+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 24th, 2002 Volume 3, Number 25n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Using OpenLDAP For Authentication," "Filtering E-Mail with Postfix and Procmail," "Network Security with OpenSSL," and "VPN Implementation in Cluster Computing." ## Developing with open standards? Demanding High Performance? ## Catch the Oracle9i JDeveloper wave now and check out how built-in profilers and CodeCoach make your Java code tighter and faster than ever before. Download your FREE copy of Oracle9i J Developer Today. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle1 This week, advisories were released for apache, fetchmail, and dhcp. The vendors include Caldera, Conectiva, Debian, EnGarde, FreeBSD, Red Hat, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-3.html *** Guardian Digital offers new Secure Linux server OS *** Setting up a secure server isn't necessarily for the faint of heart. To make it easier for IT administrators, Guardian Digital Inc. has released EnGarde Secure Linux Version 1.2, offering a secure server operating system for mail, Web and other services without the hassle of an intricate customization. http://www.linuxsecurity.com/articles/vendors_products_article-5153.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * What Really Is 'Forensics'? June 20th, 2002 First of all, all attacks are not created equal. There are script kiddie attacks, attacks by serious hackers, by insiders, by fraudsters, and attacks by just about any other malefactor you can imagine who has a bone to pick with his or her intended victim. http://www.linuxsecurity.com/articles/intrusion_detection_article-5168.html * Using OpenLDAP For Authentication June 19th, 2002 There are few tutorials on how to accomplish using LDAP for authentication, and I found them to be difficult to understand or incomplete, and as a result some research and testing was done to setup LDAP-based authentication on Mandrake Linux. http://www.linuxsecurity.com/articles/network_security_article-5166.html * Two Open Source Security Code Scanners June 19th, 2002 Secure Programming HOWTO and the RATS development team from Secure Software Solutions today announced open source source code security flaw scanners. RATS scans through code, finding potentially dangerous function calls. The goal of this tool is not to definitively find bugs. http://www.linuxsecurity.com/articles/projects_article-3046.html * LIDS FAQ v0.15 June 19th, 2002 Version 0.15 of the LIDS FAQ is available. LIDS is an enhancement for the Linux kernel written by Xie Huagang and Philippe Biondi. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection. http://www.linuxsecurity.com/articles/intrusion_detection_article-4003.html * Filtering E-Mail with Postfix and Procmail, Part One of Three June 18th, 2002 Most folks dislike spam in their e-mail. Spam takes up our network, disk, and cpu resources. It requires that we weed through unwanted messages to find the ones that we requested. (I'm not going to try to convince you that spam is not good, you can check out some of the anti-spam resources listed in. http://www.linuxsecurity.com/articles/privacy_article-5155.html +------------------------+ | Network Security News: | +------------------------+ * Network Security with OpenSSL June 21st, 2002 Network Security with OpenSSL by John Viega, Matt Messier, and Pravir Chandra. It focuses on the practical uses of OpenSSL in securing network communications in a safe and effective manner. http://www.linuxsecurity.com/articles/security_sources_article-5177.html * Policy Development: Training the Troops June 20th, 2002 Teachers around the globe will often post school rules on the walls of their classrooms for their pupils to read and, hopefully, follow. Frequently, they will first educate students about the importance of the rules and why they should adhere to them, then discuss disciplinary actions they may take if students choose to ignore them. http://www.linuxsecurity.com/articles/security_sources_article-5171.html * Securing Small Networks with OpenBSD Part 5 June 20th, 2002 Watching pf logs can be exciting for the first few hours, but it soon becomes a boring activity best left to the machines. But first we need to know how OpenBSD manages pf logs. The pf packet logging mechanism uses the standard system logger daemon syslogd to store packet information in /var/log/pflog. http://www.linuxsecurity.com/articles/server_security_article-1.html * VPN Implementation in Cluster Computing June 19th, 2002 VPNs often are heralded as one of the most cutting-edge, cost-saving solutions to various applications, and they are widely deployed in the areas of security, infrastructure expansion and inter-networking. A VPN adds more dimension to networking and infrastructure because it enables private networks to be connected in secure and robust ways. http://www.linuxsecurity.com/articles/server_security_article-5161.html +------------------------+ | Cryptography: | +------------------------+ * Fears of Misuse of Encryption System Are Voiced June 20th, 2002 A leading European computer security and privacy advocate is challenging an effort by the American computer industry to create a standard to protect software and digital content, calling the plan a smoke screen by established companies to protect their existing markets. http://www.linuxsecurity.com/articles/cryptography_article-5169.html +------------------------+ | Vendors/Products: | +------------------------+ * OpenSSH 3.3 released June 21st, 2002 A leading European computer security and privacy advocate is challenging an effort by the American computer industry to create a standard to protect software and digital content, calling the plan a smoke screen by established companies to protect their existing markets. http://www.linuxsecurity.com/articles/cryptography_article-5178.html * Secure Coding June 21st, 2002 Several months ago, Bill Gates announced that security would be the number one priority at Microsoft. Several groups at Microsoft, such as the Trusted Computing Group and the Secure Windows Initiative strive to improve security in Microsoft products and ultimately improve security for individuals and corporations worldwide. http://www.linuxsecurity.com/articles/security_sources_article-6.html * WhiteHat Arsenal Tool Set Aims to Knock Off Web Site Black Hats June 19th, 2002 When designing Web sites, developers usually focus on the appearance and the back end. And they generally rush to get their e-commerce sites to production, often at the expense of adequate security and testing. In fact, Web applications are the weak link. http://www.linuxsecurity.com/articles/vendors_products_article-5165.html * Guardian Digital offers new Secure Linux server OS June 17th, 2002 Setting up a secure server isn't necessarily for the faint of heart. To make it easier for IT administrators, Guardian Digital Inc. has released EnGarde Secure Linux Version 1.2, offering a secure server operating system for mail, Web and other servers without the hassle of an intricate customization. http://www.linuxsecurity.com/articles/vendors_products_article-5153.html +------------------------+ | General: | +------------------------+ * Open, closed source security about equal? June 21st, 2002 Proprietary programs should mathematically be as secure as those developed under the open-source model, a Cambridge University researcher argued in a paper presented Thursday at a technical conference in Toulouse, France. http://www.linuxsecurity.com/articles/security_sources_article-4.html * Apache: Threat Becomes Vulnerability Becomes Exploit June 21st, 2002 The recent situation regarding the Apache chunk encoding vulnerability has caused plenty of controversy in the security industry. It initially began with the community dislike of the release of information. Then it was debated as to weather or not this was really an exploitable. http://www.linuxsecurity.com/articles/vendors_products_article-7.html * Security Conscious Reminders June 20th, 2002 As the days pass in 2002, folks in the corporate world and even in their home networks are realizing that security is a necessity. I don't need to be telling you this since you are reading this article from a security related website. http://www.linuxsecurity.com/articles/general_article-5172.html * Are security advisories released too soon? June 19th, 2002 Network protection company Internet Security Systems published a security advisory for Apache, the Internet's most popular Web server, and gave the Apache Foundation, which created the software, less than two hours to respond. http://www.linuxsecurity.com/articles/forums_article-5163.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 08:18:06 PDT