+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 21st, 2002 Volume 3, Number 3n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "The Simplest Security: A Guide To Better Password Practices," "Filtering Spam with Procmail," "Using ssh Port Forwarding to Print at Remote Locations," and "The SANS Network Security Roadmap Poster." Get 10% Off & FREE Shipping for all Guardian Digital secure servers! Visit Guardian Digital's online store for details: http://store.guardiandigital.com This week, advisories were released for imp, horde, x-chat, gzip, glibc, cipe, sudo, at, stunnel, NetBSD kernel, slashcode, pine, lids, groff, bugzilla, and uuxqt. The vendors include Caldera, Conectiva, Debian, EnGarde, Mandrake, NetBSD, Red Hat, Slackware, and SuSE. http://www.linuxsecurity.com/articles/forums_article-4302.html ## FREE Apache SSL Guide from Thawte ## Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. http://www.gothawte.com/rd180.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * ProFTPD's DoS Problem and Slash's Weak Link January 18th, 2002 In this column, we look at several problems with ProFTPD; a Trojan Horse application disguised as an exploit; buffer overflows in the glibc library, dtspcd, wmcube-gdk, and Mandrake Linux's Kerberos telnet; and problems in Slash, IBM Websphere, popauth, Aftpd, TWIG, PGPMail.pl, and the Cisco SN 5420 Storage Router. http://www.linuxsecurity.com/articles/server_security_article-4300.html * The Simplest Security: A Guide To Better Password Practices January 18th, 2002 While we may find them annoying, and even take them for granted, it is important to remember why passwords are important: passwords are the foundation of authentication, which is often the first line of security. This article will provide a brief overview of how to create and maintain strong, effective passwords. http://www.linuxsecurity.com/articles/general_article-4304.html * Debian, security, and you January 17th, 2002 An interesting bug was filed today by Florian Weimer. I'll quote the bug report in full: "Over the past few months, the GNU/Linux community has slowly adopted a way of dealing with security issues which closely resembles the approach suggested by Microsoft last year: more-or-less systematic hiding of security problems from end users, at least for some time. http://www.linuxsecurity.com/articles/projects_article-4299.html * Filtering Spam with Procmail January 14th, 2002 Here's an article that talks about keeping your site safe. It is a discussion of some commercial security products, some of which run on Linux. "Still, there's a more insidious threat that such technologies don't guard against: actions by your staff to invite seemingly innocuous data into your organization. Such data can be harmful because it brings viruses or Trojan horses into your systems, exposes your companies to lawsuits or merely wastes valuable time and resources." http://www.linuxsecurity.com/articles/server_security_article-4271.html * The Perfect Forensics Candidate January 14th, 2002 This is a great multi-part article on computer forensics, the story of a couple of break-ins and how they were detected, and the tools used to detect the attacks. "Exodus Communications Inc. has a team of 22 incident response analysts, and it can always use a few more people with expertise in the field to support internal and client investigations." http://www.linuxsecurity.com/articles/intrusion_detection_article-4275.html +------------------------+ | Network Security News: | +------------------------+ * Using ssh Port Forwarding to Print at Remote Locations January 17th, 2002 ssh--oh yeah, that's a secure Telnet program, right? Yes, it is, and it's much, much more. You're not still using Telnet, are you? Previous issues of Linux Journal have talked about the ``much, much more'' of ssh (see Resources). http://www.linuxsecurity.com/articles/network_security_article-4298.html * The SANS Network Security Roadmap Poster January 15th, 2002 The SANS Network Security Roadmap poster is now online. It answers questions on Integrating Security Into Your Site, How to Get the Work Done, Where to Find the Right Information, Pitfalls and Vulnerabilities. Great stuff. http://www.linuxsecurity.com/articles/security_sources_article-4284.html * Kernel Korner: Inside the Linux Packet Filter January 15th, 2002 In Part I of this two-part series on the Linux Packet Filter, Gianluca describes a packet's journey through the kernel. Network geeks among you may remember my article, ``Linux Socket Filter: Sniffing Bytes over the Network'', in the June 2001 issue of LJ, regarding the use of the packet filter built inside the Linux kernel. http://www.linuxsecurity.com/articles/server_security_article-4279.html +------------------------+ | Cryptography News: | +------------------------+ * Computer Security, Biometrics Dominate NIST Agenda January 16th, 2002 NIST is just a few months away from announcing a new biometric standard that will be used to confirm the identity of people seeking U.S. visas or using a visa to enter the United States http://www.linuxsecurity.com/articles/security_sources_article-4297.html * Crypto-Gram - January 15, 2002 January 15th, 2002 This month's cryptogram talks about the Microsoft Plug-and-Play vulnerability, reader feedback, Counterpane news, and more. "The big news of late December was a security flaw in Microsoft's Universal Plug and Play system, a feature in a variety of Windows flavors. http://www.linuxsecurity.com/articles/cryptography_article-4280.html * Cryptographic Abundance January 15th, 2002 Knowledge of cryptographic techniques used to belong almost exclusively to governments, which use cryptography to protect political, diplomatic and military secrets against the prying eyes of other governments. http://www.linuxsecurity.com/articles/cryptography_article-4278.html +------------------------+ | Vendors/Products: | +------------------------+ * Debian Has Slow Security Updates? January 15th, 2002 Some comments on the Linux Today story about the recent glibc security update challenged my perception that Debian is very responsive to security problems in core packages. Basically, they say that this vulnerability was reported on December 14th. Has it really taken one month to deliver a core glibc update? http://www.linuxsecurity.com/articles/forums_article-4283.html * Sudo version 1.6.4 now available January 14th, 2002 Here's an article that talks about keeping your site safe. It is a discussion of some commercial security products, some of which run on Linux. "Still, there's a more insidious threat that such technologies don't guard against: actions by your staff to invite seemingly innocuous data into your organization. Such data can be harmful because it brings viruses or Trojan horses into your systems, exposes your companies to lawsuits or merely wastes valuable time and resources." http://www.linuxsecurity.com/articles/server_security_article-4276.html +------------------------+ | General News: | +------------------------+ * Hacker mag takes on US court January 18th, 2002 Hacker magazine 2600 has filed a request for the reversal of an earlier US court ruling prohibiting the publication of the DeCSS DVD decrypting software. The move comes just days after Norwegian authorities indicted Jon Johansen, the creator of the DeCSS tool. http://www.linuxsecurity.com/articles/hackscracks_article-4301.html * EPIC Sues For Govt. Data Collection Info January 16th, 2002 Privacy and civil liberties advocacy group Electronic Privacy Information Center (EPIC) said that it asked a federal court Monday to order the release of records that detail the sale of personal information to law enforcement agencies http://www.linuxsecurity.com/articles/privacy_article-4285.html * Security Vs. Privacy January 14th, 2002 State motor-vehicle offices will propose that drivers' licenses incorporate biometrics. Is that the same as a national ID card? Calls for creating a national ID card system, which advocates say would make it harder for terrorists to move undetected within U.S. borders, have drawn criticism for their totalitarian overtones. http://www.linuxsecurity.com/articles/privacy_article-4273.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jan 22 2002 - 15:15:39 PST