[ISN] Linux Security Week - November 12 2001

From: InfoSec News (isnat_private)
Date: Mon Nov 12 2001 - 23:39:05 PST

  • Next message: InfoSec News: "[ISN] Security Clearance Requirements Spark IT Talent War"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  November 12th, 2001                         Volume 2, Number 45n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Fingerprinting
    Port 80 Attacks," "On the Security of PHP," "IPTables/NetFilter:  Linux's
    Next-Generation Stateful Packet Filter," and "Virtual Honeynets."
    This week, advisories were released for procmail, lpd, webalizer,
    sendmail, w3m, htdig, iptables, and the Linux kernel.  The vendors include
    Caldera, Conectiva, EnGarde, Red Hat, and SuSE.
    Guarantee transmitted data integrity, secure all communication sessions
    and more with SSL encryption from Thawte - a leading global certificate
    provider for the Open Source community. Learn more in our FREE
    GUIDE--click here to get it now:
       --> http://www.gothawte.com/rd89.html
    * Don't Risk your network installing an insecure OS *
    EnGarde was designed from the ground up as a secure solution, starting
    with the principle of least privilege, and carrying it through every
    aspect of its implementation.
    * http://www.engardelinux.org 
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Imp Webmail session hijacking vulnerability
    November 12th, 2001
    A search for one kind of problem led analysts at the CERT Coordination
    Center to find another. In August, the security organization had begun to
    contact vendors to get lpd codes from the makers of various printers in an
    attempt to create a clearer picture of vulnerabilities surrounding the
    software packages known as Internet Security Scanners, said Jason Rafail,
    a security analyst at CERT, which is based at Carnegie Mellon University
    in Pittsburgh.
    * LIDS FAQ v0.15
    November 11th, 2001
    Version 0.15 of the LIDS FAQ is now available. LIDS is an enhancement for
    the Linux kernel written by Xie Huagang and Philippe Biondi. It implements
    several security features that are not in the Linux kernel natively. Some
    of these include: mandatory access controls (MAC), a port scan detector,
    file protection (even from root), and process protection.
    * On the Security of PHP
    November 7th, 2001
    This article will provide you an overview of various security issues with
    PHP and offer advice on secure PHP programming practices.  PHP has
    achieved a stable and solid presence on the Web in the last several years,
    and its popularity as a server-side scripting language is only increasing.
    Its primary use is for providing dynamically generated interfaces between
    Web users and the host.
    * Fingerprinting Port 80 Attacks
    November 6th, 2001
    CGIsecurity.com recently wrote a paper on fingerprinting port80 attacks."
    These holes can allow an attacker to gain either administrative access to
    the website, or even the web server itself. This paper looks at some of
    the signatures that are used in these attacks, and what to look for in
    your logs.
    | Network Security News: |
    * Virtual Honeynets
    November 8th, 2001
    A honeynet is a very valuable tool for research, intelligence and
    education: by knowing the methods an intruder uses we can better detect
    break-ins in the future. Information gathered from honeynets casn be
    analysed to monitor attack trends. The information collected from a
    honeynet can also be used to educate people.
    * Security policies prove inadequate
    November 8th, 2001
    Firms are exposing themselves to security risks by failing to implement
    effective policies, say security experts.  A study of 100 British IT
    directors undertaken by IT services provider GAP indicates that even if
    firms have drawn up security policies, they were frequently inadequate.  
    According to the research, one in five firms expose themselves to the risk
    of virus infections, by not preventing the introduction of external files
    to their network.
    * IPTables/NetFilter - Linux's Next-Generation Stateful Packet Filter
    November 8th, 2001
    The IPTables/NetFilter application is considered to be the fourth
    generation of Linux packet filtering implementations. The first generation
    was Alan Cox's port of BSD UNIX's ipfw to Linux 1.1. Jos Vos and others
    extended this and added the ipfwadm user tool for manipulating the rules
    for filtering in the Linux 2.0 kernel. Paul "Rusty"  Russell and Michael
    Neuling made some significant modifications to the 2.2 Linux kernel, and
    Russell added the user tool ipchains for controlling filtering rules for
    this kernel.
    * Centralise security for success
    November 7th, 2001
    As we take security more seriously, as we put more obstacles between the
    outside world and the inner secrets of our PCs, we're complicating our
    lives -- in both good ways and bad. On the plus side, we are more securely
    guarding our private data. On the other hand, as we increase the number of
    permissions and passwords, we create a bigger job for corporate IT
    | Cryptography News:     |
    * Analysis of SSH crc32 compensation attack detector exploit
    November 11th, 2001
    DoS attackers are relying more on automated tools, which lower the level
    of technical knowledge necessary to launch a successful attack.  Experts
    are warning that crippling denial of service (DoS) attacks have become
    easier to launch, with automated tools and newer methods that tie up more
    computer and Internet resources than ever.
    |  Vendors/Products:     |
     * Outsource your security
    November 6th, 2001
    Alonzo Ellis and I were having lunch in a sunny bistro just outside of
    Washington, DC. Not far away, the blackened scar on the side of the
    Pentagon bore witness to the day that changed everything. "If they didn't
    know about security in the past, they certainly know about it now," Ellis
    said. Ellis, CTO of Imperito Networks, had been talking about
    communications security.
    * New Linux tool boosts security
    November 6th, 2001
    A small Australian company has released a Linux-based security tool it
    hopes will help speed corporate acceptance of the open-source operating
    system.  InterSect Alliance has developed the first security auditing
    system for Linux, beating much larger organizations to the punch. Its new
    tool, SNARE (System Intrusion Analysis and Reporting Environment), is the
    first intrusion detection system to reside on individual computers rather
    than a network, according to Leigh Purdie, principal security consultant
    for InterSect.
    |  General News:         |
    * Linux security self-censorship ominous
    November 8th, 2001
    October was a bad month for proponents of full disclosure. First,
    Microsoft's Scott Culp argued in an essay that security researchers
    shouldn't reveal the nature of security holes in software. Then Culp may
    have found an unexpected ally in his war against full disclosure: Linux's
    second-in-command, Alan Cox.
    * Security issue will be fixed - experts
    November 8th, 2001
    Throughout the dot-com boom to bust, security and privacy issues have
    continued to be underestimated in terms of importance to e-business.
    Australian experts warn this may cause more failures, while simultaneously
    claiming these issues "will be fixed".
    * Basic Security Checklist for Home and Office Users
    November 6th, 2001
    This article will offer readers a simple basic security checklist that
    will enable users and managers to increase the security level in their
    organization without any additional financial investment. It is axiomatic
    in computer security that the weakest link in the security chain is user
    error. Since the measures listed below are aimed at promoting secure user
    behavior, they are extremely effective in lowering the risk of a security
    * OpenBSD: The most secure OS around
    November 5th, 2001
    Unlike other operating systems, with the exception of close relative
    NetBSD, the open source OpenBSD was built from the ground up to be secure.
    How do they do it? In no small part, it's by constantly auditing the
    operating system's code for potential security problems.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 02:25:15 PST