+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 12th, 2002 Volume 3, Number 31n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Advanced Log Processing," "Securing WLAN Links," "Wireless Security: An IP VPN Conspiracy Theory," and "Simplicity Is Key To Keeping Code Secure." This week, advisories were released for openssl, bind/glibc, libpng, openafs, kerberos 5, wwwofle, tinyproxy, dietlibc, kqueue, ffs, kfs, sendmail, secureweb, and gaim. The vendors include Caldera, Conectiva, Debian, EnGarde, FreeBSD, Mandrake, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-5491.html ----> FREE Apache SSL Guide from Thawte <---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. => http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte1 Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Installing OpenBSD 3.1 August 9th, 2002 OpenBSD has always been on my "must toy with" list, so the recent release of version 3.1 made it seem like a good time to check it out. The OpenBSD Web site shows that OpenBSD includes all of the usual BSD goodies; heaps of programs, an extensive ports tree, good documentation, and so on. Their security claims are intriguing, and some of the features (such as authpf) seem quite interesting. But marketing claims made on a Web site can be quite distant from reality, so I decided to install the OS on both a desktop and a laptop and see what I could do. http://www.linuxsecurity.com/articles/documentation_article-5493.html * Advanced Log Processing August 5th, 2002 One of Murphy's laws advises to "only look for those problems that you know how to solve." In security, this means to only monitor for those attacks that you plan to respond to. It is well known that any intrusion detection system is only as good as the analyst watching its output. http://www.linuxsecurity.com/articles/intrusion_detection_article-5458.html +------------------------+ | Network Security News: | +------------------------+ * Addressing Teleworker Network Security Risks August 10th, 2002 RFG believes teleworkers accessing corporate resources via virtual private network (VPN) connections can potentially pose security risks beyond those presented by employees working on-site. http://www.linuxsecurity.com/articles/network_security_article-5496.html * OECD publishes cyber-security guidelines August 8th, 2002 In response to a U.S. call made in October 2001 that it update its principles on security of information systems and networks, the 30-member inter-governmental Organization for Economic Cooperation and Development (OECD) has made public its latest guidelines. http://www.linuxsecurity.com/articles/security_sources_article-5486.html * FreeS/WAN: The KEY debate August 7th, 2002 This week's lists.freeswan.org Email Summary reports that Michael Richardson debated the new DNS Key-Restrict draft with folks from the list namedroppersat_private If that draft is widely implemented, FreeS/WAN will need to use a different DNS record type to distribute public keys. Interesting stuff. http://www.linuxsecurity.com/articles/cryptography_article-5484.html * One, Two, Three Factor Security? August 7th, 2002 People who access their work systems are the equivalent of people holding the keys to the company premises, this incurs responsibility. If that is widely known and respected, half the security battle will have been won. http://www.linuxsecurity.com/articles/network_security_article-5478.html * Securing WLAN Links: Part 2 August 6th, 2002 The 802.11 specification has some clear authentication discrepancies that create security headaches for WLAN design engineers. In Part 2 of this series, we'll examine the 802.11 authentication mechanisms and the security problems they provide. http://www.linuxsecurity.com/articles/network_security_article-5468.html * Securing WLAN Links: Part 3 August 6th, 2002 There's no escaping that WEP is a problem for WLAN designers. In the final part of this series, we'll layout some technology solutions that can help designers enhance security in WLAN systems. Depending on which side of the wireless LAN (WLAN) fence you are on, you may like or dislike the wireless equivalent privacy (WEP) protocol. http://www.linuxsecurity.com/articles/network_security_article-5469.html * Wireless Security: An IP VPN Conspiracy Theory August 5th, 2002 More than a decade ago, cell phone users faced a serious security problem: Everything they said was broadcast over the public airwaves, available for all to hear. Take a simple radio receiver, tune it to the correct frequency at the right time and place, and you could pick up the details of Newt Gingrich's plotting or Princess Di's sex life. http://www.linuxsecurity.com/articles/network_security_article-5463.html +------------------------+ | Cryptography: | +------------------------+ * Crypto scientists crack prime problem August 9th, 2002 Computer scientists in India have cracked an age-old mathematical problem by designing a method for computers to quickly prove whether a figure is a prime number--a vital step in cryptography. http://www.linuxsecurity.com/articles/cryptography_article-5494.html * 'Creative Attacks' Beat Crypto -- Expert August 9th, 2002 In 1998 cryptographer Paul Kocher developed a method for deducing the secret key embedded in a cryptographic smart card by monitoring tiny fluctuations in power consumption. Three years earlier, at the tender age of 22, he made headlines with a technique to compromise implementations of the RSA algorithm. http://www.linuxsecurity.com/articles/cryptography_article-5495.html * Scalable Encryption Solutions For Today's Environment August 6th, 2002 The scope and character of today's computing environment is changing dramatically. There are more systems in more locations and these are often spread across the world. Many, if not most, IT organizations today, are running lights-out data center operations. http://www.linuxsecurity.com/articles/cryptography_article-5471.html * E-Mail Encryption: Isn't Everyone Doing It? August 5th, 2002 Any illusion that your corner of the Internet is a private place where your data is secure and your e-mail is read only by the people to whom you send it can be shattered by a single click on the Privacy.Net Web site. Within seconds, you will see your IP address, your computer host name and the link from which you arrived at the site. http://www.linuxsecurity.com/articles/network_security_article-5459.html +------------------------+ | Vendors/Products: | +------------------------+ * Researcher: Biometrics Unproven, Hard To Test August 8th, 2002 James Bond technologies like face recognition, fingerprint sensors, hand geometry, and other biometric security systems may be impossible to accurately evaluate, unless researchers also measure the performance of the testers and the demographics of the subjects, a key researcher said Wednesday. http://www.linuxsecurity.com/articles/government_article-5487.html +------------------------+ | General: | +------------------------+ * USENIX - Expert: Simplicity Is Key To Keeping Code Secure August 9th, 2002 When it comes to writing secure code, less is more. That was the advice passed down Thursday by security expert Paul Kocher, president of Cryptography Research, who told the Usenix Security Symposium here that more powerful computer systems and increasingly complex code will be a growing cause of insecure networks. http://www.linuxsecurity.com/articles/security_sources_article-5492.html * Data security needs staff effort August 8th, 2002 Companies that have spent millions of rand on network and data security will be completely horrified to learn that 80% of their employees will happily divulge not only their passwords but their log-on details to a complete stranger. http://www.linuxsecurity.com/articles/general_article-5485.html * Database Security Breaches On The Increase August 7th, 2002 Direct security breaches against databases appear to be on the rise, according to the recently released Summer 2002 Database Developers survey from research firm Evans Data Corp. http://www.linuxsecurity.com/articles/network_security_article-5481.html * Security pros develop flaw database August 6th, 2002 The Internetworked Security Information Service (ISIS) brings together four independent projects--the Open Source Vulnerability Database, the Alldas.de defacement-tracking service, the PacketStorm software database and the vulnerability watchdog VulnWatch--into a loosely organized collaboration. http://www.linuxsecurity.com/articles/projects_article-5465.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 05:02:52 PDT