[ISN] Linux Security Week - April 8th 2002

From: InfoSec News (isnat_private)
Date: Tue Apr 09 2002 - 00:50:20 PDT

  • Next message: InfoSec News: "[ISN] Venturing into security"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  April 8th, 2002                              Volume 3, Number 14n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Server port 80
    plagues Internet security," "XML Security Risks," "Taking a Stateful
    Approach to Firewall Design," and "Exploring XML Encryption, Part 1."
    --> Performance and Stability meet Security 
    EnGarde has everything necessary to create thousands of virtual Web sites,
    manage e-mail, DNS, firewalling database functions for an entire
    organization, and supports high-speed broadband connections all using a
    Web-based front-end. EnGarde Secure Professional provides those features
    and more!
    This week, advisories were released for the Linux kernel, openssh, cups,
    nscd, kde, squid, mod_ssl, XFree86, rsync, and zlib.  The vendors include
    Caldera and Conectiva.
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Server port 80 plagues Internet security
    April 4th, 2002
    THE INTERNET HAS become a riskier place for businesses since the fall of
    2001 and doesn't look to be any more secure in the near future, according
    to security firm Internet Security Systems, which released its security
    incident figures for the first quarter of 2002 Wednesday.
    * Dsniff 'n the Mirror -- PDF Version
    April 2nd, 2002
    The popular article by Duane Dunston featured on LinuxSecurity.com
    recently has now been made available in the form of PDF, due to requests
    from users. "This is a practical step by step guide showing how to use
    Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also
    provides a discussion of how and why we should monitor network traffic."
    You can read Duane's article in Dsniff 'n the Mirror.The PDF version is
    also now available.
    * XML Security Risks
    April 2nd, 2002
    Data contained in XML tags needs to be secured in transit over the
    Internet, just like any other transaction. SSL and HTTPS are sufficient
    for most transactions, and companies routinely add their own further
    encryption for the stuff that really needs it. But crooks are far less
    likely to target packets in motion than the XML data residing on your
    | Network Security News: |
    * On ProxyTunnel
    April 5th, 2002
    Most of us have come across the following situation: you are working at
    your employer or at a customer location, and the local penny pinchers have
    decided that Internet access should be limited to sending mail (but only
    if it comes from the standard Exchange or Notes servers) and surfing the
    * Network security tips for managers
    April 5th, 2002
    Network Security has become an important part of today's IT staffs.
    However, there is a small part of it that needs to be a part of
    everybody's understanding that works with computers that attach to the
    Internet. I will review some basic ways to inventory your systems
    * Taking a Stateful Approach to Firewall Design
    April 5th, 2002
    Security continues to be the biggest concern for IT managers and, in turn,
    design engineers developing firewall systems. With more viruses popping up
    and hackers attacking more often, corporations are looking for any
    approach possible to plug holes in their firewall architectures. <
    * RTFM: WLan security part 1
    April 4th, 2002
    In the first of a two-part series looking at security issues facing
    wireless Lan technology, David Ludlow looks into the lengths that crackers
    will go to when they are trying to infiltrate your network.  We've all
    seen the reports and news stories proclaiming how insecure WLans are.
    * Take these precautions against inside security attacks
    April 3rd, 2002
    The biggest single threat to your IT operation is someone you probably
    know by name. Think about it. Who knows better how to penetrate your
    systems--a hacker or someone down the hall who already has access to your
    * Firestarter: Fast firewalls made simple
    April 1st, 2002
    Firestarter is a graphical based firewall interface to the
    ipchains/Netfilter (iptables) firewalls that come with your Linux
    distribution, ipchains is used mostly for 2.2.x kernels and Netfilter is
    used on 2.4.x kernels.
    |  Cryptography:         |
    * Weak crypto casts shadow over ecommerce
    April 4th, 2002
    US export restrictions and local legislation on cryptography still casts a
    shadow over the security of ecommerce site even years after regulations to
    permit the use of strong encryption.
    * Exploring XML Encryption, Part 1
    April 3rd, 2002
    XML Encryption provides end-to-end security for applications that require
    secure exchange of structured data. XML itself is the most popular
    technology for structuring data, and therefore XML-based encryption is the
    natural way to handle complex requirements for security in data
    interchange applications.
    |  General:              |
    * NIST guides target e-mail, patches
    April 7th, 2002
    The National Institute of Standards and Technology released new draft
    guidance April 3 for dealing with two of the most common sources of
    security breaches: poorly configured e-mail servers and the failure to
    apply software patches.
    * Security in a World Without Secrets
    April 5th, 2002
    Security and privacy are at a major turning point in our society. The
    events of September 11 catalyzed an already rapidly growing trend in the
    gathering of personal and enterprise information, made possible by
    advancing technologies.
    * Watch out for snooping spam
    April 5th, 2002
    Watch out--the spam choking your e-mail in-box may be loaded with software
    that lets marketers track your moves online, and you may not even be aware
    that you've been bugged.
    * Why con artists are your biggest security threat
    April 4th, 2002
    Bottom line: No product you can buy will protect you completely from the
    most serious threat to your network and your business.  That's not what
    you want to hear after laying out six figures to arm yourself with
    firewalls, antivirus software, and intrusion-detection applications, is
    * SSL encryption weaker in Europe than US
    April 3rd, 2002
    Up to 18 percent of servers using SSL (Secure Sockets Layer) encryption
    technology for Web site encryption are potentially vulnerable to hackers,
    with the problem being far more pronounced in Europe than in the U.S.,
    according to the latest monthly survey of Web server usage conducted by
    Netcraft Ltd.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 04:12:29 PDT