+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 25th, 2002 Volume 3, Number 12n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Getting Started with Gnu Privacy Guard," "Introduction to logging," "User Authentication with PHP and Apache," and "Introduction to Intrusion Protection and Network Security." This week, the advisories were released for cups, zlib, listar, kdm, imlib. The vendors include Debian, Mandrake, Red Hat, and Trustix. http://www.linuxsecurity.com/articles/forums_article-4660.html FEATURE: Dsniff 'n the Mirror - This is a practical step by step guide showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also provides a discussion of how and why we should monitor network traffic. http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html Security & Simplicity, Finally! - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! --> http://store.guardiandigital.com Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Getting Started with Gnu Privacy Guard March 22nd, 2002 With increasingly important communications taking place using e-mail, the ability to verify the authenticity, and also protect the contents, of such correspondence has become something that everyone should know. However, the tools created to provide PGP security are generally cryptic and difficult to work with. http://www.linuxsecurity.com/articles/cryptography_article-4666.html * Securing Debian HOWTO Updated March 22nd, 2002 This has to now be one of the most comprehensive and complete Linux security documents on the Web. Nice job, guys. "This document describes the process of securing and hardening the default Debian installation. http://www.linuxsecurity.com/articles/documentation_article-4664.html * Introduction to logging March 20th, 2002 "Welcome to yet another article in the series of articles dedicated to basic system maintenace and security. This time, I plan to cover the topic of logging, and why is logging a must for every serious admin, or for any system that plans to be exposed to any kind of multi user enviroment. http://www.linuxsecurity.com/articles/server_security_article-4639.html * User Authentication with PHP and Apache March 20th, 2002 There are a number of reasons why you might want to add user authentication to your Web site. You might want to restrict access to certain pages only to a specific group of privileged users. You might want to customize the content on your site as per user preferences. http://www.linuxsecurity.com/articles/server_security_article-4642.html * Using PGP to Verify Digital Signatures March 20th, 2002 This paper (pdf) provides some background information about PGP and explains how to check signatures for validity. "PGP stands for Pretty Good Privacy. It is a computer program that uses mathematical algorithms to encrypt files and protect them from unauthorized access. It is also used to digitally sign and verify documents. http://www.linuxsecurity.com/articles/cryptography_article-4637.html * Using SSH March 19th, 2002 SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols which handle sensitive information in an unsecure manner. Telnet broadcasts sensitive information such as usernames and passwords unencrpyted whereas. http://www.linuxsecurity.com/articles/server_security_article-4633.html * Privilege Separated OpenSSH March 18th, 2002 The goal of this work is complete privilege separation within in OpenSSH. Privilege separation uses two processes: The privileged parent process that monitors the progress of the unprivileged child process. http://www.linuxsecurity.com/articles/cryptography_article-4622.html +------------------------+ | Network Security News: | +------------------------+ * Introduction to Intrusion Protection and Network Security March 23rd, 2002 In this introduction to protecting your computers from intrusion, the author discusses concepts of computer security. Selecting good passwords, using firewalls, and other security concepts are introduced. http://www.linuxsecurity.com/articles/network_security_article-4668.html +------------------------+ | Cryptography: | +------------------------+ * Crypto guru debates efficiency discovery March 19th, 2002 Encryption expert Bruce Schneier downplayed this week the importance of a University of Illinois professor's newest method of breaking the digital codes that secure information. http://www.linuxsecurity.com/articles/cryptography_article-4635.html +------------------------+ | Vendors/Products: | +------------------------+ * Warriors to demo DDoS defence March 24th, 2002 The New Zealand Defence Force is to use an international conference to put a product created by Auckland company Esphion against distributed denial of service attacks through its paces. The event, known as the Joint Warrior Interoperability Demonstration (Jwid), will involve defence personnel from New Zealand, Australia, the UK the US and Canada. http://www.linuxsecurity.com/articles/organizations_events_article-4670.html * Lcrzoex, Network Testing Toolbox March 21st, 2002 Laurent Constantin let us know that the Lcrzoex Project now contains more than 300 GPLd network testing tools. "We are proud to announce that lcrzoex now contains over 300 network testing tools. Tool which passed this mark allows to spoof an IP/UDP packet. http://www.linuxsecurity.com/articles/projects_article-4652.html +------------------------+ | General News: | +------------------------+ * A Tangled World Wide Web of Security Issues March 23rd, 2002 The World Wide Web (WWW) was initially intended as a means to share distributed information amongst individuals. Now the WWW has become the preferred environment for a multitude of e-services: e-commerce, e-banking, e-voting, e-government, etc. Security for these applications is an important enabler. http://www.linuxsecurity.com/articles/server_security_article-4669.html * Spam: It's completely out of control March 21st, 2002 [Chris Lewis] is the guardian of roughly 45,000 employees' e-mail in-boxes, protecting against unsolicited commercial messages that are nearly doubling in number every five months--and costing an estimated $1 per piece in lost productivity. http://www.linuxsecurity.com/articles/general_article-4654.html * Building trust into open source March 21st, 2002 In the past three months, the open-source community has been given a wake-up call. While Microsoft has concentrated on reviewing its flagship Windows source code as part of a new focus on security, Internet watchdogs have released the details of three widespread flaws in open-source applications usually shipped with the Linux operating system. http://www.linuxsecurity.com/articles/projects_article-4655.html * U.S. pulls 'sensitive' info off the Web March 21st, 2002 Government agencies have been ordered to clear their Web sites of sensitive information about weapons of mass destruction that could be exploited by would-be terrorists, according to memos released on Thursday. http://www.linuxsecurity.com/articles/government_article-4657.html * Web Security, Privacy & Commerce, 2nd Edition March 20th, 2002 "There are two basic reasons why a book comes out in a second edition: either the author needs the cash or the book needs to be updated. When the first edition of Web Security, Privacy & Commerce came out in 1997, it was titled Web Security & Commerce. http://www.linuxsecurity.com/articles/documentation_article-4640.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 04:42:09 PST