[ISN] Linux Security Week - September 2nd 2002

From: InfoSec News (isnat_private)
Date: Tue Sep 03 2002 - 02:00:32 PDT

  • Next message: InfoSec News: "[ISN] Local sites potential targets for cyberterror"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  September 2nd, 2002                          Volume 3, Number 34n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Remote
    Administration of Linux Systems," "Executing Code From Non-executable
    Files," "IPSec Virtual Private Networks in Depth," and "Do Firewalls and
    IDS Create a False Sense of Internal Security."
    This week, advisories were released for kirssi, mailman, postgresql, gaim,
    xinetd, python, ethereal, kde, and hylafax.  The vendors include
    Conectiva, Debian, Gentoo, Mandrake, and Red Hat.
    FEATURE: PHP Secure Installation
    As we know the vulnerabilities in PHP are increasing day by day there
    comes the need to secure the PHP installation to the highest level. Due to
    its popularity and its wide usage most of the developers and the
    administrators will be in trouble if they don't take appropriate steps on
    security issues during the installation.
    LinuxSecurity is interested in your feedback. Have an idea for an article?
    Have a comment about the newsletter or other aspect of the site?
    Interested in helping update or write a feature story? Contact us at
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Remote Administration of Linux Systems
    August 30th, 2002
    Any system administrator who has to deal with two or more network servers
    will have to, at one point or another, solve the task of remote
    administration. Such an option can lead to better centralized control and
    supervising and help allocate (with preset limits) access for end-users.
    * Executing Code From Non-executable Files
    August 28th, 2002
    We're all told about the hazards of running untrusted executables. If a
    friend sends you the latest greatest program, can you be sure that it was
    him as opposed to someone forging the email address?
    * Linux Security Modules: General Security Support for the Linux
    August 27th, 2002
    The access control mechanisms of existing mainstream operating systems are
    inadequate to provide strong system security. Enhanced access control
    mechanisms have failed to win acceptance into mainstream operating systems
    due in part to a lack of consensus within the security community on the
    right solution.
    | Network Security News: |
    * Get A Return On Your Security Investment
    August 29th, 2002
    Return on investment (ROI) is getting more than its normal share of
    attention these days. There are the supporters who think no decision
    should ever be made without a clear ROI.  These folks are the type who
    build up a small number of minor ailments before going to the doctor (my
    hand is raised on this one).
    * Do Firewalls and IDS Create a False Sense of Internal Security?
    August 29th, 2002
    In an effort to boost sales and generate revenue, one U.S. multinational
    energy company recently embraced the Internet to bolster external
    communication and internal collaboration. In addition to creating a
    corporate web site, the firm deployed hundreds of intranet applications
    for procurement, expense reporting and other processes.
    * Internet anonymity for Linux newbies
    August 28th, 2002
    One of the most attractive things about Linux is the number of
    installation options one is presented with and how tempting it is to
    customize. But for a newbie, in terms of Web security and PC hygiene,
    that's also the worst thing about it.
    * Justifying the Expense of IDS, Part Two: Calculating ROI for IDS
    August 28th, 2002
    This article is the second of a two-part series exploring ways to justify
    the financial investment in IDS protection. In part one of this series we
    discussed general IDS types and expanded on the impact that the logical
    location of a company's critical networked assets could have on the risk
    * Network Security Risks Of Mergers Too Often Ignored
    August 27th, 2002
    A major manufacturer buys an up-and-coming competitor. They combine
    financials, marketing goals, corporate strategies and computer networks.
    They throw parties. They hold press conferences and change corporate
    titles.  The one thing they usually forget to do is align network security
    systems -- and that could be the most dangerous misalignment of all.
    * SAFE VPN:  IPSec Virtual Private Networks in Depth
    August 27th, 2002
    The principal goal of this paper is to provide best-practice information
    to interested parties for designing and implementing Enterprise IP
    Security(IPSec) virtual private networks (VPNs).
    * Safety: Assessing The Infrastructure Risk
    August 26th, 2002
    In 1998, a 12-year-old hacker broke into the computer system that
    controlled the floodgates of the Theodore Roosevelt Dam in Arizona,
    according to a June Washington Post report. If the gates had been opened,
    the article added, walls of water could have flooded the cities of Tempe
    and Mesa, whose populations total nearly 1 million.
    | Vendors/Products/Tools:|
    * Security Products Aim To Make Nets Hacker-Proof
    August 30th, 2002
    Concerns over network security are giving rise to a new breed of Internet
    products aimed at foiling the efforts of hackers and cyberterrorists. The
    products reflect a newfound awareness -- sharpened in recent weeks by a
    spate of high-profile hacking incidents -- that computer networks in
    corporate and government environments are very often chock-full of
    security holes.
    * Privoxy v3.0.0 Stable Release
    August 28th, 2002
    Privoxy is a web proxy with advanced filtering capabilities for protecting
    privacy, filtering web page content, managing cookies, controlling access,
    and removing ads, banners, pop-ups and other obnoxious Internet junk.
    |  General:              |
    * Hackers Being Jobbed Out of Work
    August 30th, 2002
    No too long ago, skilled hackers were rewarded with fat salaries and fancy
    titles after being busted for their shenanigans. Now, Max Vision -- a
    world-famous incarcerated hacker-turned-security-expert once making $250
    an hour -- is happy to be getting minimum wage.
    * Data warehouses: A Security Disaster
    August 30th, 2002
    Through 2005, 80 percent of enterprises will not have adequately planned,
    defined or incorporated data warehouse security into their overall
    enterprise security plans, increasing by 75 percent the chance that a
    security breach will occur (0.7 probability).
    * Poll: Security Officers Fear Cyber-Attack
    August 29th, 2002
    Nearly half of corporate security officers expect terrorists to launch a
    major strike through computer networks in the next 12 months, a poll
    released on Thursday showed.  A total of 49 percent of 1,009 subscribers
    to CSO Magazine said they feared a major cyber attack in the coming year
    by a group like al Qaeda, blamed for the Sept.
    * CIO Cyberthreat Response & Reporting Guidelines
    August 28th, 2002
    CIO Magazine worked with the Secret Service, the FBI and industry leaders
    to create guidelines for reporting security incidents -- what to report,
    who to report it to, and how.
    * Lobbying for Insecurity
    August 28th, 2002
    The U.S. National Security Agency's contribution to open-source security,
    Security-Enhanced Linux, found broad approval and support in geek forums
    from Wired News to Slashdot that are typically suspicious of the
    * Group promotes 'culture of security'
    August 27th, 2002
    In time for the first anniversary of the Sept. 11 attacks, the
    Organization for Economic Cooperation and Development has issued new
    guidelines for securing information systems and networks in anticipation
    of cyberterrorist attacks or intrusions.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 04:29:02 PDT