[ISN] Linux Security Week - October 14th 2002

From: InfoSec News (isnat_private)
Date: Tue Oct 15 2002 - 10:23:18 PDT

  • Next message: InfoSec News: "[ISN] Re: Just a quick administrative note..."

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  October 14th, 2002                           Volume 3, Number 40n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Fingerprinting
    Exploits In System And Application Log Files," "Stenographied File
    Transfer Using Posix File Locks," "Security Tools in Linux Distributions,"
    and "Ten Minute Firewall."
     You may think people will regard your business as trustworthy 
     because you've got a 128-bit encryption certificate, but encryption 
     does not guarantee trust. Thawte believes in rigorous authentication.
       Download our FREE Authentication Guide:
    BOOK REVIEW: Honeypots: Tracking Hackers
    Tracking Hackers by Lance Spitzner is fantastically written. The detailed
    definitions and descriptions make it a great book even for the honeypot
    novice to understand. It grabs your attention right from the very
    beginning, holds it to the end and leaves you wanting more.
    Linux Security Week:
    This week, advisories were released for tomcat, tkmail, htmail, fetchmail,
    buzilla, libkvm, Konqueror, talkd, sendmail, pic, libc, rouge, apache,
    hylafax, php, tcpdump, gv, and nss_ldap.  The vendors include Conectiva,
    Debian, EnGarde, NetBSD, OpenBSD, Red Hat, and SuSE.
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Sendmail Trojan Looks Familiar
    October 11th, 2002
    The Trojan horse discovered in a distribution of the Sendmail open-source
    e-mail server has striking similarities to a backdoor planted in OpenSSH
    last summer, according to security experts who've analyzed the code. But
    missteps in the alerting process may have given the culprits a chance to
    cover their tracks.
    * Design For Security Up Front
    October 11th, 2002
    Of the five basic phases--initiation, development, implementation,
    maintenance, and decommissioning/disposal--often the need for security
    isn't realized until the implementation phase, and security measures not
    added until the maintenance phase. Even so, fixing many other system
    vulnerabilities is simply an afterthought, addressed with patches, service
    packs, or emergency hot fixes.
    * Footprints in the Sand, Part One. Fingerprinting Exploits In System
    And Application Log Files
    October 11th, 2002
    Forensic analysts and incident response engineers are armed with a slew of
    open source and commercial forensic toolsets to attempt to understand and
    analyze break-ins they did not witness. The most critical component of
    forensic analysis is system log files.
    * Chroot Jails Made Easy with the Jail Chroot ProjectRegister
    October 11th, 2002
    There are always difficult jobs to do as a GNU/Linux system administrator.
    Sometimes the difficulty lies in finding out how to do a particular job,
    not neccessarily the job itself. This can be particularly true in the open
    source world where documentation can often take a back seat to
    * When Code Goes Wrong - Format String Exploition
    October 10th, 2002
    I will try to keep this article as short and as easy to understand as
    possible so the average people would understand this concept.  What is
    Format String? Formatstring are the %d, %s, %u, %x, %p %n in your C
    langauge that you use when using printf and something similar.  How is it
    * Stenographied File Transfer Using Posix File Locks
    October 10th, 2002
    Every computer system is insecure! Why? because by using any system
    resources that are available to each process information can be leaked.
    Say for example you can detect CPU usage remotely (possible by measuring
    the time taken for a ping reply for example).
    * Assessing Internet Security Risk, Part Five: Custom Web
    Applications Continued
    October 9th, 2002
    This article is the fifth and final in a series that is designed to help
    readers to assess the risk that their Internet-connected systems are
    exposed to. In the first installment, we established the reasons for doing
    a technical risk assessment.
    * Introduction to Buffer Overflows
    October 9th, 2002
    Hello, here I am again, this time I'll let you know what is in fact buffer
    overflow and how you can detect if some program is vulnerable to buffer
    overflow exploits. This tutorial has C source code, so if you don't know C
    you can have some problems in this tutorial, you also need to have some
    notions on ASM and how to use gdb.
    * Improve Linux Security
    October 8th, 2002
    Although Linux's native support for networking services is part of the
    OS's appeal, these services can also create a security risk. Stop
    unnecessary network services.  One of the attractions of Linux is its
    native support for a wide range of TCP/IP services, many of which are
    configured to run by default.
    * Security Tools in Linux Distributions, Part I
    October 7th, 2002
    With so many security tools available, it can be hard to know what to use.
    Many users do not want to be bothered with downloading, learning and
    configuring security software when so many other things need to be done.
    * Inhospitable Hosts
    October 7th, 2002
    Intrusion prevention sounds cool. It's sexy. It's the action hero of the
    infosecurity universe, smacking down the bad guys before they can get in
    and hurt the assets your organization holds near and dear.  But what is
    it, really?
    * Writing anti-IDS Shellcode
    October 7th, 2002
    In the last few weeks i had made an intensive study of Intrusion -
    Detection Systems like snort. I found that several ways of escaping from
    being detected while checking for vulnerable CGI's were already made by
    RFP (rfpat_private).
    | Network Security News: |
    * A Security Nightmare: Wireless Security
    October 13th, 2002
    And after suffering through the Love Bugs and Code Reds of e-mail, the
    growth of mobile wireless raises the question of whether businesses have
    learned their lessons for this second round. So far, experts say, not
    really. But the final test may still be a few years away.
    * FreeS/WAN Weekly Summary: IPsec on the Zaurus and more
    October 10th, 2002
    Hackers start using 'side-channel' attacks Side-channel attacks are the
    next big threat from hackers, according to the head of RSA Labs.  Normal
    attacks on code are conducted by looking at the unencrypted message and
    the encrypted message and attempt to recover the encryption key
    * Firewalls - back to basics
    October 9th, 2002
    A firewall is software or hardware that sits between two networks --
    typically, between your LAN and the Internet -- and allows some sorts of
    network traffic through while preventing others. It works by rules that
    you set, which define the sort of security you want.
    * Guide to Intrusion Prevention
    October 9th, 2002
    In addition to the host application tools discussed in this article, the
    broad term "intrusion prevention" encompasses several other classes of
    tools that protect hosts, Web applications and networks by actively
    blocking malicious actions.
    * Ten Minute Firewall
    October 8th, 2002
    Each major version of Linux has had a different firewalling software
    suite. 2.0 kernels had ipfwadm, 2.2 had ipchains, and 2.4 has iptables.  
    (2.4 can support ipchains-style rules if you load the ipchains module.)  
    Each offers great improvements from its predecessors.
    |  Vendors/Products:     |
    * Snort 2.0 - Detection Revisited
    October 11th, 2002
    Sourcefire's commitment to delivering the most innovative and effective
    intrusion management solutions continues with the latest contribution to
    Snort 2.0 development. As part of Sourcefire's dedication to the Open
    Source community, the company continually upgrades Snort with technologies
    and enhancements developed for its commercial products.
    * New threat forces cryptography rethink
    October 10th, 2002
    Hackers start using 'side-channel' attacks Side-channel attacks are the
    next big threat from hackers, according to the head of RSA Labs.  Normal
    attacks on code are conducted by looking at the unencrypted message and
    the encrypted message and attempt to recover the encryption key.  But
    side-channel attacks look at other information in an attempt to crack the
    code, such as the time taken to perform an operation and how power
    consumption changes.  Bert Kaliski, head of RSA Labs, told vnunet.com that
    these methods are forcing the industry to think again.  "Side-channel
    attacks are causing a fundamental rethink in the way we write encryption
    software," he said. "As the methods used become automated, our job is
    getting tougher."
    |  General News:         |
    * Sun Exec Defends Open-Source Security
    October 11th, 2002
    Whitfield Diffie, the inventor of public key cryptography and now chief
    security officer at Sun Microsystems, spoke out Tuesday in defense of the
    security of open-source software.  In a keynote address at the RSA
    Conference here, Diffie defended open-source software against an attack
    made earlier at the same conference by Microsoft's chief security officer,
    Craig Mundie.
    * Security Tops List of Reasons Not to Deploy Web Services
    October 11th, 2002
    End-to-end security of web services forms the most significant barrier to
    implementation by organizations, but this is not expected to hinder future
    * Is Linux Really More Secure Than Windows?
    October 11th, 2002
    Microsoft has organized a huge security program as a result of vocal
    complaints from users, while the Linux effort is, in Eric Hemmendinger's
    words, "less disciplined but more timely."  Ramen, Slapper, Scalper and
    Mighty may sound like Santa's new team of reindeer, but they are creatures
    far lower down the evolutionary ladder -- and much less welcome.
    * The Great Security Self-Assessment Test
    October 8th, 2002
    As the laws governing the use of employee and customer data become ever
    more complex, IT directors are having to spend more time creating legally
    watertight privacy policies.
    * NIST-NSA Team Readies Systems Security Guidance
    October 8th, 2002
    The National Information Assurance Partnership in the next month will
    release two draft guides to create standards for systems security
    certification and accreditation and for minimum security controls for IT>.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 13:13:37 PDT