[ISN] Linux Security Week - June 17th 2002

From: InfoSec News (isnat_private)
Date: Tue Jun 18 2002 - 03:42:38 PDT

  • Next message: InfoSec News: "[ISN] EarthLink's Passwords Are Naked"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  June 17th, 2002                              Volume 3, Number 24n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
     
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Securing Linux
    Servers and Desktops," "The Solution to Spam: Reverse Filtering,"
    "Security firms tout savings, not safety," and "Developing an Effective
    Incident Cost Analysis Mechanism."
    
    ## Developing with open standards? Demanding High Performance? ##
    Catch the Oracle9i JDeveloper wave now and check out howbuilt-in
    profilers and CodeCoach make your Java code tighterand faster than
    ever before.Download your FREE copy of Oracle9i J Developer Today. 
     
      http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle1
    
    
    This week advisories were released for mozilla, mailman, LPRng, and
    ghostscript.  The vendors include Caldera, Mozilla, and Red Hat.
    
    http://www.linuxsecurity.com/articles/forums_article-5136.html
    
    
    ** EnGarde Secure Linux walks away with Network Computing Editor's 
       Choice Award, Beats HP,Immunix... **
     
    "EnGarde walked away with our Editor's Choice award thanks to the depth of
    its security strategy, which covers nearly all the bases. Everything from
    the low-level mechanisms (binary integrity checking and stack protection)
    to high-level usability issues (including an excellent patching interface)
    demonstrate the serious effort the Guardian Digital crew has invested in
    EnGarde."
     
    http://www.linuxsecurity.com/articles/vendors_products_article-5106.html
     
    
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
     
     
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
     
    
    * Securing Linux Servers and Desktops
    June 13th, 2002
    
    Peter Sergeant sent in a link on some Linux security basics. "If you count
    Trojan horses and rootkits, Linux (as a Unix derivative) crossed this line
    a long time ago. So it is high time that we designed and implemented some
    anti-virus schemes for Linux hosts. While there are hundreds of papers
    describing the process of securing or strengthening Linux (and, yes, this
    is another indication that Linux is popular), very few of them consider
    security from the perspective of an institution's anti-virus policy. The
    aim of this article is to shed some light on this subject."
    
    http://www.linuxsecurity.com/articles/server_security_article-5132.html
    
    
    * Complex Linux virus warning
    June 13th, 2002
    
    The cross-platform Windows/Linux virus, which made headlines last week,
    has prompted a "zeitgeist of new interest" in Unix and Linux viruses.  
    Antivirus experts say that the cross-platform skills of the Simile or Etap
    virus, which cropped up last week, "seem to have led to a renewed interest
    in *nix malware".
    
    http://www.linuxsecurity.com/articles/hackscracks_article-5124.html
    
    
    * The Solution to Spam - Reverse Filtering
    June 12th, 2002
    
    What you are about to read is a solution to spam that requires no
    reengineering of e-mail, the Web or any other systems. It could be set up
    to guarantee spam blocking using simple, existing technologies. I've dealt
    with corporate intranets in the past, which have completely blocked e-mail
    from the outside unless one is on an approved list.
    
    http://www.linuxsecurity.com/articles/server_security_article-5118.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Sentry Firewall CD HOWTO
    June 14th, 2002
    
    This document is designed as an introduction on how the Sentry Firewall
    CDROM works and how to get started using the system.  This is the
    long-overdue Sentry Firewall CDROM howto. I hope this document helps get
    you started using the Sentry Firewall CD and answers any questions you
    might have regarding how the system works.
    
    http://www.linuxsecurity.com/articles/firewalls_article-5137.html
    
    
    
    +------------------------+
    |  Cryptography:         |
    +------------------------+
    
    * Crypto-Gram June 15, 2002
    June 15th, 2002
    
    In this issue, Fixing Intelligence Failures, general industry news,
    Secrecy and Security, and more. "Fundamental changes in how the United
    States copes with domestic terrorism requires, um, fundamental changes.
    
    http://www.linuxsecurity.com/articles/cryptography_article-5142.html
    
    
    
    +------------------------+
    |  Vendors/Products:     |
    +------------------------+
    
    * Super-Secure Linux, Inch by Inch
    June 12th, 2002
    
    Super-secure additions to the Linux operating system are inching closer to
    the mainstream. Developers have turned Security-Enhanced Linux (SELinux),
    a prototype created in part by the National Security Agency, into a module
    that operates almost seamlessly on the Linux operating system.
    
    
    http://www.linuxsecurity.com/articles/server_security_article-5120.html
    
    
    
    
     
    +------------------------+
    |  General:              |
    +------------------------+
    
    * Security firms tout savings, not safety
    June 13th, 2002
    
    At a recent publicity event here, two security companies and accounting
    giant PricewaterhouseCoopers showed off their latest tool for selling
    software: a calculator that lets clients estimate how much money they can
    save by using the companies' offerings.
    
    http://www.linuxsecurity.com/articles/organizations_events_article-5127.html
    
    
    * Developing an Effective Incident Cost Analysis Mechanism
    June 13th, 2002
    
    David Dittrich writes, "When it comes to calculating damages from computer
    security incidents, some in the media will tell you that it is impossible
    to come up with a value. At the same time, others will tell you that the
    Melissa Virus caused $80 million in damages to US businesses. Who is
    right? Can these damages be calculated, and if so, how?"
    
    http://www.linuxsecurity.com/articles/general_article-5126.html
    
    
    * Security firms: Stay safe, save money
    June 13th, 2002
    
    At a recent publicity event in San Francisco, two security companies and
    accounting giant PricewaterhouseCoopers showed off their latest tool for
    selling software: a calculator that lets clients estimate how much money
    they can save by using the companies' offerings.
    
    http://www.linuxsecurity.com/articles/general_article-5130.html
    
    
    * VPN adoption is strong
    June 12th, 2002
    
    Sales of virtual private networking (VPN) products and services should top
    $21.3bn this year, according to the latest estimates from San Jose,
    California-based market research firm Infonetics Research Inc, with future
    spending levels more than doubling by 2006.
    
    http://www.linuxsecurity.com/articles/firewalls_article-5122.html
    
    
    * NIST to set security standard
    June 10th, 2002
    
    The National Institute of Standards and Technology is creating a process
    to provide a standard way for agencies to certify the security level of
    their systems and networks.  The new process, which is expected to be
    released at the end of June as a NIST special publication, will measure
    the confidentiality, integrity and availability of a system and whether it
    attained a high, medium or low rating.
    
    http://www.linuxsecurity.com/articles/security_sources_article-5111.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 06:50:41 PDT