+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 14th, 2002 Volume 3, Number 2n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Comparing Secure shell (SSH) and Virtual Network Computing (VNC)," "Play with the Lovely Netcat," "MailScanner Mail Gateway Filter," and "Securing Air: Wireless Security." Also, you crypto lovers should read "New Data Encryption Method Throws Away the Keys," and "Prof renews free speech fight against US encryption law." Get 10% Off & FREE Shipping for all Guardian Digital secure servers! Visit Guardian Digital's online store for details: http://store.guardiandigital.com This week, advisories were released for exim, libgtop, mutt, pkg_install, pw, pine, mod_auth_pgsql, bind, proftpd, LIDS, stunnel, and namazu. The vendors include Conectiva, Debian, FreeBSD, Mandrake, Red Hat, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-4261.html ** FREE Apache SSL Guide from Thawte Certification - Do your online customers demand the best available protection of their personal information? Thawte's guide explains how to give this to your customers by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://www.gothawte.com/rd176.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Comparing Secure shell (SSH) and Virtual Network Computing (VNC) January 8th, 2002 In the first of this pair of articles, David compares and contrasts Secure shell (SSH) and Virtual Network Computing (VNC), two technologies that allow a user at one workstation to run an application that lives on another computer. http://www.linuxsecurity.com/articles/network_security_article-4250.html * Avoiding Buffer Overflows January 8th, 2002 Chrooted system services improve security by limiting damage that someone who broke into the system can possibly do. What is chroot? Chroot basically redefines the universe for a program. More accurately, it redefines the "ROOT" directory or "/" for a program or login session. http://www.linuxsecurity.com/articles/server_security_article-4247.html * Play with the Lovely Netcat January 8th, 2002 The first but secondary purpose of this article is to introduce you this nifty networking tool: /usr/bin/netcat which is well available from the Debian GNU/Linux under the package name netcat. (The drill: apt-get install netcat and you're done.) http://www.linuxsecurity.com/articles/host_security_article-4248.html +------------------------+ | Network Security News: | +------------------------+ * Smurf attacks - don't be a victim January 10th, 2002 Smurf attacks can be devastating, both to the victim network and to the network(s) used to amplify the attack. An Internet Control Message Protocol (ICMP) Smurf attack is a brute-force attack on the direct broadcast feature that is built in to the IP protocol. http://www.linuxsecurity.com/articles/network_security_article-4258.html * Social Engineering Fundamentals, Part II: Combat Strategies January 10th, 2002 This is the second part of a two-part series devoted to social engineering. In Part One, we defined social engineering as a hacker's clever manipulation of the natural human tendency to trust, with the goal of obtaining information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system. http://www.linuxsecurity.com/articles/general_article-4257.html * Special Report: Know your enemy January 10th, 2002 John Taylor sent in this article that discusses a number of types of attacks. "The serious attacks to which we refer are those insidious intrusions that reach deep into your system, bypassing your expensive firewalls and stealing or damaging your data slowly, over long periods of time. http://www.linuxsecurity.com/articles/general_article-4260.html * MailScanner Mail Gateway Filter January 9th, 2002 MailScanner is a virus scanner for e-mail designed for use on e-mail gateways. It can also detect a large proportion of unsolicited commercial e-mail (spam) passing through it. Not only can it scan for known viruses, but it can also protect against unknown viruses hidden inside e-mail attachments by refusing entry to attachments whose filenames match any given pattern. http://www.linuxsecurity.com/articles/network_security_article-4255.html * Securing Air (Wireless Security) January 7th, 2002 He brought along a laptop loaded with a wireless Ethernet card and NetStumbler, a shareware sniffer for wireless networks. Once NetStumbler detects an 802.11 connection, it logs the MAC address of the access point along with the network name, SSID, manufacturer and various data about the signal. http://www.linuxsecurity.com/articles/network_security_article-4244.html +------------------------+ | Cryptography News: | +------------------------+ * Source Code As Free Speech in Encryption Case January 13th, 2002 The U.S. Court of Appeals for the Sixth Circuit has ruled that computer source code is protected by the First Amendment. The ruling could have significant implications on the United States' encryption policies. This article discusses the case and the lessons it teaches about encryption. http://www.linuxsecurity.com/articles/cryptography_article-4269.html * Prof renews free speech fight against US encryption law January 10th, 2002 A computer science professor is renewing a constitutional challenge to U.S. encryption laws, arguing that the government's policy on restricting the export of domestic cryptographic research violates the First Amendment. Daniel Bernstein, the University of Illinois computer science professor who resurrected the lawsuit in a San Francisco district court on Monday, said he is only trying to help protect computer systems against terrorists and other criminals. http://www.linuxsecurity.com/articles/cryptography_article-4259.html * New Data Encryption Method Throws Away the Keys January 8th, 2002 The key generation idea is likely to see opposition from law enforcement and government, especially during the current war on terrorism. Last week, a U.S. District Court told the Justice Department that it could keep its keystroke-logging technology under wraps, even as the Feds used information gathered by the snoopware as evidence in the trial of alleged Mafia defendant Nicodemo Scarfo, Jr. http://www.linuxsecurity.com/articles/cryptography_article-4251.html +------------------------+ | Vendors/Products: | +------------------------+ * Tools take on new Linux Trojan January 13th, 2002 Utilities for detecting and removing a new Trojan horse that targets Linux systems have been posted on the Internet for free download. The tools, created by managed security provider Qualys, battle a new variant of the Remote Shell Trojan, dubbed "RST.b," which creates a backdoor on infected Linux computers, giving a remote attacker full control. http://www.linuxsecurity.com/articles/network_security_article-4268.html * akpop3d - small and secure POP3 daemon January 13th, 2002 Andreas Krennmair writes, "Because I found the design of Solar Designer's POP3 daemon popa3d somewhat obscure, I started writing my own POP3 daemon, called akpop3d. Now I want to ask the LinuxSecurity.com community to peer-review this program. http://www.linuxsecurity.com/articles/projects_article-4267.html +------------------------+ | General News: | +------------------------+ * CERT/CC Statistics 1988-2001 January 11th, 2002 The latest raw statistical information published by CERT. The year 2001 recorded 52,658 reported incidents versus 21,756 for 2000. It also includes the number of mail messages received concerning security incidents, number of security alerts, and more. http://www.linuxsecurity.com/articles/security_sources_article-4266.html * U.S. Cyber Security Weakening January 11th, 2002 U.S. computer systems are increasingly vulnerable to cyber attacks, partly because companies are not implementing security measures already available, according to a new report released Tuesday. http://www.linuxsecurity.com/articles/government_article-4265.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 15:16:57 PST