+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 4th, 2002 Volume 3, Number 5n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Computer Forensics Roundup," "Security Policies in a Time of Terror," "Securing WLANs and LANs End-to-End," and "Understanding IDS Active Response Mechanisms." FEATURE: Approaches to choosing the strength of your security measures Anton Chuvakin discusses the known approaches to choosing the level of security for your organization, risk assessment, and finding the balance between effective security practices and the existing budget. http://www.linuxsecurity.com/feature_stories/feature_story-98.html This week, advisories were released for rsync, k5su, enscript, gzip, ptrace, sudo, x-chat, sane-backends, pine, at, uucp, mutt, openldap, squid, and xinetd. The vendors include Caldera, Conectiva, Debian, EnGarde, FreeBSD, Mandrake, FreeBSD, Red Hat, Slackware, SuSE, TurboLinux, and YellowDog. http://www.linuxsecurity.com/articles/forums_article-4376.html ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd182.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Snort sniffs at security scare February 2nd, 2002 A spat has broken out in the security community after Internet Security Systems (ISS) revealed a security flaw in the Snort open source intrusion detection system. http://www.linuxsecurity.com/articles/intrusion_detection_article-4381.html * Computer Forensics Roundup February 1st, 2002 The criticality of a specific topic is often portrayed in the number of titles that are available on that topic. Late 2001 and early 2002 have produced nearly a dozen books on computer forensics and cyber crime. http://www.linuxsecurity.com/articles/security_sources_article-4380.html * Security Policies in a Time of Terror January 31st, 2002 In the aftermath of the horrific destruction of the World Trade Center (WTC) and the attack against the Pentagon, safety and security have leapt to the top of corporate concerns. Along with concern for employees, companies are paying more attention to threats against the information infrastructure that drives so much of modern business. http://www.linuxsecurity.com/articles/general_article-4368.html * Qmail-Scanner Mail Content Scanner January 30th, 2002 Jason Haar dropped us a note to inform us of the qmail content scanner. "Qmail-Scanner is an addon to Qmail that enables a Qmail Email server to scan all gatewayed Email for certain characteristics (i.e. a content scanner. http://www.linuxsecurity.com/articles/server_security_article-4361.html * NIST prepping security guides January 30th, 2002 The National Institute of Standards and Technology's security team will be releasing more than 30 guides over the coming year to help agencies with many crucial technical and policy security concerns, officials said last week. http://www.linuxsecurity.com/articles/government_article-4358.html * Understanding IDS Active Response Mechanisms January 29th, 2002 Debates still rage in the developer community over which methods of detecting attackers are best, but IDS customers as a whole are satisfied with the current IDS technology. To get an edge on the competition, many of the IDS vendors are adding active response capabilities to their products. http://www.linuxsecurity.com/articles/intrusion_detection_article-4354.html +------------------------+ | Network Security News: | +------------------------+ * Passive Aggressive January 31st, 2002 Black hats use 'passive fingerprinting' to identify your operating system without you knowing it. But the technique is useful for white hats too. On January 21st, a new version of an interesting program called p0f was released. http://www.linuxsecurity.com/articles/hackscracks_article-4372.html * Securing WLANs and LANs End-to-End January 31st, 2002 The unprecedented openness of internal systems and networks is one of todays greatest security challenges. Illena Armstrong reviews the complex issues of telecommuting, especially in view of the huge growth in wireless technologies. Access to information unfettered by wires is a business practice that is truly taking hold of the professional world. http://www.linuxsecurity.com/articles/network_security_article-4374.html +------------------------+ | Cryptography News: | +------------------------+ * Under Developement: Encryption February 1st, 2002 AS MYSTICS SEARCH for the lost island of Atlantis and UFO buffs seek out alien spacecraft, cryptologists are continuing their own quest to create an unbreakable code. Michael Rabin, a Harvard University computer science professor, believes he has moved cryptology a step closer to its Holy Grail by developing a code that's undecipherable, even by those who have access to both the cypher text and unlimited computing power. http://www.linuxsecurity.com/articles/cryptography_article-4377.html * A Brief Comparison of Email Encryption Protocols January 30th, 2002 This document briefly reviews and compares five major email encryption protocols under consideration: MOSS, MSP, PGP, PGP/MIME, and S/MIME. Each is capable of adequate security, but also suffers from the lack of good implementation, in the context of transparent email encryption. http://www.linuxsecurity.com/articles/cryptography_article-4356.html +------------------------+ | General News: | +------------------------+ * Cyberattacks On The Rise February 1st, 2002 Cyberattack activity increased 79% among 300 companies surveyed between July and December last year by security-services vendor Riptech Inc. The study of companies in more than 25 countries also monitored attacks based on severity, intensity, and geographic sources. http://www.linuxsecurity.com/articles/hackscracks_article-4378.html * Business should 'use privacy laws, not abuse them' January 31st, 2002 The information commissioner is trying to allay business fears about using customer data. Do it - but do it within the law, says Elizabeth France. Privacy legislation need not hold back the deployment of CRM systems or other data-centric business plans, the information commissioner, Elizabeth France, told the CRM Summit in Warwickshire yesterday. http://www.linuxsecurity.com/articles/privacy_article-4370.html * Top Security Sites Easy Prey To Script Attacks - Update January 31st, 2002 Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack. http://www.linuxsecurity.com/articles/hackscracks_article-4375.html * LinuxWorld: Out of the box, Linux is 'dreadfully insecure,' says Beale January 29th, 2002 Jay Beale, the lead developer of Bastille Linux and an independent security consultant, says it's not the Unix-based systems with interesting stuff on them that get hacked, it's the vulnerable ones. And if you're not prepared to tighten up what you get from the vendor, it's just a matter of time http://www.linuxsecurity.com/articles/server_security_article-4352.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 04:12:25 PST