[ISN] Linux Security Week - August 26th 2002

From: InfoSec News (isnat_private)
Date: Tue Aug 27 2002 - 05:58:45 PDT

  • Next message: InfoSec News: "Re: [ISN] VA toughens security after PC disposal blunders"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  August 26th, 2002                            Volume 3, Number 33n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Introduction to
    Autorooters: Crackers Working Smarter, Not Harder," "Defining Virtual
    Honeynets," "A New AES Standard For Wireless," and "Exploring
    Diffie-Hellman Encryption."
    ** FREE Apache SSL Guide from Thawte Certification  **                          
    Do your online customers demand the best available protection of their
    personal information? Thawte's guide explains how to give this to your
    customers by implementing SSL on your Apache Web Server.
      FREE Thawte Apache Guide:
    FEATURE: PHP Secure Installation 
    As we know the vulnerabilities in PHP are increasing day by day there
    comes the need to secure the PHP installation to the highest level. Due to
    its popularity and its wide usage most of the developers and the
    administrators will be in trouble if they don't take appropriate steps on
    security issues during the installation.
     * Developing with open standards? 
     * Demanding High Performance?  
    This week, advisories were released for krb5, fam, konqueror, libpng,
    phpmail, mantis, bugzilla, Red Hat kernel, kdelibs, and unixware.  The
    vendors include Caldera, Debian, and Red Hat.
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Introduction to Autorooters: Crackers Working Smarter, Not Harder
    August 22nd, 2002
    Efficiency and automation: one can argue that they are two of the most
    valuable by-products of any technology. There is little doubt that the
    electronic tools of today allow us to get more done in less time. We use
    software to eliminate tedious work, reduce man-hours, and sift through
    mounds of data in seconds.
    * Wrapping Up DJBDNS
    August 21st, 2002
    Welcome to the home stretch, my last [2] ITworld article on installing
    DJBDNS. I'll cover two things here. First, I'll show you how to 'import'
    your existing BIND zones into tinydns data format so you don't need to
    convert those files by hand. Lastly, I'll show you how to start up the
    axfrdns server, which will allow DNS secondaries running BIND to mirror
    your DNS zones.
    * Linux Security Modules: General Security Support for the Linux
    August 20th, 2002
    The access control mechanisms of existing mainstream operating systems are
    inadequate to provide strong system security. Enhanced access control
    mechanisms have failed to win acceptance into mainstream operating systems
    due in part to a lack of consensus within the security community on the
    right solution.
    * Making [Privacy] Work
    August 20th, 2002
    The privacy policy is written and posted on a company's Web site. The 2002
    privacy-policy notice, a complicated statement required of
    financial-services companies under the Gramm-Leach-Bliley Act, is in the
    mail. Top executives and perhaps even the board of directors have reviewed
    the policy to make sure it will protect the company's good name.
    | Network Security News: |
    * Hacking Techniques: War Dialing
    August 22nd, 2002
    The term war dialing involves the exploitation of an organization's
    telephone, dial, and private branch exchange (PBX) systems to penetrate
    internal network and computing resources. After introducing and exploring
    the different forms war dialing attacks can take and some tools used to
    execute such attacks, the article examines measures that can be taken to
    prevent such an attack.
    * Know Your Enemy: Defining Virtual Honeynets
    August 20th, 2002
    Honeynets are one type of honeypot. A honeypot is a resource who's value
    is in being probed, attacked or compromised. A Honeynet is a
    high-interaction honeypot, meaning it provides real operating systems for
    attackers to interact with.
    |  Cryptography:         |
    * A New AES Standard For Wireless
    August 21st, 2002
    Wireless has been on the mind of NIST officials for some time.
    Understanding the inherent risk of unsecure wireless networks ripe for the
    picking using such easy-to-install programs like NetStumbler, the agency
    put out a call in July asking for recommendations to counter unauthorized
    users hacking into a wireless network, to include airborne traffic.
    * August Crypto-Gram
    August 19th, 2002
    This month's Crypto-Gram contains information about Palladium and the
    TCPA, The Doghouse: Cedium, Featured Counterpane Research, License to
    Hack, Counterpane News, Arming Airline Pilots, and even some Comments from
    Readers. Bruce Schneier's Crypto-Gram is a free monthly newsletter
    providing summaries, analyses, insights, and commentaries on computer
    security and cryptography.
    * PGP Is Back!
    August 19th, 2002
    Phil Zimmermann's PGP is back in the hands of an independent company,
    after Network Associates agreed to sell the technology it mothballed
    back in March to a start-up specially created to market PGP.  
    |  General:              |
    * You're Only as Good as Your Password
    August 23rd, 2002
    Warren Leggett had just spent the long July 4 weekend golfing with his
    brother-in-law near Portland, Ore. Early the following Monday morning, his
    relaxing holiday ended abruptly. The chief information officer of Niku
    Corp. (NIKU ), a small Silicon Valley software company, found himself
    plunged into a shocking case of alleged corporate espionage -- one that
    raises troubling questions about the security of company information in
    the Internet Age.
    * Bush's Cyber-Security Plan Targets E-Mail
    August 23rd, 2002
    In an effort to bolster the nation's cyber-security, the Bush
    administration has plans to create a centralized facility for collecting
    and examining security-related e-mail and data and will push private
    network operators to expand their own data gathering, according to an
    unreleased draft of the plan.
    * The Seven Deadly Security Sins
    August 22nd, 2002
    When it comes to computer break-ins and breaches, there are plenty of ways
    to place blame, but some security Relevant Products/Services from IBM
    missteps are more common than others -- and most of them fall into the
    category of often-overlooked basics.
    * Spam Fighters Shouldn't Tread On The Innocent
    August 22nd, 2002
    Wanting to see spammers put out of business, however, doesn't mean I want
    to see innocent folks harmed in the process. But the vigilantes seem to be
    taking over the town -- and the results are often unfair, sometimes
    * Security Policies: Only As Good As The Audit
    August 21st, 2002
    If you think you have a sound IT policy because your administrators clamor
    about the continual need to update security patches, you might want to
    think again.  One way to answer all these crucial questions and gauge true
    security preparedness is to undertake an IT security policy audit.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 09:34:53 PDT