+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 7th, 2002 Volume 3, Number 39n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Assessing Internet Security Risk," "The Twenty Most Critical Internet Security Vulnerabilities," "Introduction to netfilter/iptables," and "Evaluating Network Intrusion Detection Signatures." NewsForge: Guardian Digital succeeding with Open Source Security Products One company able to answer yes is Guardian Digital, Inc., which, according to its Web site, is a "full-service Open Source security company ... focused on the intelligent growth of Open Source security solutions for Linux, including the Guardian Digital Linux Lockbox, a secure turnkey e-business server and the secure Linux distribution EnGarde." http://newsforge.com/article.pl?sid=02/09/30/2022240&mode=thread&tid=2 ** Concerned about the next threat? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 Linux Security Week: This week, advisories were released for fetchmail, postgresql, dietlibc, glibc, unzip, python, tar, gv, XFree86, and heimdal. The vendors include Conectiva, EnGarde, Gentoo, Mandrake, Red Hat, and SuSE. --> http://www.linuxsecurity.com/articles/forums_article-5832.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Assessing Internet Security Risk, Part Four: Custom Web Applications October 4th, 2002 This article is the fourth in a series that is designed to help readers to assess the risk that their Internet-connected systems are exposed to. In the first installment, we established the reasons for doing a technical risk assessment. http://www.linuxsecurity.com/articles/network_security_article-5839.html * Apache 1.3.27 Released: Fixes Multiple Security Vulnerabilities October 4th, 2002 This version fixes multiple security vulnerabilities including a SysV a SysV shared memory-based scoreboards attack, a XSS vulnerability in the default 404 page handling hosted on a domain that allows wildcard DNS lookups, and some possible overflows in ab.c which could be exploited by a malicious server. http://www.linuxsecurity.com/articles/server_security_article-5841.html * Creating an Anonymous FTP server with Publicfile October 2nd, 2002 For many moons I've meant to set up an FTP server for stunnel.org. Not because I like FTP, but because there are times even I find myself without a web browser of any kind. The server needs to support anonymous FTP (ftp without a password) and doesn't need to have the ability for anyone to have 'real' logins. http://www.linuxsecurity.com/articles/documentation_article-5817.html * Unix tools track hackers October 1st, 2002 In forensic analysis, you cannot use any tools that are currently installed on the hacked system, because those tools could have been replaced with Trojan programs. For example, the ps program that displays the process table could have been replaced with a Trojan ps program that displays everything except the process of a running hacker daemon. http://www.linuxsecurity.com/articles/host_security_article-5804.html +------------------------+ | Network Security News: | +------------------------+ * The Twenty Most Critical Internet Security Vulnerabilities (Updated) October 3rd, 2002 The majority of the successful attacks on operating systems come from only a few software vulnerabilities. This can be attributed to the fact that attackers are opportunistic, take the easiest and most convenient route, and exploit the best-known flaws with the most effective and widely available attack tools. http://www.linuxsecurity.com/articles/organizations_events_article-5824.html * Introduction to netfilter/iptables October 2nd, 2002 The netfilter/iptables is the IP packet filtering system that is integrated with the latest 2.4.x versions of the Linux kernel. This system facilitates greater control over IP packet filtering and firewall configuration on Linux systems, be they systems connected to the Internet or a LAN, servers, or proxy servers interfacing between a LAN and the Internet. http://www.linuxsecurity.com/articles/documentation_article-5818.html * Evaluating Network Intrusion Detection Signatures, Part Two October 2nd, 2002 In this series of articles, we present recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. http://www.linuxsecurity.com/articles/documentation_article-5815.html +------------------------+ | Cryptography: | +------------------------+ * Scientists Find Key To Water-Tight Encryption October 3rd, 2002 UK researchers have managed to send untamperable encryption keys over long distances, opening the way for totally secure communications. A team of scientists said on Wednesday they had made a major leap toward developing secure global communications. http://www.linuxsecurity.com/articles/cryptography_article-5826.html +------------------------+ | General: | +------------------------+ * Security: The Number One Worry For IT Pros October 4th, 2002 An interesting study from services company Synstar landed on our desk this morning claiming to identify the various pressures faced by IT managers and IT Directors in European companies with more than 200 employees. http://www.linuxsecurity.com/articles/forums_article-5835.html * Security Benchmark Tools Available October 4th, 2002 All federal agencies can now freely distribute and use the security configuration tools developed by the independent Center for Internet Security (CIS) and endorsed by federal security experts. http://www.linuxsecurity.com/articles/government_article-5840.html * Halting the Hacker: Second Edition of Computer Security Bestseller Released October 2nd, 2002 Kevin Jurrens writes: Prentice Hall PTR and HP Books today announced the publication of "Halting the Hacker: A Practical Guide to Computer Security," Second Edition by Donald L. Pipkin, CISSP, Information Security Architect for the Internet Security Division of the Hewlett-Packard Company. http://www.linuxsecurity.com/articles/vendors_products_article-5822.html * Interview with Roderick W. Smith October 1st, 2002 Roderick W. Smith is a professional computer book author who has extensive experience writing handbooks for users. A Linux and networking expert, he has several books to his name, including: Broadband Internet Connections, Linux: Networking for Your Office, The Multi-Boot Configuration Handbook, Linux Samba Server Administration and Advanced Linux Networking. http://www.linuxsecurity.com/articles/forums_article-5805.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 02:47:34 PDT