+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 31st, 2001 Volume 2, Number 52n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Transparent Proxy with Linux and Squid mini-HOWTO," "Snort 'n Dragon," "Authentication Gateway HOWTO," and "VNC, Securely: Part 2." Also this week, we have added a careers section on LinuxSecurity.com. It enables you to find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com This week, advisories were released for mailman, openssh, glibc, namazu, stunnel, and gpm. The vendors include Debian, EnGarde, Red Hat, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-4214.html * Why be vulnerable? Its your choice. Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! Be Secure with EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * A "Secure Programming" interview December 27th, 2001 Today, we have the interview of David A. Wheeler. As you're going to see it in his interview, David will give a secure programming presentation during FOSDEM. "I'm an American, born in 1965, and I've been developing software since about 1977. Professionally, I'm always been interested in high-risk or large software systems, including their security. http://www.linuxsecurity.com/articles/forums_article-4210.html +------------------------+ | Network Security News: | +------------------------+ * Transparent Proxy with Linux and Squid mini-HOWTO December 27th, 2001 This document provides information on how to setup a transparent caching HTTP proxy server using only Linux and squid. In "ordinary" proxying, the client specifies the hostname and port number of a proxy in his web browsing software. The browser then makes requests to the proxy, and the proxy forwards them to the origin servers. http://www.linuxsecurity.com/articles/network_security_article-4211.html * Snort 'n Dragon December 26th, 2001 This is the third in a series of excerpts from Chapter 7 of Incident Response, published in August 2001 by O'Reilly. This excerpt covers two tools used by sysadmins to detect when hackers are trying to access your network. You can use these tools to detect hackers before they do any damage. http://www.linuxsecurity.com/articles/intrusion_detection_article-4206.html * Hackers surround the Honeynet like bees around a honey pot December 26th, 2001 A decoy computer network set up to record every attempt to crack it open and subvert it has revealed just how active and determined malicious hackers have become. Statistics gathered by the network show that computers connected to the web are scanned for weaknesses up to 14 times per day and that, on average, an attempt will be made to break into a net-connected computer every three days. http://www.linuxsecurity.com/articles/network_security_article-4204.html * Authentication Gateway HOWTO December 26th, 2001 There are many concerns with the security of wireless networks and public access areas such as libraries or dormitories. These concerns are not met with current security implementations. A work around has been proposed by using an authentication gateway. http://www.linuxsecurity.com/articles/network_security_article-4209.html * VNC, Securely: Part 2 December 24th, 2001 This article will use Linux computers as both the clients and the server. We will concentrate on using the VNC client called vncviewer and the OpenSSH implementation of the SSH Secure Shell protocol. As per the first article, we have a VNC-based desktop running on our server. http://www.linuxsecurity.com/articles/network_security_article-4201.html +------------------------+ | Cryptography News: | +------------------------+ * Brain-bending crypto December 26th, 2001 Researchers at Toshiba have developed an LED (light emitting diode) capable of firing a single photon at a time, which could make sending encrypted messages truly secure. Researchers believe the diode could be used for quantum cryptography, a secure form of optical communication. http://www.linuxsecurity.com/articles/cryptography_article-4208.html +------------------------+ | Vendors/Products: | +------------------------+ * phrack #58 Released! December 28th, 2001 If you've never used Linux before and need to set up a server fast and easily, this is one of the best ways to do it. It's also very cost effective because it will run on almost any PC and doesn't require any expensive hardware, not to mention that the software itself sells for a very low price. http://www.linuxsecurity.com/articles/projects_article-4216.html * Why Worm Writers Stay Free December 27th, 2001 Virus writers often act as if the Internet, the most public forum in the world, is their very own private playground. Law enforcement officials are amused and amazed by the many virus writers who carefully include identifying comments or credits in their code, and who often are found bragging about their skills and latest creations in newsgroups or on Internet Relay Chat channels. http://www.linuxsecurity.com/articles/general_article-4212.html * Security consultant finds plenty of holes to plug December 26th, 2001 Cruising about the Twin Cities, with his wireless laptop on the seat next to him, Brad Rubin can see one business opportunity after another pop up on his computer screen. His laptop, hooked to a homemade antenna housed in a Pringles can, runs sniffer software that detects wireless networks, even those people have tried to hide. http://www.linuxsecurity.com/articles/network_security_article-4205.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 03:23:27 PST