+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 9th, 2002 Volume 3, Number 35n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Open Source Software: Is it Really Secure," "Who Goes There: An Introduction to On-Access Virus Scanning," "Adaptive Linux Firewalls," and "Airwave camouflage to stop drive-by hacking." Concerned about the next threat? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. -> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 FEATURE: NFS Security - NFS (Network File System) is a widely used and primitive protocol that allows computers to share files over a network. The main problems with NFS are that it relies on the inherently insecure UDP protocol, transactions are not encrypted and hosts and users cannot be easily authenticated. Below we will show a number of issues that one can follow to heal those security problems. http://www.linuxsecurity.com/feature_stories/feature_story-118.html This week, advisories were released for pxe, ethereal, scrollkeeper, mailman, mantis, amavis, and glibc. The vendors include Conectiva, Debian, Gentoo, Red Hat, and SuSE. http://www.linuxsecurity.com/articles/forums_article-5650.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Open Source Software: Is it Really Secure? September 5th, 2002 People often ask me if they should trust Open Source Software (OSS). This question predates the emergence of Linux and the various Berkeley Software Distribution (BSD) OSs, as popular security software for Unix systems, such as COPS and Tripwire (www.tripwire.com), began showing up in the early 1990s. http://www.linuxsecurity.com/articles/forums_article-5643.html * Password guessing games with Check Point firewall September 4th, 2002 Security researchers have discovered two potentially serious flaws with Check Point's flagship FireWall-1 firewall which give rise to both username guessing and sniffing issues. First, affected versions permit attackers to determine if a firewall username is valid without having to know the associated password. http://www.linuxsecurity.com/articles/vendors_products_article-5631.html * Apache Flaw Leaves Server Wide Open September 3rd, 2002 Although this problem doesn't affect UNIX and Linux variants, it does apply to more than just Microsoft Windows platforms. You should check it out even if you are running NetWare or OS/2 (both of which are definitely vulnerable) or any other non-UNIX platform. http://www.linuxsecurity.com/articles/vendors_products_article-5628.html * Who Goes There: An Introduction to On-Access Virus Scanning, Part One September 3rd, 2002 By now, most savvy computer users have anti-virus software (AV) installed on their machines and use it as part of their regular computing routine. However, most average users do not know how anti-virus software works. This two-part series will offer a brief overview of a particular type of anti-virus mechanism know as on-access virus scanners. http://www.linuxsecurity.com/articles/network_security_article-5623.html +------------------------+ | Network Security News: | +------------------------+ * Control the Keys to the Kingdom September 6th, 2002 We've said it before and we'll say it again: You will never have a totally secure network. The best you can hope for is that your security strategies will minimize exposure to attack, and if you are hit, the damage can be contained. Plenty of point products are available to help eliminate avenues of attack http://www.linuxsecurity.com/articles/network_security_article-5658.html * Wireless Security Blackpaper September 6th, 2002 In 1999 the IEEE completed and approved the standard known as 802.11b, and WLANs were born. Finally, computer networks could achieve connectivity with a useable amount of bandwidth without being networked via a wall socket. Suddenly connecting multiple computers in a house to share an Internet connection or play LAN games no longer required expensive or ugly cabling. http://www.linuxsecurity.com/articles/security_sources_article-5659.html * Airwave camouflage to stop drive-by hacking September 5th, 2002 Software that generates a blizzard of bogus wireless network access points could bamboozle hackers trying to access corporate and home computer networks. This would stop them stealing wireless surfing time and exploring corporate wireless networks, say the two US computer programmers behind the scheme. http://www.linuxsecurity.com/articles/network_security_article-5638.html * Three Fallacies About Remote Access September 3rd, 2002 Security precautions are only as good as the assumptions that underpin them. Enterprises must be scrupulous in separating myth from fact when it comes to how, why, and by whom the enterprise's network and information might be illicitly accessed--with potentially disastrous consequences. http://www.linuxsecurity.com/articles/security_sources_article-5622.html * Adaptive Linux Firewalls September 2nd, 2002 Automatic firewall hardening is a technique used by many commercial firewalls to prevent invalid packets from reaching protected networks. The objective of this document is to demonstrate how to harden iptables in real-time. http://www.linuxsecurity.com/articles/firewalls_article-5619.html +------------------------+ | Cryptography: | +------------------------+ * Encrypted e-mails may be digital bullets September 6th, 2002 For more than a decade, the United States government classified encryption technology as a weapon. Now that label might actually apply. Security-consulting firm Foundstone said Thursday that e-mail messages encrypted with the Pretty Good Privacy program can be used as digital bullets to attack and take control of a victim's computer. http://www.linuxsecurity.com/articles/cryptography_article-5651.html +------------------------+ | General: | +------------------------+ * Profile of the Perfect Security Guru September 6th, 2002 They know how to set up and maintain firewall, antivirus and intrusion detection systems. They know how to scan the company network for holes. They are up to speed on the latest vulnerabilities -- and know whether or not software patches are available. They know what to do when the corporate servers get hacked, and they know how to stop the attack in its tracks. They also have the gumption to tell you when they cannot handle something, and they can recommend where to go for help. http://www.linuxsecurity.com/articles/forums_article-5657.html * Are Hackers Accessing Your Company Via Your PBX? September 6th, 2002 Although most companies today have improved security on their data networks, thus cutting down on white-collar crime and hack attacks, too few have paid enough attention to their PBX system. The PBX remains a potentially huge back door problem for data network security. http://www.linuxsecurity.com/articles/network_security_article-5654.html * Companies exposed to .social engineers. . Mitnick September 5th, 2002 "A lot of people think they are not gullible, that they can't be manipulated, but nothing could be further from the truth," says Mitnick. He claims that using such techniques - combined with substantial technical know-how - he was able to break into all but one of the systems he targeted in a 15-year hacking career. http://www.linuxsecurity.com/articles/general_article-5639.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 10 2002 - 02:56:49 PDT