[ISN] Linux Security Week - May 13th 2002

From: InfoSec News (isnat_private)
Date: Tue May 14 2002 - 00:17:30 PDT

  • Next message: InfoSec News: "[ISN] Pentagon alienating elite science advisers"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 13th, 2002                               Volume 3, Number 19n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Decoding IPsec:  
    Understanding the Protocols of Virtual Private," "SSL Certificates HOWTO,"
    "Buffer Overflows - What Are They and What Can I Do About Them," and "5
    minutes to a Linux firewall."
    Secure your Apache servers with an SSL digital certificate from Thawte, a
    leading global certificate provider for the Open Source community.  Get
    our FREE Guide to learn more about why keeping your e-business secure
    helps keep it profitable.
     --> http://www.gothawte.com/rd254.html
    This week, advisories were releaed for mod python, tcpdump, imlib,
    sysconfig, webmin, netfilter, and dhcp.  The vendors include Conectiva,
    Red Hat, and SuSE.
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * SSL Certificates HOWTO
    May 10th, 2002
    A first hand approach on how to manage a certificate authority (CA), and
    issue or sign certificates to be used for secure web, secure e-mail, or
    signing code and other usages.  This HOWTO will also deal with non-linux
    applications: there is no use to issue certificates if you can't use them.
    * How secure is your password?
    May 10th, 2002
    In order to access computer networks, online bank or e-mail accounts, we
    need a wide range of usernames and passwords.  Constant attention is
    required to track what our name is in each virtual environment, and what
    password is needed at that moment to access personal information.
    * Buffer Overflows - What Are They and What Can I Do About Them?
    May 6th, 2002
    Buffer overflows have been a problem in software-based systems and
    applications for a long time. One of the first significant computer
    break-ins that took advantage of a buffer overflow was the Morris worm,
    and that happened in November 1988. The worm took advantage of a buffer
    overflow in the finger service, a service that dispenses information about
    the set of users logged into a UNIX-based computer system.
    | Network Security News: |
    * Decoding IPsec:  Understanding the Protocols of Virtual Private
    May 10th, 2002
    Acquiring a deeper understanding of how virtual private networks (VPNs)
    operate can be a daunting task. It traditionally has required sorting
    through scattered information and deciphering technical standards that
    contain a potentially confusing assortment of acronyms and algorithms.
    * Simplicity and Awareness - Keys to Network Security
    May 9th, 2002
    Few people believe that maintaining a sound network security posture is
    easy. Those who do are deluding themselves, unless they practice two
    fundamental tenets of security: simplicity and awareness.
    * Firestarter: 5 minutes to a Linux firewall:  Part 2
    May 8th, 2002
    The following article is part two of a two part series.  "Alternately, you
    could create limit rules to accept only a certain number of requests every
    second. Or if you have monitoring software that requires your box to be
    "pingable," you could accept ICMP requests from only a certain IP or set
    of IP addresses."
    |  Cryptography:         |
    * Security IC suppliers split over encryption methods
    May 12th, 2002
    Growing security concerns within the enterprise communication market are
    challenging chipmakers to develop advanced, silicon-based encryption
    techniques that will not erode processor performance.
    |  Vendor/Products:      |
    * OpenSSL 0.9.6d beta 1 released
    May 10th, 2002
    A first hand approach on how to manage a certificate authority (CA), and
    issue or sign certificates to be used for secure web, secure e-mail, or
    signing code and other usages.
    * GnuPG 1.0.7 released
    May 8th, 2002
    The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and
    data storage.  It is a complete and free replacement of PGP and can be
    used to encrypt data and to create digital signatures.  It includes an
    advanced key management facility and is compliant with the proposed
    OpenPGP Internet standard as described in RFC2440.
    |  General:              |
    * Sharing seen as critical for security
    May 9th, 2002
    The private sector manages more than 85 percent of the nation's critical
    infrastructure and must therefore collaborate with the government to
    protect those resources, according to government and industry leaders
    speaking at a May 8 Senate Governmental Affairs Committee hearing.
    * Social Engineering: The Human Side Of Hacking
    May 9th, 2002
    A woman calls a company help desk and says she's forgotten password. In a
    panic, she adds that if she misses the deadline on a big advertising
    project her boss might even fire her.
    * Security experts swarm to Honeynet challenge
    May 9th, 2002
    Reverse engineering project to unravel binary caught in the wild The
    Honeynet Project, which has been monitoring black hat hacking activity
    over the past year, has set up a new challenge to help develop reverse
    engineering skills throughout the security community.
    * Security myths costing firms
    May 8th, 2002
    SECURITY guru Peter Tippett loves to shock people. He invites IT
    professionals to seminars on network security and then says you don't need
    more network security - at least, you don't need as much as vendors want
    to sell to you.  Spend up on anti-virus software if you want to, he said.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 14 2002 - 04:12:32 PDT