[ISN] Linux Security Week - December 31st 2001

From: InfoSec News (isnat_private)
Date: Tue Jan 01 2002 - 23:13:01 PST

  • Next message: InfoSec News: "GeeK: [ISN] Hoax or hoard? Mystery code holds out promise of millions to some"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  December 31st, 2001                         Volume 2, Number 52n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Transparent
    Proxy with Linux and Squid mini-HOWTO," "Snort 'n Dragon,"  
    "Authentication Gateway HOWTO," and "VNC, Securely: Part 2." Also this
    week, we have added a careers section on LinuxSecurity.com.  It enables
    you to find technical and managerial positions available worldwide.
     Visit the LinuxSecurity.com Career Center:
    This week, advisories were released for mailman, openssh, glibc, namazu,
    stunnel, and gpm.  The vendors include Debian, EnGarde, Red Hat, SuSE, and
    * Why be vulnerable?  Its your choice.
    Are you looking for a solution that provides the applications necessary to
    easily create thousands of virtual Web sites, manage e-mail, DNS,
    firewalling database functions for an entire organization, and supports
    high-speed broadband connections all using a Web-based front-end? EnGarde
    Secure Professional provides those features and more!
     Be Secure with EnGarde Secure Professional:
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * A "Secure Programming" interview
    December 27th, 2001
    Today, we have the interview of David A. Wheeler. As you're going to see
    it in his interview, David will give a secure programming presentation
    during FOSDEM. "I'm an American, born in 1965, and I've been developing
    software since about 1977. Professionally, I'm always been interested in
    high-risk or large software systems, including their security.
    | Network Security News: |
    * Transparent Proxy with Linux and Squid mini-HOWTO
    December 27th, 2001
    This document provides information on how to setup a transparent caching
    HTTP proxy server using only Linux and squid. In "ordinary" proxying, the
    client specifies the hostname and port number of a proxy in his web
    browsing software. The browser then makes requests to the proxy, and the
    proxy forwards them to the origin servers.
    * Snort 'n Dragon
    December 26th, 2001
    This is the third in a series of excerpts from Chapter 7 of Incident
    Response, published in August 2001 by O'Reilly. This excerpt covers two
    tools used by sysadmins to detect when hackers are trying to access your
    network. You can use these tools to detect hackers before they do any
    * Hackers surround the Honeynet like bees around a honey pot
    December 26th, 2001
    A decoy computer network set up to record every attempt to crack it open
    and subvert it has revealed just how active and determined malicious
    hackers have become.  Statistics gathered by the network show that
    computers connected to the web are scanned for weaknesses up to 14 times
    per day and that, on average, an attempt will be made to break into a
    net-connected computer every three days.
    * Authentication Gateway HOWTO
    December 26th, 2001
    There are many concerns with the security of wireless networks and public
    access areas such as libraries or dormitories. These concerns are not met
    with current security implementations. A work around has been proposed by
    using an authentication gateway.
    * VNC, Securely: Part 2
    December 24th, 2001
    This article will use Linux computers as both the clients and the server.
    We will concentrate on using the VNC client called vncviewer and the
    OpenSSH implementation of the SSH Secure Shell protocol.  As per the first
    article, we have a VNC-based desktop running on our server.
    | Cryptography News:     |
    * Brain-bending crypto
    December 26th, 2001
    Researchers at Toshiba have developed an LED (light emitting diode)
    capable of firing a single photon at a time, which could make sending
    encrypted messages truly secure.  Researchers believe the diode could be
    used for quantum cryptography, a secure form of optical communication.
    |  Vendors/Products:     |
    * phrack #58 Released!
    December 28th, 2001
    If you've never used Linux before and need to set up a server fast and
    easily, this is one of the best ways to do it. It's also very cost
    effective because it will run on almost any PC and doesn't require any
    expensive hardware, not to mention that the software itself sells for a
    very low price.
    * Why Worm Writers Stay Free
    December 27th, 2001
    Virus writers often act as if the Internet, the most public forum in the
    world, is their very own private playground.  Law enforcement officials
    are amused and amazed by the many virus writers who carefully include
    identifying comments or credits in their code, and who often are found
    bragging about their skills and latest creations in newsgroups or on
    Internet Relay Chat channels.
    * Security consultant finds plenty of holes to plug
    December 26th, 2001
    Cruising about the Twin Cities, with his wireless laptop on the seat next
    to him, Brad Rubin can see one business opportunity after another pop up
    on his computer screen.  His laptop, hooked to a homemade antenna housed
    in a Pringles can, runs sniffer software that
     detects wireless networks, even those people have tried to hide.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 03:23:27 PST