+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 8th, 2002 Volume 3, Number 27n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "How we could have prevented an Apache worm," "Advanced SQL Injection," "Integrating Flexible Support for Security Policies into the Linux Operating System (SE)," and "The State of Anomaly Detection." ## Developing with open standards? Demanding High Performance? ## Catch the Oracle9i JDeveloper wave now and check out how built-in profilers and CodeCoach make your Java code tighter and faster than ever before. Download your FREE copy of Oracle9i JDeveloper Today. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle1 This week, advisories were released for openssh, apache, mod_ssl, and squid. The vendors include Conectiva, Debian, EnGarde, Mandrake, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-5255.html ** Build Complete Internet Presence Quickly and Securely! ** EnGarde Secure Linux has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling, and database functions for an entire organization, all using a secure Web-based front-end. Engineered to be secure and easy to use! Don't jeopardize your organization with an off-the shelf Linux! -> http://www.guardiandigital.com/promo/ls150402.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Securing Servers With PHP (Portscan) July 6th, 2002 Did you ever think about using PHP as a tool for increasing network security? It's much easier to write socket code in PHP than in C, for example. This article by Maguma software developer Jim Barcelona shows how to create a simple yet effective port scanning application in PHP. http://www.linuxsecurity.com/articles/security_sources_article-5262.html * How we could have prevented an Apache worm July 3rd, 2002 One of the most contentious issues in the security community today is how and when those who discover vulnerabilities communicate their knowledge to both the companies that make the products and the public. http://www.linuxsecurity.com/articles/security_sources_article-5244.html * Advanced SQL Injection July 3rd, 2002 The paper covers in more detail some of the points described in its predecessor, providing examples to clarify areas where the previous paper was perhaps unclear. An effective method for privilege escalation is described that makes use of the openrowset function to scan a network. http://www.linuxsecurity.com/articles/host_security_article-5241.html * comp.os.linux.security FAQ Updated July 1st, 2002 Daniel Swan has sent us a note to let us know he has updated his authoritative comp.os.linux.security FAQ. "Welcome to comp.os.linux.security. We ask that you please read the FAQ before posting questions to the newsgroup. http://www.linuxsecurity.com/articles/documentation_article-5228.html * Integrating Flexible Support for Security Policies into the Linux Operating System July 1st, 2002 This article discusses implementing Mandatory Access Control in the SE Linux system. "The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. http://www.linuxsecurity.com/articles/server_security_article-5231.html +------------------------+ | Network Security News: | +------------------------+ * DNS Flaws Put Net Connected Systems At Risk July 2nd, 2002 A flaw in software that supports the Internet's DNS (Domain Name System) for translating text-based Web addresses to numeric IP (Internet Protocol) addresses can put Internet-connected systems at risk. http://www.linuxsecurity.com/articles/network_security_article-5238.html * Sentry Firewall CD HOWTO July 2nd, 2002 This document is designed as an introduction on how the Sentry Firewall CDROM works and how to get started using the system. This is the long-overdue Sentry Firewall CDROM howto. I hope this document helps get you started using the Sentry Firewall CD and answers any questions you might have regarding how the system works. http://www.linuxsecurity.com/articles/firewalls_article-5240.html * Bug puts Unix servers in a BIND July 2nd, 2002 Security watchers are warning that a security flaw affecting Domain Name System servers running Unix could prove difficult to fix. A buffer overflow vulnerability in DNS. http://www.linuxsecurity.com/articles/vendors_products_article-5237.html * One of These Things is not Like the Others: The State of Anomaly Detection July 1st, 2002 "To some, our observations can be summarized succinctly as "bugs happen". That certainly is not news. But dismissing our results so cavalierly misses. http://www.linuxsecurity.com/articles/network_security_article-5223.html +------------------------+ | Cryptography: | +------------------------+ * cDc prepares user-friendly stego app July 4th, 2002 In an effort to help Netizens in the more paranoid corners of the world evade national censorship, the cDc's Hacktivismo group is developing a browser product called Camera/Shy capable of creating and displaying images with messages which would likely get a Web site shut down or filtered in places like Saudi Arabia and China. http://www.linuxsecurity.com/articles/projects_article-5252.html * Zimmermann to Network Associates: Sell PGP back to me, or open-source it July 2nd, 2002 Philip R. Zimmermann, author of encryption program Pretty Good Privacy, is suggesting current owner Network Associates open-source PGP's code as one alternative to the program dying on the vine at the company. http://www.linuxsecurity.com/articles/cryptography_article-5234.html +------------------------+ | General: | +------------------------+ * Fed-up customers want faster bug alerts July 7th, 2002 A study of more than 300 companies published last week found that nearly 80 percent of companies support security consultants and hackers releasing information about software vulnerabilities even when the developers aren't prepared, and that they want news of potential flaws within a week. http://www.linuxsecurity.com/articles/security_sources_article-5263.html * National Security is an IT Concern July 3rd, 2002 We can't rely any longer on the comforting urban legend that the Internet is impervious to attack. The Internet is a massive collection of remotely accessible, often poorly maintained networks supported by software systems with little diversity and a history of serious security flaws. http://www.linuxsecurity.com/articles/government_article-5242.html * What It Takes to Be a CSO July 2nd, 2002 Security jobs are in the spotlight like never before, with the current heightened sensitivity to cyber-crime and national security. Add to that the fact that security. http://www.linuxsecurity.com/articles/security_sources_article-5235.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 08:26:44 PDT