+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 29th, 2001 Volume 2, Number 43n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Avoiding security holes when developing an application," "Secure Communications with OpenSSH," and "Intrusion Detection Systems for the Uninitiated." This week, advisories were released for gftp, diffutils, nvi, squid, util-linux, openssh, shadow/login, htdig, mod_auth_pgsql, and the Linux kernel. The vendors include Conectiva, Debian, Immunix, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-3918.html ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd90.html * Don't Risk your network installing an insecure OS * EnGarde was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. * http://www.engardelinux.org Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Avoiding security holes when developing an application - Part 5: race conditions October 24th, 2001 This fifth article of our series is dedicated to security problems related to multitasking. A race condition occurs when different processes use the same resource (file, device, memory) at the same time and each one "believes" it has exclusive access. http://www.linuxsecurity.com/articles/host_security_article-3904.html * Secure Communications with OpenSSH October 22nd, 2001 Computer networks are an inherently insecure medium. Unless you are assured that your packets will never pass through a router or computer which you do not have direct control over, your data is not safe. It may be viewed by an untrustworthy sysadmin or script kiddie, it may be tampered with en route, or it may be intercepted and replaced with entirely different data. http://www.linuxsecurity.com/articles/cryptography_article-3890.html +------------------------+ | Network Security News: | +------------------------+ * Intrusion Detection Systems for the Uninitiated, Part 2; Installing and Configuring Snort October 26th, 2001 Snort is a lightweight network-based intrusion detection system (called NIDS). NIDS is unlike 'portsentry', which is a host based IDS and capable of performing real-time traffic analysis and packet logging on IP networks. The reason Snort is called 'lightweight' NIDS, is because it's easy to use and install and is designed primarily for small networks. http://www.linuxsecurity.com/articles/intrusion_detection_article-3924.html * Survey finds security practices appalling October 24th, 2001 Despite the recent attacks of viruses, individuals are reluctant to review their security practices, according to a recent survey conducted by Central Command. The results however, were completely aligned to the general feeling among industry analysts that security is not seen as a priority among users. http://www.linuxsecurity.com/articles/general_article-3910.html * Introduction to Security Policies, Part Four: A Sample Policy October 24th, 2001 This is the fourth in a four-part overview of security policies. In the first article, we looked at what policies are and what they can achieve. The second article looked at the organizational support required to implement security policies successfully. The third installment discussed how to develop and structure a security policy. http://www.linuxsecurity.com/articles/documentation_article-3906.html +------------------------+ | Cryptography News: | +------------------------+ * Encryption technology is not an enemy of the state October 25th, 2001 The perennial target for government disapproval is encryption, and recent events in New York have added serious fuel to the already glowing embers of the argument. It is a touchy subject in light of the recent atrocities, which are being used as an excuse to push legislation through. http://www.linuxsecurity.com/articles/cryptography_article-3913.html * Master key encryption plan abandoned October 25th, 2001 As concern grows over the vulnerability of government and industry organizations, a familiar and controversial battle has been revisited on Capitol Hill: the question of whether government should have control of encrypted messages. http://www.linuxsecurity.com/articles/cryptography_article-3917.html * Prediction in chaos points to secure transmissions October 25th, 2001 A secure method for sending and receiving encrypted messages may follow the first demonstration of a technique that predicts chaotic fluctuations in laser light. Researchers from the University of Wales in Bangor have shown that by using two duplicate chaotic semiconducting laser systems, one to send an encrypted message and another to receive and decipher it, a state called anticipating synchronisation occurs. http://www.linuxsecurity.com/articles/general_article-3912.html +------------------------+ |Vendors/Tools/Products: | +------------------------+ * Now is the time for two-factor security October 26th, 2001 Whether you're a consumer, or a manager who shares the responsibility for protecting your company's digital assets and the privacy of your customers, it's time to get ready for two-factor security. In fact, it's time to start insisting on it http://www.linuxsecurity.com/articles/general_article-3919.html +------------------------+ | General News: | +------------------------+ * Cybernarks - Who's hunting the Hackers? October 27th, 2001 Steven Lynch was first introduced to the joys of hunting down hackers in MIT in 1989. While working in the University's IT department he came across Australia's very own Leftist and Urvile, as they took control of the institutions servers and used them to poke holes in systems on the other side of the world. Phoenix and Electron were eventually tracked down to a flat in Melbourne, but not before Lynch spent countless hours following their clandestine progress through unsuspecting networks. http://www.linuxsecurity.com/articles/server_security_article-3916.html * Keeping Security Issues in the Open October 26th, 2001 Microsoft's security manager is arguing, in effect, that security issues should be kept secret - and out of the flow of publicly available information. The manager of the security response center at Microsoft (Nasdaq: MSFT), Scott Culp, apparently wants to keep security issues in a box -- and out of the hands of those affected by them. http://www.linuxsecurity.com/articles/general_article-3920.html * Dave Dittrich Responds to WinXP Security Claim October 25th, 2001 Dave Dittrich, best known for his Honeynet and DDoS expertise, responds to claims made by Steve Gibson claiming that "raw sockets are the devil" in the latest OS by Microsoft. Dave writes, "Steve Gibson is *still* pushing "raw sockets are the devil?" Anyone (especially journalists) who are interested in this topic had best look into the details, not just take what Steve tells them." http://www.linuxsecurity.com/articles/intrusion_detection_article-3926.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 03:40:13 PST