[ISN] Linux Security Week - January 14th 2002

From: InfoSec News (isnat_private)
Date: Tue Jan 15 2002 - 08:06:09 PST

  • Next message: InfoSec News: "[ISN] CERT Warns of Solaris Exploit"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  January 14th, 2002                           Volume 3, Number 2n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Comparing Secure
    shell (SSH) and Virtual Network Computing (VNC)," "Play with the Lovely
    Netcat," "MailScanner Mail Gateway Filter," and "Securing Air: Wireless
    Security."  Also, you crypto lovers should read "New Data Encryption
    Method Throws Away the Keys," and "Prof renews free speech fight against
    US encryption law."
    Get 10% Off & FREE Shipping for all Guardian Digital secure servers! Visit
    Guardian Digital's online store for details:
    This week, advisories were released for exim, libgtop, mutt, pkg_install,
    pw, pine, mod_auth_pgsql, bind, proftpd, LIDS, stunnel, and namazu.  The
    vendors include Conectiva, Debian, FreeBSD, Mandrake, Red Hat, SuSE, and
    ** FREE Apache SSL Guide from Thawte Certification - Do your online
    customers demand the best available protection of their personal
    information? Thawte's guide explains how to give this to your customers by
    implementing SSL on your Apache Web Server.
     Click here to get our FREE Thawte Apache Guide:
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Comparing Secure shell (SSH) and Virtual Network Computing (VNC)
    January 8th, 2002
    In the first of this pair of articles, David compares and contrasts Secure
    shell (SSH) and Virtual Network Computing (VNC), two technologies that
    allow a user at one workstation to run an application that lives on
    another computer.
    * Avoiding Buffer Overflows
    January 8th, 2002
    Chrooted system services improve security by limiting damage that someone
    who broke into the system can possibly do. What is chroot? Chroot
    basically redefines the universe for a program. More accurately, it
    redefines the "ROOT" directory or "/"  for a program or login session.
    * Play with the Lovely Netcat
    January 8th, 2002
    The first but secondary purpose of this article is to introduce you this
    nifty networking tool: /usr/bin/netcat which is well available from the
    Debian GNU/Linux under the package name netcat. (The drill: apt-get
    install netcat and you're done.)
    | Network Security News: |
    * Smurf attacks - don't be a victim
    January 10th, 2002
    Smurf attacks can be devastating, both to the victim network and to the
    network(s) used to amplify the attack. An Internet Control Message
    Protocol (ICMP) Smurf attack is a brute-force attack on the direct
    broadcast feature that is built in to the IP protocol.
    * Social Engineering Fundamentals, Part II: Combat Strategies
    January 10th, 2002
    This is the second part of a two-part series devoted to social
    engineering. In Part One, we defined social engineering as a hacker's
    clever manipulation of the natural human tendency to trust, with the goal
    of obtaining information that will allow him/her to gain unauthorized
    access to a valued system and the information that resides on that system.
    * Special Report: Know your enemy
    January 10th, 2002
    John Taylor sent in this article that discusses a number of types of
    attacks. "The serious attacks to which we refer are those insidious
    intrusions that reach deep into your system, bypassing your expensive
    firewalls and stealing or damaging your data slowly, over long periods of
    * MailScanner Mail Gateway Filter
    January 9th, 2002
    MailScanner is a virus scanner for e-mail designed for use on e-mail
    gateways. It can also detect a large proportion of unsolicited commercial
    e-mail (spam) passing through it.  Not only can it scan for known viruses,
    but it can also protect against unknown viruses hidden inside e-mail
    attachments by refusing entry to attachments whose filenames match any
    given pattern.
    * Securing Air (Wireless Security)
    January 7th, 2002
    He brought along a laptop loaded with a wireless Ethernet card and
    NetStumbler, a shareware sniffer for wireless networks. Once NetStumbler
    detects an 802.11 connection, it logs the MAC address of the access point
    along with the network name, SSID, manufacturer and various data about the
    |   Cryptography News:   |
    * Source Code As Free Speech in Encryption Case
    January 13th, 2002
    The U.S. Court of Appeals for the Sixth Circuit has ruled that computer
    source code is protected by the First Amendment.  The ruling could have
    significant implications on the United States' encryption policies. This
    article discusses the case and the lessons it teaches about encryption.
    * Prof renews free speech fight against US encryption law
    January 10th, 2002
    A computer science professor is renewing a constitutional challenge to
    U.S. encryption laws, arguing that the government's policy on restricting
    the export of domestic cryptographic research violates the First
    Amendment.  Daniel Bernstein, the University of Illinois computer science
    professor who resurrected the lawsuit in a San Francisco district court on
    Monday, said he is only trying to help protect computer systems against
    terrorists and other criminals.
    * New Data Encryption Method Throws Away the Keys
    January 8th, 2002
    The key generation idea is likely to see opposition from law enforcement
    and government, especially during the current war on terrorism. Last week,
    a U.S. District Court told the Justice Department that it could keep its
    keystroke-logging technology under wraps, even as the Feds used
    information gathered by the snoopware as evidence in the trial of alleged
    Mafia defendant Nicodemo Scarfo, Jr.
    |  Vendors/Products:     |
    * Tools take on new Linux Trojan
    January 13th, 2002
    Utilities for detecting and removing a new Trojan horse that targets Linux
    systems have been posted on the Internet for free download.  The tools,
    created by managed security provider Qualys, battle a new variant of the
    Remote Shell Trojan, dubbed "RST.b," which creates a backdoor on infected
    Linux computers, giving a remote attacker full control.
    * akpop3d - small and secure POP3 daemon
    January 13th, 2002
    Andreas Krennmair writes, "Because I found the design of Solar Designer's
    POP3 daemon popa3d somewhat obscure, I started writing my own POP3 daemon,
    called akpop3d. Now I want to ask the LinuxSecurity.com community to
    peer-review this program.
    |  General News:         |
    * CERT/CC Statistics 1988-2001
    January 11th, 2002
    The latest raw statistical information published by CERT. The year 2001
    recorded 52,658 reported incidents versus 21,756 for 2000. It also
    includes the number of mail messages received concerning security
    incidents, number of security alerts, and more.
    * U.S. Cyber Security Weakening
    January 11th, 2002
    U.S. computer systems are increasingly vulnerable to cyber attacks, partly
    because companies are not implementing security measures already
    available, according to a new report released Tuesday.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 15:16:57 PST