[ISN] Linux Security Week - October 7th 2002

From: InfoSec News (isnat_private)
Date: Tue Oct 08 2002 - 00:01:59 PDT

  • Next message: InfoSec News: "RE: [ISN] 'Hacker' is too cutesy a word to describe what's really going on"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  October 7th, 2002                            Volume 3, Number 39n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
     
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Assessing
    Internet Security Risk," "The Twenty Most Critical Internet Security
    Vulnerabilities," "Introduction to netfilter/iptables,"  and "Evaluating
    Network Intrusion Detection Signatures."
    
    NewsForge: Guardian Digital succeeding with 
    Open Source Security Products
    
    One company able to answer yes is Guardian Digital, Inc., which, according
    to its Web site, is a "full-service Open Source security company ...
    focused on the intelligent growth of Open Source security solutions for
    Linux, including the Guardian Digital Linux Lockbox, a secure turnkey
    e-business server and the secure Linux distribution EnGarde."
    
      http://newsforge.com/article.pl?sid=02/09/30/2022240&mode=thread&tid=2
    
     
    ** Concerned about the next threat? EnGarde is the undisputed winner! 
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing 
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice 
    award thanks to the depth of its security strategy..." Find out what 
    the other Linux vendors are not telling you. 
     
     --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 
      
    
    Linux Security Week:
    This week, advisories were released for fetchmail, postgresql,
    dietlibc, glibc, unzip, python, tar, gv, XFree86, and heimdal. The
    vendors include Conectiva, EnGarde, Gentoo, Mandrake, Red Hat, and
    SuSE.
    
     --> http://www.linuxsecurity.com/articles/forums_article-5832.html
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    
    * Assessing Internet Security Risk, Part Four: Custom Web
    Applications
    October 4th, 2002
    
    This article is the fourth in a series that is designed to help readers to
    assess the risk that their Internet-connected systems are exposed to. In
    the first installment, we established the reasons for doing a technical
    risk assessment.
    
    http://www.linuxsecurity.com/articles/network_security_article-5839.html
    
    
    * Apache 1.3.27 Released: Fixes Multiple Security Vulnerabilities
    October 4th, 2002
    
    This version fixes multiple security vulnerabilities including a SysV a
    SysV shared memory-based scoreboards attack, a XSS vulnerability in the
    default 404 page handling hosted on a domain that allows wildcard DNS
    lookups, and some possible overflows in ab.c which could be exploited by a
    malicious server.
    
    http://www.linuxsecurity.com/articles/server_security_article-5841.html
    
    
    
    * Creating an Anonymous FTP server with Publicfile
    October 2nd, 2002
    
    For many moons I've meant to set up an FTP server for stunnel.org. Not
    because I like FTP, but because there are times even I find myself without
    a web browser of any kind. The server needs to support anonymous FTP (ftp
    without a password) and doesn't need to have the ability for anyone to
    have 'real' logins.
    
    http://www.linuxsecurity.com/articles/documentation_article-5817.html
    
    
    * Unix tools track hackers
    October 1st, 2002
    
    In forensic analysis, you cannot use any tools that are currently
    installed on the hacked system, because those tools could have been
    replaced with Trojan programs. For example, the ps program that displays
    the process table could have been replaced with a Trojan ps program that
    displays everything except the process of a running hacker daemon.
    
    http://www.linuxsecurity.com/articles/host_security_article-5804.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
     
    * The Twenty Most Critical Internet Security Vulnerabilities
    (Updated)
    October 3rd, 2002
    
    The majority of the successful attacks on operating systems come from only
    a few software vulnerabilities. This can be attributed to the fact that
    attackers are opportunistic, take the easiest and most convenient route,
    and exploit the best-known flaws with the most effective and widely
    available attack tools.
    
    http://www.linuxsecurity.com/articles/organizations_events_article-5824.html
    
    
    * Introduction to netfilter/iptables
    October 2nd, 2002
    
    The netfilter/iptables is the IP packet filtering system that is
    integrated with the latest 2.4.x versions of the Linux kernel. This system
    facilitates greater control over IP packet filtering and firewall
    configuration on Linux systems, be they systems connected to the Internet
    or a LAN, servers, or proxy servers interfacing between a LAN and the
    Internet.
    
    http://www.linuxsecurity.com/articles/documentation_article-5818.html
    
    
    * Evaluating Network Intrusion Detection Signatures, Part Two
    October 2nd, 2002
    
    In this series of articles, we present recommendations that will help
    readers to evaluate the quality of network intrusion detection (NID)
    signatures, either through hands-on testing or through careful
    consideration of third-party product reviews and comparisons.
    
    http://www.linuxsecurity.com/articles/documentation_article-5815.html
    
    
    
    +------------------------+
    |  Cryptography:         |
    +------------------------+
    
    * Scientists Find Key To Water-Tight Encryption
    October 3rd, 2002
    
    UK researchers have managed to send untamperable encryption keys over long
    distances, opening the way for totally secure communications.  A team of
    scientists said on Wednesday they had made a major leap toward developing
    secure global communications.
    
    http://www.linuxsecurity.com/articles/cryptography_article-5826.html
    
    
    
    
    +------------------------+
    |  General:              |
    +------------------------+
    
    * Security: The Number One Worry For IT Pros
    October 4th, 2002
    
    An interesting study from services company Synstar landed on our desk this
    morning claiming to identify the various pressures faced by IT managers
    and IT Directors in European companies with more than 200 employees.
    
    http://www.linuxsecurity.com/articles/forums_article-5835.html
    
    
    * Security Benchmark Tools Available
    October 4th, 2002
    
    All federal agencies can now freely distribute and use the security
    configuration tools developed by the independent Center for Internet
    Security (CIS) and endorsed by federal security experts.
    
    http://www.linuxsecurity.com/articles/government_article-5840.html
    
    
    * Halting the Hacker: Second Edition of Computer Security Bestseller
    Released
    October 2nd, 2002
    
    Kevin Jurrens writes: Prentice Hall PTR and HP Books today announced the
    publication of "Halting the Hacker: A Practical Guide to Computer
    Security," Second Edition by Donald L. Pipkin, CISSP, Information Security
    Architect for the Internet Security Division of the Hewlett-Packard
    Company.
    
    http://www.linuxsecurity.com/articles/vendors_products_article-5822.html
    
    
    
    * Interview with Roderick W. Smith
    October 1st, 2002
    
    Roderick W. Smith is a professional computer book author who has extensive
    experience writing handbooks for users. A Linux and networking expert, he
    has several books to his name, including: Broadband Internet Connections,
    Linux: Networking for Your Office, The Multi-Boot Configuration Handbook,
    Linux Samba Server Administration and Advanced Linux Networking.
    
    http://www.linuxsecurity.com/articles/forums_article-5805.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 02:47:34 PDT