[ISN] Linux Security Week - March 25th 2002

From: InfoSec News (isnat_private)
Date: Tue Mar 26 2002 - 00:33:06 PST

  • Next message: InfoSec News: "[ISN] Hackers target UK national infrastructure"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  March 25th, 2002                             Volume 3, Number 12n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
     
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
     
    This week, perhaps the most interesting articles include "Getting Started
    with Gnu Privacy Guard," "Introduction to logging," "User Authentication
    with PHP and Apache," and "Introduction to Intrusion Protection and
    Network Security."
    
    This week, the advisories were released for cups, zlib, listar, kdm,
    imlib. The vendors include Debian, Mandrake, Red Hat, and Trustix.
    
    http://www.linuxsecurity.com/articles/forums_article-4660.html
    
    
    FEATURE: Dsniff 'n the Mirror - This is a practical step by step guide
    showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep,
    and others. It also provides a discussion of how and why we should monitor
    network traffic.
    
    http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html
    
    
    Security & Simplicity, Finally! - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
     
      --> http://store.guardiandigital.com 
     
     
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
     
     
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
     
    
    * Getting Started with Gnu Privacy Guard
    March 22nd, 2002
    
    With increasingly important communications taking place using e-mail, the
    ability to verify the authenticity, and also protect the contents, of such
    correspondence has become something that everyone should know. However,
    the tools created to provide PGP security are generally cryptic and
    difficult to work with.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4666.html
    
    
    * Securing Debian HOWTO Updated
    March 22nd, 2002
    
    This has to now be one of the most comprehensive and complete Linux
    security documents on the Web. Nice job, guys. "This document describes
    the process of securing and hardening the default Debian installation.
    
    http://www.linuxsecurity.com/articles/documentation_article-4664.html
    
    
    * Introduction to logging
    March 20th, 2002
    
    "Welcome to yet another article in the series of articles dedicated to
    basic system maintenace and security. This time, I plan to cover the topic
    of logging, and why is logging a must for every serious admin, or for any
    system that plans to be exposed to any kind of multi user enviroment.
    
    http://www.linuxsecurity.com/articles/server_security_article-4639.html
    
    
    
    * User Authentication with PHP and Apache
    March 20th, 2002
    
    There are a number of reasons why you might want to add user
    authentication to your Web site.  You might want to restrict access to
    certain pages only to a specific group of privileged users. You might want
    to customize the content on your site as per user preferences.
    
    
    http://www.linuxsecurity.com/articles/server_security_article-4642.html
    
    
    
    * Using PGP to Verify Digital Signatures
    March 20th, 2002
    
    This paper (pdf) provides some background information about PGP and
    explains how to check signatures for validity.  "PGP stands for Pretty
    Good Privacy. It is a computer program that uses mathematical algorithms
    to encrypt files and protect them from unauthorized access. It is also
    used to digitally sign and verify documents.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4637.html
    
    
    * Using SSH
    March 19th, 2002
    
    SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols
    which handle sensitive information in an unsecure manner. Telnet
    broadcasts sensitive information such as usernames and passwords
    unencrpyted whereas.
    
    http://www.linuxsecurity.com/articles/server_security_article-4633.html
    
    
    * Privilege Separated OpenSSH
    March 18th, 2002
    
    The goal of this work is complete privilege separation within in OpenSSH.
    Privilege separation uses two processes: The privileged parent process
    that monitors the progress of the unprivileged child process.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4622.html
    
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Introduction to Intrusion Protection and Network Security
    March 23rd, 2002
    
    In this introduction to protecting your computers from intrusion, the
    author discusses concepts of computer security. Selecting good passwords,
    using firewalls, and other security concepts are introduced.
    
    
    http://www.linuxsecurity.com/articles/network_security_article-4668.html
    
    
    
    
    +------------------------+
    |  Cryptography:         |
    +------------------------+
    
    * Crypto guru debates efficiency discovery
    March 19th, 2002
    
    Encryption expert Bruce Schneier downplayed this week the importance of a
    University of Illinois professor's newest method of breaking the digital
    codes that secure information.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4635.html
    
    
    
    
    +------------------------+
    |  Vendors/Products:     |
    +------------------------+
     
    * Warriors to demo DDoS defence
    March 24th, 2002
    
    The New Zealand Defence Force is to use an international conference to put
    a product created by Auckland company Esphion against distributed denial
    of service attacks through its paces.  The event, known as the Joint
    Warrior Interoperability Demonstration (Jwid), will involve defence
    personnel from New Zealand, Australia, the UK the US and Canada.
    
    http://www.linuxsecurity.com/articles/organizations_events_article-4670.html
    
    
    
    * Lcrzoex, Network Testing Toolbox
    March 21st, 2002
    
    Laurent Constantin let us know that the Lcrzoex Project now contains more
    than 300 GPLd network testing tools. "We are proud to announce that
    lcrzoex now contains over 300 network testing tools. Tool which passed
    this mark allows to spoof an IP/UDP packet.
    
    http://www.linuxsecurity.com/articles/projects_article-4652.html
    
    
    
    
    
    +------------------------+
    |  General News:         |
    +------------------------+
     
    * A Tangled World Wide Web of Security Issues
    March 23rd, 2002
    
    The World Wide Web (WWW) was initially intended as a means to share
    distributed information amongst individuals. Now the WWW has become the
    preferred environment for a multitude of e-services: e-commerce,
    e-banking, e-voting, e-government, etc. Security for these applications is
    an important enabler.
    
    http://www.linuxsecurity.com/articles/server_security_article-4669.html
    
    
    * Spam: It's completely out of control
    March 21st, 2002
    
    [Chris Lewis] is the guardian of roughly 45,000 employees' e-mail
    in-boxes, protecting against unsolicited commercial messages that are
    nearly doubling in number every five months--and costing an estimated $1
    per piece in lost productivity.
    
    http://www.linuxsecurity.com/articles/general_article-4654.html
    
    
    * Building trust into open source
    March 21st, 2002
    
    In the past three months, the open-source community has been given a
    wake-up call.  While Microsoft has concentrated on reviewing its flagship
    Windows source code as part of a new focus on security, Internet watchdogs
    have released the details of three widespread flaws in open-source
    applications usually shipped with the Linux operating system.
    
    http://www.linuxsecurity.com/articles/projects_article-4655.html
    
    
    * U.S. pulls 'sensitive' info off the Web
    March 21st, 2002
    
    Government agencies have been ordered to clear their Web sites of
    sensitive information about weapons of mass destruction that could be
    exploited by would-be terrorists, according to memos released on Thursday.
    
    http://www.linuxsecurity.com/articles/government_article-4657.html
    
    
    * Web Security, Privacy & Commerce, 2nd Edition
    March 20th, 2002
    
    "There are two basic reasons why a book comes out in a second edition:
    either the author needs the cash or the book needs to be updated.  When
    the first edition of Web Security, Privacy & Commerce came out in 1997, it
    was titled Web Security & Commerce.
    
    http://www.linuxsecurity.com/articles/documentation_article-4640.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 04:42:09 PST