[ISN] Linux Security Week - July 8th 2002

From: InfoSec News (isnat_private)
Date: Tue Jul 09 2002 - 04:59:21 PDT

  • Next message: InfoSec News: "[ISN] Lights' malfunction at airport attributed to computer glitch"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  July 8th, 2002                               Volume 3, Number 27n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "How we could
    have prevented an Apache worm," "Advanced SQL Injection," "Integrating
    Flexible Support for Security Policies into the Linux Operating System
    (SE)," and "The State of Anomaly Detection."
    ## Developing with open standards? Demanding High Performance? ##
    Catch the Oracle9i JDeveloper wave now and check out how built-in
    profilers and CodeCoach make your Java code tighter and faster than ever
    before. Download your FREE copy of Oracle9i JDeveloper Today.
    This week, advisories were released for openssh, apache, mod_ssl, and
    squid. The vendors include Conectiva, Debian, EnGarde, Mandrake, SuSE, and
    ** Build Complete Internet Presence Quickly and Securely! ** 
    EnGarde Secure Linux has everything necessary to create thousands of
    virtual Web sites, manage e-mail, DNS, firewalling, and database functions
    for an entire organization, all using a secure Web-based front-end.
    Engineered to be secure and easy to use!
    Don't jeopardize your organization with an off-the shelf Linux!
      -> http://www.guardiandigital.com/promo/ls150402.html
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Securing Servers With PHP (Portscan)
    July 6th, 2002
    Did you ever think about using PHP as a tool for increasing network
    security? It's much easier to write socket code in PHP than in C, for
    example. This article by Maguma software developer Jim Barcelona shows how
    to create a simple yet effective port scanning application in PHP.
    * How we could have prevented an Apache worm
    July 3rd, 2002
    One of the most contentious issues in the security community today is how
    and when those who discover vulnerabilities communicate their knowledge to
    both the companies that make the products and the public.
    * Advanced SQL Injection
    July 3rd, 2002
    The paper covers in more detail some of the points described in its
    predecessor, providing examples to clarify areas where the previous paper
    was perhaps unclear. An effective method for privilege escalation is
    described that makes use of the openrowset function to scan a network.
    * comp.os.linux.security FAQ Updated
    July 1st, 2002
    Daniel Swan has sent us a note to let us know he has updated his
    authoritative comp.os.linux.security FAQ. "Welcome to
    comp.os.linux.security.  We ask that you please read the FAQ before
    posting questions to the newsgroup.
    * Integrating Flexible Support for Security Policies into the Linux
    Operating System
    July 1st, 2002
    This article discusses implementing Mandatory Access Control in the SE
    Linux system. "The protection mechanisms of current mainstream operating
    systems are inadequate to support confidentiality and integrity
    requirements for end systems.
    | Network Security News: |
    * DNS Flaws Put Net Connected Systems At Risk
    July 2nd, 2002
    A flaw in software that supports the Internet's DNS (Domain Name System)
    for translating text-based Web addresses to numeric IP (Internet Protocol)
    addresses can put Internet-connected systems at risk.
    * Sentry Firewall CD HOWTO
    July 2nd, 2002
    This document is designed as an introduction on how the Sentry Firewall
    CDROM works and how to get started using the system. This is the
    long-overdue Sentry Firewall CDROM howto. I hope this document helps get
    you started using the Sentry Firewall CD and answers any questions you
    might have regarding how the system works.
    * Bug puts Unix servers in a BIND
    July 2nd, 2002
    Security watchers are warning that a security flaw affecting Domain Name
    System servers running Unix could prove difficult to fix. A buffer
    overflow vulnerability in DNS.
    * One of These Things is not Like the Others: The State of Anomaly
    July 1st, 2002
    "To some, our observations can be summarized succinctly as "bugs happen".
    That certainly is not news. But dismissing our results so cavalierly
    |  Cryptography:         |
    * cDc prepares user-friendly stego app
    July 4th, 2002
    In an effort to help Netizens in the more paranoid corners of the world
    evade national censorship, the cDc's Hacktivismo group is developing a
    browser product called Camera/Shy capable of creating and displaying
    images with messages which would likely get a Web site shut down or
    filtered in places like Saudi Arabia and China.
    * Zimmermann to Network Associates: Sell PGP back to me, or
    open-source it
    July 2nd, 2002
    Philip R. Zimmermann, author of encryption program Pretty Good Privacy, is
    suggesting current owner Network Associates open-source PGP's code as one
    alternative to the program dying on the vine at the company.
    |  General:              |
    * Fed-up customers want faster bug alerts
    July 7th, 2002
    A study of more than 300 companies published last week found that nearly
    80 percent of companies support security consultants and hackers releasing
    information about software vulnerabilities even when the developers aren't
    prepared, and that they want news of potential flaws within a week.
    * National Security is an IT Concern
    July 3rd, 2002
    We can't rely any longer on the comforting urban legend that the Internet
    is impervious to attack. The Internet is a massive collection of remotely
    accessible, often poorly maintained networks supported by software systems
    with little diversity and a history of serious security flaws.
    * What It Takes to Be a CSO
    July 2nd, 2002
    Security jobs are in the spotlight like never before, with the current
    heightened sensitivity to cyber-crime and national security. Add to that
    the fact that security.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 08:26:44 PDT