[ISN] Linux Security Week - March 18th 2002

From: InfoSec News (isnat_private)
Date: Mon Mar 18 2002 - 23:37:36 PST

  • Next message: InfoSec News: "RE: [ISN] Personnel Shortage Hindering Net Security"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  March 18th, 2002                             Volume 3, Number 11n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Increasing
    Performance in High Speed NIDS," "Going to the Source: Reporting Security
    Incidents to ISPs," "Design the best security topology for y our
    firewall," and "Hardening Sendmail."
    FEATURE: Linux Data Hiding and Recovery - Just when you thought your data
    was removed forever, Anton Chuvakin shows us how to recover data and even
    how data can surruptitiously be hidden within space on the filesystem.
    This week, advisories were released for zlib, mod_ssl, xtel, pam_pgsql,
    cyrus-sasl, netscape, mod_frontpage, openssh, rsync, gzip, NetBSD kernel,
    php, fileutils, and cvs.  The vendors include Conectiva, Debian, EnGarde,
    FreeBSD, Immunix, Mandrake, NetBSD, Red Hat, Slackware, SuSE, Trustix, and
    Yellow Dog Linux.
    Security & Simplicity, Finally! - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
      --> http://store.guardiandigital.com 
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Hosting email for virtual domains using Postfix and Cyrus
    March 16th, 2002
    This document makes a humble attempt in explaining how to get Cyrus to
    work. I am by no mean an expert in Cyrus IMAP or SASL or Postfix or
    whatever for that matter so please send me any feedback you may have.
    * Hardening Sendmail
    March 15th, 2002
    Ah, sendmail. You either love it for being so versatile and ubiquitous, or
    you hate it for being bloated, complicated and insecure. Or perhaps you're
    a complete newcomer to the e-mail server game and would like to give
    sendmail a try (after all, sendmail is arguably the most popular
    open-source software package on the Internet).
    * Definitive guide to writing a Linux virus
    March 15th, 2002
    Following on from this week's discovery of the Jac Linux virus, an open
    source hacker from the University of Linz, Austria, has released a
    definitive guide to writing Linux viruses. The Jac virus was discovered on
    Tuesday and quickly dismissed by the Linux community for its inability to
    spread effectively - a common occurrence in Linux viruses.
    * UK study: Passwords often easy to crack
    March 14th, 2002
    Computer passwords are supposed to be secret. But psychologists say it is
    possible to predict a password based on the personalities of users or even
    what is on their desks.
    | Network Security News: |
    * Increasing Performance in High Speed NIDS
    March 15th, 2002
    This PDF document is a very technical overview of the Snort NIDS, and
    discusses efforts currently underway to improve the performance of Snort.
    * Design the best security topology for your firewall
    March 12th, 2002
    At its most basic level, a firewall is some sort of hardware or software
    that filters traffic between your company's network and the Internet. With
    the large number of hackers roaming the Internet today and the ease of
    downloading hacking tools, every network should have a security policy
    that includes a firewall design.
    |  Cryptography:         |
    * Crypto-Gram March 15, 2002
    March 15th, 2002
    In this issue SNMP vulnerabilities, "Responsible Disclosure" by the IETF,
    Terrorists, Cryptography and Export Laws, and info on Bernstein's
    Factoring Breakthrough. Schneier writes, "The so-called "Responsible
    Disclosure" IETF document has been released as a draft. cyber-terrorism,
    and I will explain them in terms of everyday network security.
    * Factoring gains won't break strong crypto - Schneier
    March 13th, 2002
    Concerns that improvements in factoring technology might make it easier to
    break large key length encryption codes are misplaced, according to noted
    cryptographer Bruce Schneier.
    |  General News:         |
    * Analysts: Security flaws won't undermine Linux
    March 15th, 2002
    Although two potential security vulnerabilities affecting the Linux
    operating system have surfaced in the past three weeks, analysts and two
    users say the incidents won't erode confidence in Linux as a secure and
    economical alternative to Windows and Unix.
    * The Myth of Open Source Security Revisited v2.0
    March 15th, 2002
    This article is a followup to an article entitled The Myth of Open Source
    Security Revisited. The original article tackled the common misconception
    amongst users of Open Source Software(OSS) that OSS is a panacea when it
    comes to creating secure software.
    * Security: Oh, that vulnerable feeling
    March 14th, 2002
    There is no doubt that the Internet has brought unparalleled connectivity
    to computers, especially in the last few years. But ironically, this very
    advantage has also been the bane of hundreds of corporations, all of which
    critically depend on these connections to conduct their daily business.
    * Significant Vulnerability Afflicts Linux Systems
    March 14th, 2002
    Today in a coordinated effort between all major Linux vendors, a
    vulnerability in the zlib library was announced, potentially affecting
    every installed Linux system in existance.
    * Going to the Source: Reporting Security Incidents to ISPs
    March 13th, 2002
    My interest in abuse notifications began when Warez pirates started using
    my trustingly anonymous FTP server as their personal playground. I
    realized that my system needed to be locked against this type of intrusion
    and that I had failed to provide adequate safeguards.
    * Flaw weakens Linux computers
    March 11th, 2002
    A flaw in a software-compression library used in all versions of Linux
    could leave the lion's share of systems based on the open-source operating
    system open to attack, said sources in the security community on Monday.  
    Several other operating systems that use open-source components could be
    vulnerable as well.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 02:30:25 PST