveness of encryption systems and other security software. So Microsoft's closed-source mode of development guarantees that customers will continue getting cracked and Microsoft will continue pointing the finger of blame everywhere except where it actually belongs. http://www.linuxsecurity.com/articles/forums_article-3887.html * IRS seeks more security funding October 18th, 2001 John Reece, the chief information officer at the Internal Revenue Service, said priorities have changed in the wake of the Sept. 11 terrorist attacks, and the tax agency is seeking more money for security. Like other agencies, Reece said the IRS has asked the Office of Management and Budget for increased funds immediately to help secure systems at the tax agency. http://www.linuxsecurity.com/articles/government_article-3869.html * Must privacy die too? October 16th, 2001 As an IT security professional Neil Barrett welcomes moves to record online activity, but as a private citizen he doubts that increased online surveillance is healthy So, the terrorists who hijacked the planes and caused heart- and commerce-stopping panic used email, encryption, steganography and the rest, did they? And because of this, the FBI and police forces are re-opening the painful debates about retention and release of Internet content and traffic data, the extensive interception of email, and the release of information on users. http://www.linuxsecurity.com/articles/privacy_article-3851.html * CERT/CC Statistics 1988-2001 October 16th, 2001 The CERT/CC statistics on incidents handled, vulnerabilities reported, security alerts and notes published, hotline calls handled, and email messages handled have been updated with information from the third quarter of 2001. http://www.linuxsecurity.com/articles/security_sources_article-3856.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 02:39:32 PDT