+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 2nd, 2002 Volume 3, Number 34n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Remote Administration of Linux Systems," "Executing Code From Non-executable Files," "IPSec Virtual Private Networks in Depth," and "Do Firewalls and IDS Create a False Sense of Internal Security." This week, advisories were released for kirssi, mailman, postgresql, gaim, xinetd, python, ethereal, kde, and hylafax. The vendors include Conectiva, Debian, Gentoo, Mandrake, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-5611.html FEATURE: PHP Secure Installation As we know the vulnerabilities in PHP are increasing day by day there comes the need to secure the PHP installation to the highest level. Due to its popularity and its wide usage most of the developers and the administrators will be in trouble if they don't take appropriate steps on security issues during the installation. http://www.linuxsecurity.com/feature_stories/feature_story-117.html LinuxSecurity is interested in your feedback. Have an idea for an article? Have a comment about the newsletter or other aspect of the site? Interested in helping update or write a feature story? Contact us at contributeat_private +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Remote Administration of Linux Systems August 30th, 2002 Any system administrator who has to deal with two or more network servers will have to, at one point or another, solve the task of remote administration. Such an option can lead to better centralized control and supervising and help allocate (with preset limits) access for end-users. http://www.linuxsecurity.com/articles/documentation_article-5613.html * Executing Code From Non-executable Files August 28th, 2002 We're all told about the hazards of running untrusted executables. If a friend sends you the latest greatest program, can you be sure that it was him as opposed to someone forging the email address? http://www.linuxsecurity.com/articles/documentation_article-5596.html * Linux Security Modules: General Security Support for the Linux Kernel August 27th, 2002 The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win acceptance into mainstream operating systems due in part to a lack of consensus within the security community on the right solution. http://www.linuxsecurity.com/articles/general_article-5578.html +------------------------+ | Network Security News: | +------------------------+ * Get A Return On Your Security Investment August 29th, 2002 Return on investment (ROI) is getting more than its normal share of attention these days. There are the supporters who think no decision should ever be made without a clear ROI. These folks are the type who build up a small number of minor ailments before going to the doctor (my hand is raised on this one). http://www.linuxsecurity.com/articles/forums_article-5607.html * Do Firewalls and IDS Create a False Sense of Internal Security? August 29th, 2002 In an effort to boost sales and generate revenue, one U.S. multinational energy company recently embraced the Internet to bolster external communication and internal collaboration. In addition to creating a corporate web site, the firm deployed hundreds of intranet applications for procurement, expense reporting and other processes. http://www.linuxsecurity.com/articles/network_security_article-5609.html * Internet anonymity for Linux newbies August 28th, 2002 One of the most attractive things about Linux is the number of installation options one is presented with and how tempting it is to customize. But for a newbie, in terms of Web security and PC hygiene, that's also the worst thing about it. http://www.linuxsecurity.com/articles/privacy_article-5598.html * Justifying the Expense of IDS, Part Two: Calculating ROI for IDS August 28th, 2002 This article is the second of a two-part series exploring ways to justify the financial investment in IDS protection. In part one of this series we discussed general IDS types and expanded on the impact that the logical location of a company's critical networked assets could have on the risk equations. http://www.linuxsecurity.com/articles/intrusion_detection_article-5591.html * Network Security Risks Of Mergers Too Often Ignored August 27th, 2002 A major manufacturer buys an up-and-coming competitor. They combine financials, marketing goals, corporate strategies and computer networks. They throw parties. They hold press conferences and change corporate titles. The one thing they usually forget to do is align network security systems -- and that could be the most dangerous misalignment of all. http://www.linuxsecurity.com/articles/network_security_article-5583.html * SAFE VPN: IPSec Virtual Private Networks in Depth August 27th, 2002 The principal goal of this paper is to provide best-practice information to interested parties for designing and implementing Enterprise IP Security(IPSec) virtual private networks (VPNs). http://www.linuxsecurity.com/articles/documentation_article-5585.html * Safety: Assessing The Infrastructure Risk August 26th, 2002 In 1998, a 12-year-old hacker broke into the computer system that controlled the floodgates of the Theodore Roosevelt Dam in Arizona, according to a June Washington Post report. If the gates had been opened, the article added, walls of water could have flooded the cities of Tempe and Mesa, whose populations total nearly 1 million. http://www.linuxsecurity.com/articles/forums_article-5576.html +------------------------+ | Vendors/Products/Tools:| +------------------------+ * Security Products Aim To Make Nets Hacker-Proof August 30th, 2002 Concerns over network security are giving rise to a new breed of Internet products aimed at foiling the efforts of hackers and cyberterrorists. The products reflect a newfound awareness -- sharpened in recent weeks by a spate of high-profile hacking incidents -- that computer networks in corporate and government environments are very often chock-full of security holes. http://www.linuxsecurity.com/articles/security_sources_article-5616.html * Privoxy v3.0.0 Stable Release August 28th, 2002 Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. http://www.linuxsecurity.com/articles/projects_article-5597.html +------------------------+ | General: | +------------------------+ * Hackers Being Jobbed Out of Work August 30th, 2002 No too long ago, skilled hackers were rewarded with fat salaries and fancy titles after being busted for their shenanigans. Now, Max Vision -- a world-famous incarcerated hacker-turned-security-expert once making $250 an hour -- is happy to be getting minimum wage. http://www.linuxsecurity.com/articles/hackscracks_article-5615.html * Data warehouses: A Security Disaster August 30th, 2002 Through 2005, 80 percent of enterprises will not have adequately planned, defined or incorporated data warehouse security into their overall enterprise security plans, increasing by 75 percent the chance that a security breach will occur (0.7 probability). http://www.linuxsecurity.com/articles/security_sources_article-5612.html * Poll: Security Officers Fear Cyber-Attack August 29th, 2002 Nearly half of corporate security officers expect terrorists to launch a major strike through computer networks in the next 12 months, a poll released on Thursday showed. A total of 49 percent of 1,009 subscribers to CSO Magazine said they feared a major cyber attack in the coming year by a group like al Qaeda, blamed for the Sept. http://www.linuxsecurity.com/articles/security_sources_article-5608.html * CIO Cyberthreat Response & Reporting Guidelines August 28th, 2002 CIO Magazine worked with the Secret Service, the FBI and industry leaders to create guidelines for reporting security incidents -- what to report, who to report it to, and how. http://www.linuxsecurity.com/articles/documentation_article-5590.html * Lobbying for Insecurity August 28th, 2002 The U.S. National Security Agency's contribution to open-source security, Security-Enhanced Linux, found broad approval and support in geek forums from Wired News to Slashdot that are typically suspicious of the government. http://www.linuxsecurity.com/articles/vendors_products_article-5600.html * Group promotes 'culture of security' August 27th, 2002 In time for the first anniversary of the Sept. 11 attacks, the Organization for Economic Cooperation and Development has issued new guidelines for securing information systems and networks in anticipation of cyberterrorist attacks or intrusions. http://www.linuxsecurity.com/articles/general_article-5581.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 04:29:02 PDT