[ISN] Linux Security Week - February 4th 2002

From: InfoSec News (isnat_private)
Date: Wed Feb 06 2002 - 00:32:16 PST

  • Next message: InfoSec News: "[ISN] NASA hacker gets 21 months in jail"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  February 4th, 2002                           Volume 3, Number 5n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Computer
    Forensics Roundup," "Security Policies in a Time of Terror," "Securing
    WLANs and LANs End-to-End," and "Understanding IDS Active Response
    FEATURE: Approaches to choosing the strength of your security measures
    Anton Chuvakin discusses the known approaches to choosing the level of
    security for your organization, risk assessment, and finding the balance
    between effective security practices and the existing budget.
    This week, advisories were released for rsync, k5su, enscript, gzip,
    ptrace, sudo, x-chat, sane-backends, pine, at, uucp, mutt, openldap,
    squid, and xinetd.  The vendors include Caldera, Conectiva, Debian,
    EnGarde, FreeBSD, Mandrake, FreeBSD, Red Hat, Slackware, SuSE, TurboLinux,
    and YellowDog.
    ** FREE Apache SSL Guide from Thawte **    
    Planning Web Server Security? Find out how to implement SSL! Get the free
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security issues and more at:
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Snort sniffs at security scare
    February 2nd, 2002
    A spat has broken out in the security community after Internet Security
    Systems (ISS) revealed a security flaw in the Snort open source intrusion
    detection system.
    * Computer Forensics Roundup
    February 1st, 2002
    The criticality of a specific topic is often portrayed in the number of
    titles that are available on that topic. Late 2001 and early 2002 have
    produced nearly a dozen books on computer forensics and cyber crime.
    * Security Policies in a Time of Terror
    January 31st, 2002
    In the aftermath of the horrific destruction of the World Trade Center
    (WTC) and the attack against the Pentagon, safety and security have leapt
    to the top of corporate concerns. Along with concern for employees,
    companies are paying more attention to threats against the information
    infrastructure that drives so much of modern business.
    * Qmail-Scanner Mail Content Scanner
    January 30th, 2002
    Jason Haar dropped us a note to inform us of the qmail content scanner.
    "Qmail-Scanner is an addon to Qmail that enables a Qmail Email server to
    scan all gatewayed Email for certain characteristics (i.e. a content
    * NIST prepping security guides
    January 30th, 2002
    The National Institute of Standards and Technology's security team will be
    releasing more than 30 guides over the coming year to help agencies with
    many crucial technical and policy security concerns, officials said last
    * Understanding IDS Active Response Mechanisms
    January 29th, 2002
    Debates still rage in the developer community over which methods of
    detecting attackers are best, but IDS customers as a whole are satisfied
    with the current IDS technology. To get an edge on the competition, many
    of the IDS vendors are adding active response capabilities to their
    | Network Security News: |
    * Passive Aggressive
    January 31st, 2002
    Black hats use 'passive fingerprinting' to identify your operating system
    without you knowing it. But the technique is useful for white hats too. On
    January 21st, a new version of an interesting program called p0f was
    * Securing WLANs and LANs End-to-End
    January 31st, 2002
    The unprecedented openness of internal systems and networks is one of
    todays greatest security challenges. Illena Armstrong reviews the complex
    issues of telecommuting, especially in view of the huge growth in wireless
    technologies.  Access to information unfettered by wires is a business
    practice that is truly taking hold of the professional world.
    |   Cryptography News:   |
    * Under Developement:  Encryption
    February 1st, 2002
    AS MYSTICS SEARCH for the lost island of Atlantis and UFO buffs seek out
    alien spacecraft, cryptologists are continuing their own quest to create
    an unbreakable code.  Michael Rabin, a Harvard University computer science
    professor, believes he has moved cryptology a step closer to its Holy
    Grail by developing a code that's undecipherable, even by those who have
    access to both the cypher text and unlimited computing power.
    * A Brief Comparison of Email Encryption Protocols
    January 30th, 2002
    This document briefly reviews and compares five major email encryption
    protocols under consideration: MOSS, MSP, PGP, PGP/MIME, and S/MIME. Each
    is capable of adequate security, but also suffers from the lack of good
    implementation, in the context of transparent email encryption.
    |  General News:         |
    * Cyberattacks On The Rise
    February 1st, 2002
    Cyberattack activity increased 79% among 300 companies surveyed between
    July and December last year by security-services vendor Riptech Inc. The
    study of companies in more than 25 countries also monitored attacks based
    on severity, intensity, and geographic sources.
    * Business should 'use privacy laws, not abuse them'
    January 31st, 2002
    The information commissioner is trying to allay business fears about using
    customer data. Do it - but do it within the law, says Elizabeth France.  
    Privacy legislation need not hold back the deployment of CRM systems or
    other data-centric business plans, the information commissioner, Elizabeth
    France, told the CRM Summit in Warwickshire yesterday.
    * Top Security Sites Easy Prey To Script Attacks - Update
    January 31st, 2002
    Web sites operated by several leading Internet security organizations are
    vulnerable to an old but serious security flaw known as the cross-site
    scripting (CSS) attack.
    * LinuxWorld: Out of the box, Linux is 'dreadfully insecure,' says
    January 29th, 2002
    Jay Beale, the lead developer of Bastille Linux and an independent
    security consultant, says it's not the Unix-based systems with interesting
    stuff on them that get hacked, it's the vulnerable ones. And if you're not
    prepared to tighten up what you get from the vendor, it's just a matter of
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 04:12:25 PST