[ISN] Linux Security Week - December 24th 2001

From: InfoSec News (isnat_private)
Date: Tue Dec 25 2001 - 00:31:41 PST

  • Next message: InfoSec News: "Re: [ISN] US to yank Kevin Mitnick's radio license"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  December 24th, 2001                         Volume 2, Number 51n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Letter to Santa
    from a Security Administrator," "Application Gateways and Stateful
    Inspection:  Comparing and Contrasting," and "Social Engineering
    Fundamentals, Part I: Hacker Tactics."  If you are interested in
    crypto/stegano you may also want to read "Steganography, Next Generation,"
    and "Paving the way for 'uncrackable' codes."
     * Features Review by 8Wire.com: EnGarde Secure Linux 1.0.1
     If you've never used Linux before and need to set up a server fast
     and easily, this is one  of the best ways to do it. It's also very
     cost effective because it will run on almost any PC  and doesn't
     require any expensive hardware, not to mention that the software
     itself sells  for a very low price. 
    This week advisories were released for mailman, htdig, xsane, OpenSSH,
    kerberos, libgtop, glibc, and the Trustix kernel.  The vendors include
    EnGarde, Debian, Immunix, FreeBSD, Mandrake, Red Hat, and Trustix.
    * Why be vulnerable?  Its your choice.
    Are you looking for a solution that provides the applications necessary to
    easily create thousands of virtual Web sites, manage e-mail, DNS,
    firewalling database functions for an entire organization, and supports
    high-speed broadband connections all using a Web-based front-end? EnGarde
    Secure Professional provides those features and more!
     Be Secure with EnGarde Secure Professional:
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Letter to Santa from a Security Administrator
    December 22nd, 2001
    Dear Santa, I'll not trouble you with the "been a good boy" stuff. You
    know and I know the truth. Nevertheless, in the event that you're into
    grace above justice this year -- as you most certainly have been in the
    past -- here's what I want this year.
    * Is Linux Immune to E-Mail Viruses?
    December 17th, 2001
    Some of the recent press regarding the "Goner" e-mail virus has brought
    about interesting commentary from antivirus manufacturers. It seems that a
    number of these folks feel that Linux viruses soon will be rampaging
    through the Internet alongside their Windows brethren.
    | Network Security News: |
    * Security for Telecommuting and Broadband Communications
    December 23rd, 2001
    NIST has recently developed the draft NIST Special Publication Security
    for Telecommuting and Broadband Communications. This document is intended
    to assist those responsible users, system administrators, and management
    for telecommuting security, by providing introductory information about
    broadband communication security and policy, security of home office
    systems, and considerations for system administrators in the central
    * Application Gateways and Stateful Inspection:  Comparing and
    December 18th, 2001
    This article dated back in 1998 is one of the most informative articles
    I've seen on Application Gateways and Stateful Inspection. The Internet
    Security industry has grown tremendously in the past several years: the
    increase in demand for related products has far outstripped even this
    rapid expansion.
    * monitord: network security monitor
    December 18th, 2001
    A lightweight (distributed?) network security monitor for TCP/IP+Ethernet
    LANs. It will capture certain network events and record them in a
    relational database. The recorded data will be available for analysis
    through a CGI based interface.
    | Cryptography News:     |
    * Steganography, Next Generation
    December 19th, 2001
    Steganography, the science of burying secret messages within something
    innocuous, has endured bad publicity recently, with unsubstantiated rumors
    of missives from Osama bin Laden hidden in images on websites.  But the
    good guys can play, too. A new steganography-based technique hides
    barcodes inside pictures and could help create forgery-proof identity
    * Paving the way for 'uncrackable' codes
    December 17th, 2001
    The heart of a new light-emitting diode (LED) developed in Cambridge, UK,
    can be controlled so precisely that it emits just one single photon of
    light each time it is switched on. The device could be a key component in
    quantum cryptography, a code-making technology which, it is hoped, will be
    |  Vendors/Products:     |
    * Review: EnGarde Secure Linux 1.0.1
    December 18th, 2001
    If you've never used Linux before and need to set up a server fast and
    easily, this is one of the best ways to do it. It's also very cost
    effective because it will run on almost any PC and doesn't require any
    expensive hardware, not to mention that the software itself sells for a
    very low price.
    |  General News:         |
    * Is Distributed Computing A Crime?
    December 20th, 2001
    Ann Harrison of SecurityFocus.com writes, "A college computer technician
    who offered his school's unused computer processing power for an
    encryption research project will be tried next month in Georgia for
    computer theft and trespassing charges that carry a potential total of 120
    years in jail.
    * Want better workplace security?
    December 20th, 2001
    An established company moves into a downtown high-rise and a few months
    later discovers that many of its secrets are going public. How is that
    possible? Its networks are locked down. Its employees use passwords, and
    are given security clearances.
    * Social Engineering Fundamentals, Part I: Hacker Tactics
    December 19th, 2001
    Sarah Granger writes, "Security is all about trust. Trust in protection
    and authenticity. Generally agreed upon as the weakest link in the
    security chain, the natural human willingness to accept someone at his or
    her word leaves many of us vulnerable to attack. Many experienced security
    experts emphasize this fact."
    * The Survivor's Guide to 2002
    December 17th, 2001
    Security is a process, not a product. And it touches every aspect of an
    organization.  Yet security is often an afterthought. Even worse, some
    organizations' idea of security is the firewall sitting at the network
    edge or the virus scanner integrated into the mail servers. Wrong.
    Security is none of these things.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 25 2001 - 05:53:35 PST