+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 3rd, 2001 Volume 2, Number 48n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Theo de Raadt Discusses OpenBSD and Security," "Telecommuting: Keeping Data Safe and Secure," and "Vulnerability Life Cycles." Also this week the "qmail Anti-Spam HOWTO" and "Securing Debian HOWTO" was released. * Why be vulnerable? Its your choice. Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! Be Secure with EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml This week, advisories were released for wu-ftp, imp, rpm, postfix, sasl, and sendmail. The vendors include Caldera, Conectiva, Immunix, Red Hat, Slackware and SuSE. http://www.linuxsecurity.com/articles/forums_article-4089.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * qmail Anti-Spam HOWTO December 1st, 2001 This document discusses anti-spam philosophies from a variety of perspectives and provides information about available options for dealing with spam. Spam is defined here as unsolicited commercial e-mail, usually sent in bulk. In other words, spam is simply electronic junk mail. Dealing with spam is, at best, a very difficult task. http://www.linuxsecurity.com/articles/documentation_article-4097.html * Securing Debian HOWTO November 29th, 2001 This document describes the process of securing and hardening the default Debian installation. It covers some of the common taks to setup a secure network environment using Debian GNU/Linux. This document just gives an overview of what you can do to increase the security of your Debian GNU/Linux system. http://www.linuxsecurity.com/articles/host_security_article-4086.html * Theo de Raadt Discusses OpenBSD and Security November 26th, 2001 This week, KernelTrap spoke with OpenBSD creator and maintainer, Theo de Raadt. OpenBSD is widely hailed as being the most secure OS available. The latest version, OpenBSD 3.0, is slated for an official release on December 1st. http://www.linuxsecurity.com/articles/forums_article-4069.html +------------------------+ | Network Security News: | +------------------------+ * Telecommuting: Keeping Data Safe and Secure November 30th, 2001 With the increased availability of broadband access and VPNs, telecommuting is more viable for many workers. But with this new opportunity comes new risks. While telecommuting is an advantage for employees, making sure they adhere to security policies can be a headache. http://www.linuxsecurity.com/articles/network_security_article-4092.html +------------------------+ | Cryptography News: | +------------------------+ * Phil Zimmerman and PGP November 27th, 2001 InfoSecurityMag talks with the creator of PGP and the motivations behind creating it. "Zimmermann says he was confident that the first release of PGP domestically would be safe from legal restrictions, albeit not unnoticed. http://www.linuxsecurity.com/articles/cryptography_article-4070.html +------------------------+ | Vendors/Products: | +------------------------+ * Common sense key to beating hackers November 28th, 2001 Today's wireless local area network (Lan) investigation highlights common problems with all IT security. Computing spoke to a panel of experts about the key issues when it comes to protecting your company network and data. Are wireless networks safe? Yes, if common sense principles are applied, say experts. "It's important wireless Lans are deployed in a manner consistent with the security practices used to secure wired Lans and dial-up access connections," said Chris McNab, a consultant with security firm Matta and a former ethical hacker. http://www.linuxsecurity.com/articles/network_security_article-4079.html * PKCS #11 openCryptoki for Linux November 28th, 2001 openCryptoki is an implementation of the PKCS #11 API that allows interfacing to devices (such as a smart card, smart disk, or PCMCIA card) that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. http://www.linuxsecurity.com/articles/cryptography_article-4077.html +------------------------+ | General News: | +------------------------+ * Got hacked? Blame it on the software December 1st, 2001 There's only one problem with software development these days, according to security analyst and author Gary McGraw: It isn't any good. McGraw, noted for his books on Java security, is out with a new book that purports to tell software developers how to do it better. http://www.linuxsecurity.com/articles/security_sources_article-4096.html * Bush Signs Spending Bill With Cyber-Security Funding November 30th, 2001 President George W. Bush on Wednesday signed into law the Commerce, State, Justice appropriations bill, a 2002 spending package that contains significant funding for a range of cyber-security and online crime-fighting programs. http://www.linuxsecurity.com/articles/government_article-4091.html * EFF Update on Sklyarov Case November 30th, 2001 Ever since the FBI confirmed the existence of their Internet wiretapping device a device they named Carnivore, cyberprivacy activists have been up in arms. Carnivore promised to be their worst nightmare: a technology that could track and record every email sent, every Web page browsed, every chat room visited. http://www.linuxsecurity.com/articles/privacy_article-4093.html * Confounding Carnivore: How to Protect Your Online Privacy November 30th, 2001 Ever since the FBI confirmed the existence of their Internet wiretapping device -- a device they named Carnivore -- cyberprivacy activists have been up in arms. Carnivore promised to be their worst nightmare: a technology that could track and record every email sent, every Web page browsed, every chat room visited http://www.linuxsecurity.com/articles/privacy_article-4090.html * Key steps to bolster security November 29th, 2001 Good security systems depend more on good processes and design than on specific technologies, and to make the right choices requires a careful assessment of value and risk. Timothy Dyck reports. http://www.linuxsecurity.com/articles/security_sources_article-4087.html * Vulnerability Life Cycles November 26th, 2001 The vulnerability life cycle has three phases: the research/discovery phase -- in which both malicious and nonmalicious security researchers seek new holes in products; the disclosure phase -- in which the discoverer of the new vulnerability tells others about it; and the exploitation phase -- in which the specifics of bug information are incorporated into a program designed to take advantage of the vulnerability. http://www.linuxsecurity.com/articles/server_security_article-4067.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 02:00:09 PST