+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 23rd, 2002 Volume 3, Number 37n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Stamp out spam with SpamAssassin," "Who Goes There? An Introduction to On-Access Virus Scanning," "Remote End-Point Security Services," and "Idle Scanning and related IPID games." FEATURE: What is the Slapper worm? - The question of the week: What Slapper? Let me begin by telling you I am not only describing the Slapper worm, but I am also describing the Apache/mod_ssl worm, the bugtraq.c worm, and the Modap worm. In effect, this is just 4 different names for the same nasty worm. http://www.linuxsecurity.com/feature_stories/feature_story-119.html Concerned about the next threat? EnGarde is the undisputed winner! EnGarde Secure Linux is a complete solution that provides all the tools necessary to build a complete secure Internet presence. Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. -> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 This week, advisories were released for purity, openssl, konqueror, php, libkvm, libresolv, NetBSD kernel, libc, shutdown, pppd, kdf, ioctl, dns, nfs, setlocale, postgresql, and libx11. The vendors include Conectiva, Debian, FreeBSD, NetBSD, and SuSE. http://www.linuxsecurity.com/articles/forums_article-5737.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Stamp out spam with SpamAssassin September 21st, 2002 This article takes a look at the evolution of the spam cycle (for as Sun Tzu and every general who ever came after him said, "Know thine enemy and victory will be forthcoming"). It also takes a look at SpamAssassin, the latest in a long and venerable line of weapons in the fight against spam, as well as a look ahead. http://www.linuxsecurity.com/articles/server_security_article-5747.html * Putting The Kernel On Your Side September 20th, 2002 Intro The Linux enables (as most of you know) run-time module loading, that is : you can had features to your linux kernel without having to re-compile the whole kernel again. You can write and load modules that will be linked to the kernel. This paper is about how to use modules in order to help you in administrating your system. http://www.linuxsecurity.com/articles/documentation_article-5740.html * Who Goes There? An Introduction to On-Access Virus Scanning September 17th, 2002 By now, most savvy computer users have anti-virus software (AV) installed on their machines and use it as part of their regular computing routine. However, most average users do not know how anti-virus software works. This article is the second in a two-part series that will offer a brief overview of a particular type of anti-virus technique known as on-access scanning. http://www.linuxsecurity.com/articles/host_security_article-5716.html +------------------------+ | Network Security News: | +------------------------+ * Internal Network Security September 19th, 2002 When organizations first begin to assess network security, the tendency is to focus almost exclusively on external facing assets to defend against unauthorized "hacker" attacks. However, to establish an effective security program, organizations must examine both internet facing, publicly accessible resources, as well as private internal networks. http://www.linuxsecurity.com/articles/security_sources_article-5732.html * Remote End-Point Security Services: Defining a New Market September 18th, 2002 Teleworkers, mobile employees, and broadband access are all driving corporations to extend their networks securely through the implementation of IP VPNs over the Internet. While these networks are being extended, the malicious activities of hackers and their ability to compromise networks and remote PCs are only increasing. http://www.linuxsecurity.com/articles/general_article-5720.html * Idle Scanning and related IPID games September 18th, 2002 Almost four years ago, security researcher Antirez posted an innovative new TCP port scanning technique. Idlescan, as it has become known, allows for completely blind port scanning. Attackers can actually scan a target without sending a single packet to the target from their own IP address! Instead, a clever side-channel attack allows for the scan to be bounced off a dumb "zombie" host. http://www.linuxsecurity.com/articles/documentation_article-5723.html +------------------------+ | Cryptography: | +------------------------+ * Open-Source Group Gets Sun Security Gift September 20th, 2002 Sun's "elliptic curve" technology is involved in the process of using keys to encrypt and decrypt information for electronic transactions. Such encryption lets people buy products online, for example, while shielding their credit card number from prying eyes. http://www.linuxsecurity.com/articles/cryptography_article-5738.html * Crypto-Chip Boosts ID Security September 20th, 2002 When you send your credit card number over the Internet to pay for a new book or a pair of pants, the number is mathematically disguised -- encrypted -- so that the original string of digits can be decoded only by the merchant at the other end of your shopping spree. http://www.linuxsecurity.com/articles/cryptography_article-5743.html * A Gathering of Big Crypto Brains September 19th, 2002 In a lush country hotel 20 miles south of Dublin, the barroom conversation turns to steganography and database vulnerabilities, encryption algorithms and biometric scanners, SWAP files and cookie poisoning. Not your average pub denizens, the speakers are some of the best-known names in cryptography and security, gathered for one of the industry's best-kept secrets: the annual COSAC conference, held every fall in Ireland. http://www.linuxsecurity.com/articles/cryptography_article-5728.html * New AES crypto standard broken already September 17th, 2002 Theoretical attacks against AES (Advanced Encryption Standard) winner Rijndael and runner-up Serpent have been published. They might work in the practical world; they might not. That's about all we can say from the latest edition of Bruce Schneier's CryptoGram newsletter, which seeks to simplify the issues discovered by researchers Nicolas Courtois and Josef Pieprzyk, and elaborated in a paper entitled "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations". http://www.linuxsecurity.com/articles/cryptography_article-5705.html +------------------------+ | General: | +------------------------+ * Offical: Cybersecurity Not Watered Down September 20th, 2002 A White House official is standing behind the administration's draft recommendations on cybersecurity, asserting that they have not been weakened by lobbying from technology companies. http://www.linuxsecurity.com/articles/government_article-5741.html * Finding the Security Budget Sweet Spot September 19th, 2002 Companies must first determine which threats they are vulnerable to, then figure out how much damage a breach could inflict, and finally sift through the abundance of security products on the market. http://www.linuxsecurity.com/articles/forums_article-5734.html * Greasing the Squeaky Wheels September 19th, 2002 Being paranoid about security is a good thing. For example, requiring strong passwords, locking down the services on your machines, removing all shared accounts, and disabling cleartext protocols make it more difficult for a cracker to gain access to your machines and data. Unfortunately, it also makes working on the systems less convenient for you and your users. http://www.linuxsecurity.com/articles/security_sources_article-5729.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 02:55:52 PDT