[ISN] Linux Security Week - June 3rd 2002

From: InfoSec News (isnat_private)
Date: Tue Jun 04 2002 - 01:39:19 PDT

  • Next message: InfoSec News: "Re: [ISN] The War in All its Online Glory"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  June 3rd, 2002                               Volume 3, Number 22n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "SQL Injection
    Walkthrough," "Intrusion Detection: Running a Hacker Simulation," "SANS
    Security Policy Project," and "Desperately Seeking the Security ROI."
    This week, advisories were released for k5su, bzip2, kernel, rc, imap,
    perl-Digest-MD5, fetchmail, dhcp, mailman, mozilla, nss_ldap, and tcpdump. =
    The vendors include Conectiva, FreeBSD, Mandrake, Red Hat, and SuSE.
    FEATURE: Flying Pigs: SnortingNext GenerationSecure Remote Log Servers
    over TCP - A Comprehensive Guide to Building Encrypted, Secure Remote
    Syslog-ng Servers with the Snort Intrusion Detection System.
    ** Build Complete Internet Presence Quickly and Securely! **
    EnGarde Secure Linux has everything necessary to create thousands of
    virtual Web sites, manage e-mail, DNS, firewalling, and database functions
    for an entire organization, all using a secure Web-based front-end.
    Engineered to be secure and easy to use!
     --> http://www.guardiandigital.com/promo/ls230502.html
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Linux.Simile: Windows Virus that affects Linux Too?
    May 31st, 2002
    {Win32,Linux}/Simile.D is a very complex virus that uses entry-point
    obscuring, metamorphism, and polymorphic decryption. It is the first known
    polymorphic metamorphic virus to infect under both Windows and Linux. The
    virus contains no destructive payload, but infected files may display
    messages on certain dates. It is the fourth variant of the Simile family.
    * SQL Injection Walkthrough
    May 28th, 2002
    When a machine has only port 80 opened, your most trusted vulnerability
    scanner cannot return anything useful, and you know that the admin always
    patch his server, we have to turn to web hacking. SQL injection is one of
    type of web hacking that require nothing but port 80 and it might just
    work even if the admin is patch-happy.
    | Network Security News: |
    * Beyond intrusion detection
    May 30th, 2002
    Making sense of security software event logs, whether it's from your
    firewall or an expensive intrusion detection system, can be like trying to
    drink from a fire hose. Even when you find a real problem, what do you do? =
    But intrusion detection is definitely not a bad idea.
    * Intrusion Detection: Running a Hacker Simulation
    May 30th, 2002
    The most common type of hacker simulation is a remote scan of a company's
    network, which gives the target company an idea of what its networks look
    like to a hacker on the Internet.
    * Intrusion-detection net revived
    May 28th, 2002
    The General Services Administration and Carnegie Mellon University this
    fall will start testing a new technology to analyze and report on patterns
    in the cyber intrusion information gathered across government, an idea
    that was first floated and eventually sunk two years ago
    |  Cryptography:         |
    * COMU Privacy Guard
    May 30th, 2002
    CPG stands for COMU Privacy Guard. It is a security tool. In essence, it
    is a web based shell of Gnu Privacy Guard. It ables users to perform main
    functions of GnuPG on the web.
    |  Vendors/Products:     |
    * Study: Open source poses security risks
    May 31st, 2002
    A conservative U.S. think tank suggests in an upcoming report that
    open-source software is inherently less secure than proprietary software,
    and warns governments against relying on it for national security.
    |  General:              |
    * When hacking competitions go wrong
    May 31st, 2002
    A hacking contest that promised $100,000 as first prize appears to have
    been weighted so heavily against competitors that some decided to hack the
    competition rather than the target server.
    * Hackers V. Colleges: Security Bolstered for University Computer
    May 31st, 2002
    College officials said the threats are not just from smart and
    sophisticated pranksters and criminals, but also from mischievous teens
    who have figured ways to capture computers. Colleges and universities
    battle hackers and viruses every day as a matter of course, not unlike the
    way hospitals try to eradicate health-threatening germs and killer viruses
    to save lives.
    * CERT Summary CS-2002-02
    May 29th, 2002
    Each quarter, the CERT=AE Coordination Center (CERT/CC) issues the CERT
    summary to draw attention to the types of attacks reported to our incident
    response team, as well as other noteworthy incident and vulnerability
    information. The summary includes pointers to sources of information for
    dealing with the problems.
    * SANS Security Policy Project
    May 27th, 2002
    Welcome to the SANS Security Policy Resource page, a consensus research
    project of the SANS community. The ultimate goal of the project is to
    offer everything you need for rapid development and implementation of
    information security policies.
    * Desperately Seeking the Security ROI
    May 27th, 2002
    Talk may be cheap, but the infosec price tag is not. It shouldn't come as
    a surprise that the infamous TCO (total cost of ownership) and ROI (return
    on investment) justifications have descended upon the unsuspecting
    troopers in the infosec trenches. Apparently, it's time for us security
    geeks to learn some new tricks.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 04:45:24 PDT