[ISN] Linux Security Week - February 11th 2002

From: InfoSec News (isnat_private)
Date: Tue Feb 12 2002 - 00:58:52 PST

  • Next message: InfoSec News: "[ISN] FBI Issues New Terror Warning"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  February 11th, 2002                          Volume 3, Number 6n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Running Your
    Firewall in runlevel 0," "Using ssh Port Forwarding to Print at Remote
    Locations," "Inside the Linux Packet Filter," and "Rethinking Public Key
    Infrastructures and Digital Certificates and Privacy."
    FEATURE: Using Chroot Securely - The chroot() function can be a powerful
    mechanism to secure your system, but only if used correctly.  Anton
    provides a good foundation for implementing it in your programs and
    services running on your system.
    This week, advisories were released for pine, rsync, FreeBSD kernel, wmtv,
    and telnet.  The vendors include Conectiva, Debian, FreeBSD, and Red Hat.
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Five years ago: McAfee finds first known Linux virus
    February 8th, 2002
    Called Bliss, the virus is important because it is the first to attack
    Linux, a freeware variant of Unix that is often used in Web site
    administration. UNIX flavours have always been considered difficult to
    infect because administration rights are required to create the virus;
    McAfee believes that multi-user games played in administrator mode may
    have caused the problem.
    | Network Security News: |
    * Running Your Firewall in runlevel 0
    February 10th, 2002
    Mike Murray describes how he patched the 2.2 Linux kernel to run an
    ipchains packet filtering firewall when the machine is halted. "As systems
    administrators, it's often funny how new and interesting information ends
    up in our hands.  Sometimes, it's through an intentional course of study;  
    other times, it seems to arrive by accident.
    * Using ssh Port Forwarding to Print at Remote Locations
    February 8th, 2002
    Rory shows you how to connect the printing systems on different networks
    across the Internet in a secure manner.  Whether you telecommute or not,
    you probably use some form of electronic connectivity to the office when
    you are not there. Can you check your work e-mail at home?
    * Inside the Linux Packet Filter
    February 7th, 2002
    In Part I of this two-part series on the Linux Packet Filter, Gianluca
    describes a packet's journey through the kernel.  Network geeks among you
    may remember my article, ``Linux Socket Filter: Sniffing Bytes over the
    Network'', in the June 2001 issue of LJ, regarding the use of the packet
    filter built inside the Linux kernel.
    * Using Active FTP Clients Through an OpenBSD 3.0 Firewall
    February 5th, 2002
    With release 3.0 the OpenBSD project replaced Darren Reed's ipf software
    with the more license friendly pf filtering software. While pf and ipf are
    very similar in overall design, there are many subtle differences bewteen
    the two. This paper will focus on one particular difference between the
    two, how to allow outbound active FTP access from clients protected by an
    OpenBSD 3.0 firewall.
    |   Cryptography News:   |
    * First New Advanced Encryption Standard In 25 Years Approved
    February 10th, 2002
    Secretary of Commerce, Don Evans, announced the National Institute of
    Standards and Technology?s (NIST; www.nist.gov), approval of a new
    information technology encryption standard for the federal government.
    * Encryption Leaves DES Behind
    February 7th, 2002
    A nice summary of all the issues pertaining to AES and how it has replaced
    DES as the encryption standard. "Nothing moves fast in the world of
    encryption, which may help explain why the U.S. is only now about to leave
    56-bit DES behind for new encryption schemes.
    * The encrypted jihad
    February 5th, 2002
    Ironically, winning possession of computer equipment on the battlefield
    may be the easy part; terrorists today have the capacity to protect data
    with encryption schemes that not even America's high-tech big guns can
    crack. The number of possible keys in the new 256-bit Advanced Encryption
    Standard (AES), for example, is 1 followed by 77 zeros -- a figure
    comparable to the total number of atoms in the universe.
    * Rethinking Public Key Infrastructures and Digital Certificates and
    February 4th, 2002
    This is a background book for technical staff and some managers involved
    in e-commerce or its implementations. Its focus is clearly described by
    its title and does not wander from that topic. Much of the content is
    academic and very mathematical.
    |  Vendors/Products:     |
    * Linux security auditing to get a boost
    February 6th, 2002
    Funded by the Defense Advanced Research Project Agency, the same
    organization to initially bankroll the predecessor to the Internet, the
    Sardonix Audit Portal aims to be the one-stop portal for organizing the
    efforts of critical code reviewers everywhere and boost the frequency with
    which programmers critique the code of others.
    * Hardened OSes Boost E-commerce Security
    February 6th, 2002
    Enter the resurrection of the TOS (trusted operating system), a relic from
    the early '80s developed for military and government security. Considered
    by many to be too expensive and complicated to implement and maintain,
    TOSes failed to catch on when introduced to the commercial sector and
    instead were pigeonholed into the financial industry.
    |  General News:         |
    * Securing Your Enterprise Email with Digital IDs
    February 8th, 2002
    Do people in your company send confidential information to business
    partners or remote employees via Internet email? Are they using some form
    of digital ID system to secure their communications? If they're not, any
    sensitive information contained in those messages is at risk as the email
    travels across the Internet.
    * Cybersecurity a Top Priority
    February 8th, 2002
    The unusual announcements from three of the technology industry's most
    powerful men came just weeks apart.  Microsoft Corp. Chairman Bill Gates
    declared that making his company's software less vulnerable to security
    breaches would take precedence over adding new features.
    * Site to pool scrutiny of Linux security
    February 7th, 2002
    A government-funded initiative announced Tuesday aims to boost code review
    of open-source software to prevent security holes.  Funded by the Defense
    Advanced Research Project Agency, the same organization to initially
    bankroll the predecessor to the Internet, the Sardonix Audit Portal aims
    to be the one-stop portal for organizing the efforts of critical code
    reviewers everywhere and boost the frequency with which programmers
    critique the code of others.
    * Analysts: Security's where the money is
    February 7th, 2002
    Two segments of the computer-security industry should shake off the
    general tech-market malaise and score double-digit growth this year, a
    pair of market researchers said Monday. Gartner analyst firm Dataquest
    forecast that the worldwide security-software market will grow to $4.3
    billion this year, up 18 percent from $3.6 billion in 2001.
    * Outside Hackers vs. the Enemy Within: Who's Worse?
    February 5th, 2002
    The 2001 Computer Crime and Security Survey from the Federal Bureau of
    Investigation and the Computer Security Institute makes it clear that
    cybercrime is on the rise. But for the first time, according to survey
    respondents, incidents precipitated by outside hackers outnumbered those
    originated by internal threats.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 04:47:26 PST