+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 3rd, 2002 Volume 3, Number 22n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "SQL Injection Walkthrough," "Intrusion Detection: Running a Hacker Simulation," "SANS Security Policy Project," and "Desperately Seeking the Security ROI." This week, advisories were released for k5su, bzip2, kernel, rc, imap, perl-Digest-MD5, fetchmail, dhcp, mailman, mozilla, nss_ldap, and tcpdump. = =20 The vendors include Conectiva, FreeBSD, Mandrake, Red Hat, and SuSE. http://www.linuxsecurity.com/articles/forums_article-5067.html FEATURE: Flying Pigs: SnortingNext GenerationSecure Remote Log Servers over TCP - A Comprehensive Guide to Building Encrypted, Secure Remote Syslog-ng Servers with the Snort Intrusion Detection System. http://www.linuxsecurity.com/feature_stories/snortlog-part1.html ** Build Complete Internet Presence Quickly and Securely! ** EnGarde Secure Linux has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling, and database functions for an entire organization, all using a secure Web-based front-end. Engineered to be secure and easy to use! --> http://www.guardiandigital.com/promo/ls230502.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Linux.Simile: Windows Virus that affects Linux Too? May 31st, 2002 {Win32,Linux}/Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It is the first known polymorphic metamorphic virus to infect under both Windows and Linux. The virus contains no destructive payload, but infected files may display messages on certain dates. It is the fourth variant of the Simile family. http://www.linuxsecurity.com/articles/server_security_article-5066.html * SQL Injection Walkthrough May 28th, 2002 When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. http://www.linuxsecurity.com/articles/server_security_article-5049.html +------------------------+ | Network Security News: | +------------------------+ * Beyond intrusion detection May 30th, 2002 Making sense of security software event logs, whether it's from your firewall or an expensive intrusion detection system, can be like trying to drink from a fire hose. Even when you find a real problem, what do you do? = =20 But intrusion detection is definitely not a bad idea. http://www.linuxsecurity.com/articles/intrusion_detection_article-5060.html * Intrusion Detection: Running a Hacker Simulation May 30th, 2002 The most common type of hacker simulation is a remote scan of a company's network, which gives the target company an idea of what its networks look like to a hacker on the Internet. http://www.linuxsecurity.com/articles/intrusion_detection_article-5065.html * Intrusion-detection net revived May 28th, 2002 The General Services Administration and Carnegie Mellon University this fall will start testing a new technology to analyze and report on patterns in the cyber intrusion information gathered across government, an idea that was first floated and eventually sunk two years ago http://www.linuxsecurity.com/articles/intrusion_detection_article-5053.html +------------------------+ | Cryptography: | +------------------------+ * COMU Privacy Guard May 30th, 2002 CPG stands for COMU Privacy Guard. It is a security tool. In essence, it is a web based shell of Gnu Privacy Guard. It ables users to perform main functions of GnuPG on the web. http://www.linuxsecurity.com/articles/cryptography_article-5063.html +------------------------+ | Vendors/Products: | +------------------------+ * Study: Open source poses security risks May 31st, 2002 A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security. http://www.linuxsecurity.com/articles/projects_article-5072.html +------------------------+ | General: | +------------------------+ * When hacking competitions go wrong May 31st, 2002 A hacking contest that promised $100,000 as first prize appears to have been weighted so heavily against competitors that some decided to hack the competition rather than the target server. http://www.linuxsecurity.com/articles/hackscracks_article-5070.html * Hackers V. Colleges: Security Bolstered for University Computer Systems May 31st, 2002 College officials said the threats are not just from smart and sophisticated pranksters and criminals, but also from mischievous teens who have figured ways to capture computers. Colleges and universities battle hackers and viruses every day as a matter of course, not unlike the way hospitals try to eradicate health-threatening germs and killer viruses to save lives. http://www.linuxsecurity.com/articles/hackscracks_article-5068.html * CERT Summary CS-2002-02 May 29th, 2002 Each quarter, the CERT=AE Coordination Center (CERT/CC) issues the CERT summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems. http://www.linuxsecurity.com/articles/security_sources_article-5055.html * SANS Security Policy Project May 27th, 2002 Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. http://www.linuxsecurity.com/articles/security_sources_article-5046.html * Desperately Seeking the Security ROI May 27th, 2002 Talk may be cheap, but the infosec price tag is not. It shouldn't come as a surprise that the infamous TCO (total cost of ownership) and ROI (return on investment) justifications have descended upon the unsuspecting troopers in the infosec trenches. Apparently, it's time for us security geeks to learn some new tricks. http://www.linuxsecurity.com/articles/organizations_events_article-5047.htm= l ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 04:45:24 PDT