+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 22nd, 2002 Volume 3, Number 16n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Build a Flexible VPN with FreeS/WAN and Linux," "Linux VPN Masquerade HOWTO," "Hacking Through the Wireless Jungle," and "Uncrackable encryption: It's no longer just sci-fi." ** FREE Apache SSL Guide from Thawte ** Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. -> http://www.gothawte.com/rd252.html This week, advisories were released for libsafe, imp, syncache/syncookies, squid, webalizer, xpilot, and demarc. The vendors include Debian, FreeBSD, and Mandrake. http://www.linuxsecurity.com/articles/forums_article-4837.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Evasion tool puts Snort's nose out of joint April 17th, 2002 The darling of the intrusion detection system (IDS) industry had its nose put out of joint yesterday when a security developer released an evasion tool capable of undermining it. Open source development Snort has been heralded as one of the most flexible IDS offerings, comparing well with alternative commercial products. http://www.linuxsecurity.com/articles/intrusion_detection_article-4822.html +------------------------+ | Network Security News: | +------------------------+ * Hacking Through the Wireless Jungle April 20th, 2002 With a WLAN card and a sniffer, it is not difficult for a hacker to find a company's wireless network from a position outside the building. http://www.linuxsecurity.com/articles/network_security_article-4846.html * New tool helps hackers evade detection April 19th, 2002 A new tool for manipulating packets of data that travel over the Internet could allow attackers to camouflage malicious programs just enough to bypass many intrusion-detection systems and firewalls. http://www.linuxsecurity.com/articles/hackscracks_article-4841.html * Build a Flexible VPN with FreeS/WAN and Linux, Part 2 April 19th, 2002 Part One of this article discussed the advantages of FreeS/WAN, a Linux-based VPN package that allows even older Pentiums to be pressed into service as flexible VPN servers and offered an overview of how to build a test-bed network. http://www.linuxsecurity.com/articles/network_security_article-4840.html * Build a Flexible VPN with FreeS/WAN and Linux April 18th, 2002 FreeS/WAN is an ideal solution for the overworked, harassed network admin who needs to bring together branch offices, telecommuters, and road warriors from anywhere over the Internet, and it does it all for the price of the hardware, with requirements that are surprisingly low. http://www.linuxsecurity.com/articles/network_security_article-4831.html * Linux VPN Masquerade HOWTO April 16th, 2002 How to configure a Linux firewall to masquerade IPsec- and PPTP-based Virtual Private Network traffic, allowing you to establish a VPN connection without losing the security and flexibility of your Linux firewall's internet connection and allowing you to make available a VPN server that does not have a registered internet IP address. http://www.linuxsecurity.com/articles/documentation_article-4806.html +------------------------+ | Cryptography: | +------------------------+ * Uncrackable encryption: It's no longer just sci-fi April 19th, 2002 Imagine, if you will, a means of delivering encryption keys that is so secure that it's impossible to break because doing so would violate the laws of physics. In other words, the delivery method is so secure, it's protected by the very fabric of the universe. http://www.linuxsecurity.com/articles/cryptography_article-4836.html * Crypto-Gram April 15th, 2002 April 16th, 2002 The National Science Foundation will begin testing electronic signature technology next month that could remove the last impediment to its paperless proposal process. http://www.linuxsecurity.com/articles/cryptography_article-4808.html +------------------------+ | Vendor/Products: | +------------------------+ * Announcement of OpenSSL 0.9.6d and 0.9.7 Release Plan and Schedule April 17th, 2002 The National Science Foundation will begin testing electronic signature technology next month that could remove the last impediment to its paperless proposal process. http://www.linuxsecurity.com/articles/cryptography_article-4823.html +------------------------+ | General: | +------------------------+ * White House cyber czar describes next phase of Internet plan April 19th, 2002 Speaking before a conference of hundreds of federal technology personnel and industry officials Wednesday morning, Richard Clarke, President Bush's point man on national cybersecurity, outlined the next phase in the controversial plan to build an impenetrable information network for the federal government, known as Govnet http://www.linuxsecurity.com/articles/government_article-4838.html * Carnivore's New Leash on Life? April 18th, 2002 A graduate student at Dartmouth College wants to tame the FBI's Carnivore surveillance system. Alex Iliev has proposed a way to force anyone who wants to monitor e-mail or Web browsing to follow the rules -- and not snoop on private data that should be off-limits. Iliev's system relies on technology, not Congress or federal judges, to keep Carnivore on a very short leash. http://www.linuxsecurity.com/articles/privacy_article-4829.html * A Proposed Architecture and Roadmap April 15th, 2002 This document describes a proposed strategy for addressing security within a Web service environment. It defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies) in a way that enables a variety of systems to securely interoperate in a platform- and language-neutral manner. http://www.linuxsecurity.com/articles/network_security_article-4804.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 03:18:47 PDT