[ISN] Linux Security Week - December 3, 2001

From: InfoSec News (isnat_private)
Date: Tue Dec 04 2001 - 00:34:05 PST

  • Next message: InfoSec News: "[ISN] Paris school offers primer for cyberpirates"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  December 3rd, 2001                          Volume 2, Number 48n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
     
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Theo de Raadt
    Discusses OpenBSD and Security," "Telecommuting: Keeping Data Safe and
    Secure," and "Vulnerability Life Cycles."  Also this week the "qmail
    Anti-Spam HOWTO" and "Securing Debian HOWTO" was released.
    
    * Why be vulnerable?  Its your choice.
    
    Are you looking for a solution that provides the applications necessary to
    easily create thousands of virtual Web sites, manage e-mail, DNS,
    firewalling database functions for an entire organization, and supports
    high-speed broadband connections all using a Web-based front-end? EnGarde
    Secure Professional provides those features and more!
     
     Be Secure with EnGarde Secure Professional:
     http://store.guardiandigital.com/html/eng/493-AA.shtml
    
    
    This week, advisories were released for wu-ftp, imp, rpm, postfix, sasl,
    and sendmail.  The vendors include Caldera, Conectiva, Immunix, Red Hat,
    Slackware and SuSE.
    
    http://www.linuxsecurity.com/articles/forums_article-4089.html
    
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
     
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    
    * qmail Anti-Spam HOWTO
    December 1st, 2001
    
    This document discusses anti-spam philosophies from a variety of
    perspectives and provides information about available options for dealing
    with spam. Spam is defined here as unsolicited commercial e-mail, usually
    sent in bulk. In other words, spam is simply electronic junk mail. Dealing
    with spam is, at best, a very difficult task.
    
    http://www.linuxsecurity.com/articles/documentation_article-4097.html
    
    
    * Securing Debian HOWTO
    November 29th, 2001
    
    This document describes the process of securing and hardening the default
    Debian installation. It covers some of the common taks to setup a secure
    network environment using Debian GNU/Linux. This document just gives an
    overview of what you can do to increase the security of your Debian
    GNU/Linux system.
    
    http://www.linuxsecurity.com/articles/host_security_article-4086.html
    
    
    * Theo de Raadt Discusses OpenBSD and Security
    November 26th, 2001
    
    This week, KernelTrap spoke with OpenBSD creator and maintainer, Theo de
    Raadt. OpenBSD is widely hailed as being the most secure OS available. The
    latest version, OpenBSD 3.0, is slated for an official release on December
    1st.
    
    http://www.linuxsecurity.com/articles/forums_article-4069.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Telecommuting: Keeping Data Safe and Secure
    November 30th, 2001
    
    With the increased availability of broadband access and VPNs,
    telecommuting is more viable for many workers. But with this new
    opportunity comes new risks. While telecommuting is an advantage for
    employees, making sure they adhere to security policies can be a headache.
    
    http://www.linuxsecurity.com/articles/network_security_article-4092.html
    
    
    +------------------------+
    | Cryptography News:     |
    +------------------------+
    
    * Phil Zimmerman and PGP
    November 27th, 2001
    
    InfoSecurityMag talks with the creator of PGP and the motivations behind
    creating it. "Zimmermann says he was confident that the first release of
    PGP domestically would be safe from legal restrictions, albeit not
    unnoticed.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4070.html
    
    
    
    +------------------------+
    |  Vendors/Products:     |
    +------------------------+
    
    * Common sense key to beating hackers
    November 28th, 2001
    
    Today's wireless local area network (Lan) investigation highlights common
    problems with all IT security. Computing spoke to a panel of experts about
    the key issues when it comes to protecting your company network and data.  
    Are wireless networks safe? Yes, if common sense principles are applied,
    say experts. "It's important wireless Lans are deployed in a manner
    consistent with the security practices used to secure wired Lans and
    dial-up access connections," said Chris McNab, a consultant with security
    firm Matta and a former ethical hacker.
    
    http://www.linuxsecurity.com/articles/network_security_article-4079.html
    
    
    * PKCS #11 openCryptoki for Linux
    November 28th, 2001
    
    openCryptoki is an implementation of the PKCS #11 API that allows
    interfacing to devices (such as a smart card, smart disk, or PCMCIA card)
    that hold cryptographic information and perform cryptographic functions.
    openCryptoki provides application portability by isolating the application
    from the details of the cryptographic device.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4077.html
    
    
    
    +------------------------+
    |  General News:         |
    +------------------------+
    
    * Got hacked? Blame it on the software
    December 1st, 2001
    
    There's only one problem with software development these days, according
    to security analyst and author Gary McGraw: It isn't any good. McGraw,
    noted for his books on Java security, is out with a new book that purports
    to tell software developers how to do it better.
    
    http://www.linuxsecurity.com/articles/security_sources_article-4096.html
    
    
    
    * Bush Signs Spending Bill With Cyber-Security Funding
    November 30th, 2001
    
    President George W. Bush on Wednesday signed into law the Commerce, State,
    Justice appropriations bill, a 2002 spending package that contains
    significant funding for a range of cyber-security and online
    crime-fighting programs.
    
    http://www.linuxsecurity.com/articles/government_article-4091.html
    
    
    * EFF Update on Sklyarov Case
    November 30th, 2001
    
    Ever since the FBI confirmed the existence of their Internet wiretapping
    device a device they named Carnivore, cyberprivacy activists have been up
    in arms. Carnivore promised to be their worst nightmare: a technology that
    could track and record every email sent, every Web page browsed, every
    chat room visited.
    
    http://www.linuxsecurity.com/articles/privacy_article-4093.html
    
    
    * Confounding Carnivore: How to Protect Your Online Privacy
    November 30th, 2001
    
    Ever since the FBI confirmed the existence of their Internet wiretapping
    device -- a device they named Carnivore -- cyberprivacy activists have
    been up in arms. Carnivore promised to be their worst nightmare: a
    technology that could track and record every email sent, every Web page
    browsed, every chat room visited
    
    http://www.linuxsecurity.com/articles/privacy_article-4090.html
    
    
    * Key steps to bolster security
    November 29th, 2001
    
    Good security systems depend more on good processes and design than on
    specific technologies, and to make the right choices requires a careful
    assessment of value and risk. Timothy Dyck reports.
    
    http://www.linuxsecurity.com/articles/security_sources_article-4087.html
    
    
    * Vulnerability Life Cycles
    November 26th, 2001
    
    The vulnerability life cycle has three phases: the research/discovery
    phase -- in which both malicious and nonmalicious security researchers
    seek new holes in products; the disclosure phase -- in which the
    discoverer of the new vulnerability tells others about it; and the
    exploitation phase -- in which the specifics of bug information are
    incorporated into a program designed to take advantage of the
    vulnerability.
    
    http://www.linuxsecurity.com/articles/server_security_article-4067.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 02:00:09 PST