[ISN] Linux Security Week - September 30th 2002

From: InfoSec News (isnat_private)
Date: Tue Oct 01 2002 - 02:02:14 PDT

  • Next message: InfoSec News: "[ISN] Government Information Security Forum"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  September 30th, 2002                         Volume 3, Number 38n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "PDFs may pose
    threat to Unix, Linux," "An Introduction to GNU Privacy Guard," "A Guide
    to Building Secure Web Applications," and "Security Group Comes Out of the
    FEATURE LINK: New Linux OS billed as secure and user friendly The release
    by Guardian Digital addresses a pressing need among small and large
    businesses that rely on the Linux operating system:  how to better secure
    corporate environments without being overwhelmed by the complexity of
    Linux administration.
     --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=idg1
    This week, advisories were released for xchat, kdelibs, openssl,
    tcl/tk, glibc, tomcat, and zope.  The vendors include Conectiva,
    Debian, Gentoo, Mandrake, NetBSD, Red Hat, and SuSE. 
    Guardian Digital Launches Next Generation 
    EnGarde Enterprise Security Software 
     Guardian Digital, Inc., the leading open source security company, has 
     formally launched the EnGarde Secure Linux server operating system, 
     EnGarde Secure Professional. EnGarde Secure Professional is a 
     comprehensive enterprise software solution that provides all the 
     tools necessary to build a complete, secure online presence. This 
     provides organizations with a cost-effective and proven platform 
     capable of supporting thousands of Web sites and e-mail domains. 
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * PDFs may pose threat to Unix, Linux
    September 27th, 2002
    A security flaw in commonly distributed file-viewing programs may make it
    possible for attackers to use Adobe Systems PDF and PostScript files to
    run malicious code on machines using the Unix or Linux operating systems,
    according to an advisory released by technology security company iDefense.
    * Secure Programming in PHP
    September 27th, 2002
    The goal of this paper is not only to show common threats and challenges
    of programming secure PHP applications but also to show you practical
    methods for doing so.
    * An Introduction to GNU Privacy Guard (1 of 2)
    September 26th, 2002
    Even though the concept of public-key cryptography for encryption purposes
    was introduced close to three decades ago, and PGP has been around for
    over a third of that, you'll likely find that for some reason only a small
    number of PC users take full advantage of public-key security
    * An Introduction to GNU Privacy Guard (2 of 2)
    September 26th, 2002
    In the first half of this article we discussed the various uses that GNU
    Privacy Guard could bring to your business or personal life in enhancing
    security of your digital documents and files, as well as the basics in
    getting started with GnuPG.
    * A Guide to Building Secure Web Applications version 1.1
    September 24th, 2002
    We all use web applications everyday whether we consciously know it or
    not. That is, all of us who browse the web. The ubiquity of web
    applications is not always apparent to the everyday web user. When one
    visits cnn.com and the site automagically knows you are a US resident and
    serves you US news and local weather, it's all because of a web
    | Network Security News: |
    * Linux Firewall on out of date hardware: kernel 2.2 or 2.4?
    September 26th, 2002
    An old PC can be the ideal platform to realize a network firewall based on
    Linux. The system configuration needs a bit of attention but it's not a
    difficult task to fulfill. The only doubt concerns which kernel version
    better suits our needs.
    * Configuring IPsec and IKE on Solaris, Part Three
    September 24th, 2002
    This is the third article in a three-part series on configuring IPsec and
    the Internet Key Exchange (IKE) on Solaris hosts. The first article
    covered the basics of IPsec and IKE. The second article focused on
    configuring IPsec to protect traffic between two Solaris hosts.
    * Security Scanning 101
    September 24th, 2002
    Network and system security scanning is the most practical way to find out
    what the vulnerabilities and threats are on and for your systems and
    networks. All reputable providers of this service and associated products
    offer a comprehensive report that describes the vulnerabilities detected,
    the level or risk associated with each vulnerability, and recommendations
    for corrective action.
    |  Vendors/Products:     |
    * Start-up banks on hack-proof Linux
    September 24th, 2002
    Start-up Guardian Digital has launched an effort to sell a version of
    Linux that's less vulnerable to attack, a niche the company hopes will
    gain it a foothold in the market for the Unix-like operating system.
    * Guardian Digital Launches EnGarde to Provide Enterprises with Linux
    Security Solutions
    September 24th, 2002
    Guardian Digital, Inc., the leading open source security company, has
    today formerly launched the EnGarde Secure Linux server operating system,
    EnGarde Secure Professional. EnGarde Secure Professional is a
    comprehensive enterprise software solution that provides all the tools
    necessary to build a complete, secure online presence.
    |  General:              |
    * Group Seeks Curbs On Security Experts
    September 27th, 2002
    A new organization seeks to find common ground between software companies
    and hacking gurus over how and when security flaws should be publicized.
    * Agencies Tie IT Security To Budgets
    September 27th, 2002
    With a little prodding from the Office of Management and Budget, agency IT
    managers are tying system security to their enterprise infrastructures
    through the budget process. Some said today that securing their
    infrastructures ranks just as high as e-government for fiscal 2003.
    * Security Group Comes Out of the Shadows
    September 26th, 2002
    After nearly a year in the shadows, the Organization for Internet Safety
    on Thursday formally announced its formation.  The group, made up of
    security and software vendors, is working on a set of guidelines for
    handling vulnerability information, which it hopes will bring some order
    to the chaotic world of security research and vulnerability disclosure.
    * Book Review: Advanced Linux Networking
    September 25th, 2002
    Advanced Linux Networking is written by Roderick W. Smith, who's the
    author of such books as 'Broadband internet connections', 'Linux Samba
    server administration', 'Linux: networking for your office', etc.  
    Advanced Linux Networking consists of five parts, organized into smaller
    chapters, creating a 26 chapter book which is an excellent reading
    companion to any basic Linux system administration book.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 05:04:50 PDT