+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 14th, 2002 Volume 3, Number 40n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Fingerprinting Exploits In System And Application Log Files," "Stenographied File Transfer Using Posix File Locks," "Security Tools in Linux Distributions," and "Ten Minute Firewall." ** ENCRYPTION + AUTHENTICATION = TRUST ** You may think people will regard your business as trustworthy because you've got a 128-bit encryption certificate, but encryption does not guarantee trust. Thawte believes in rigorous authentication. Download our FREE Authentication Guide: http://www.gothawte.com/rd406.html BOOK REVIEW: Honeypots: Tracking Hackers Tracking Hackers by Lance Spitzner is fantastically written. The detailed definitions and descriptions make it a great book even for the honeypot novice to understand. It grabs your attention right from the very beginning, holds it to the end and leaves you wanting more. http://www.linuxsecurity.com/feature_stories/feature_story-121.html Linux Security Week: This week, advisories were released for tomcat, tkmail, htmail, fetchmail, buzilla, libkvm, Konqueror, talkd, sendmail, pic, libc, rouge, apache, hylafax, php, tcpdump, gv, and nss_ldap. The vendors include Conectiva, Debian, EnGarde, NetBSD, OpenBSD, Red Hat, and SuSE. http://www.linuxsecurity.com/articles/forums_article-5891.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Sendmail Trojan Looks Familiar October 11th, 2002 The Trojan horse discovered in a distribution of the Sendmail open-source e-mail server has striking similarities to a backdoor planted in OpenSSH last summer, according to security experts who've analyzed the code. But missteps in the alerting process may have given the culprits a chance to cover their tracks. http://www.linuxsecurity.com/articles/hackscracks_article-5902.html * Design For Security Up Front October 11th, 2002 Of the five basic phases--initiation, development, implementation, maintenance, and decommissioning/disposal--often the need for security isn't realized until the implementation phase, and security measures not added until the maintenance phase. Even so, fixing many other system vulnerabilities is simply an afterthought, addressed with patches, service packs, or emergency hot fixes. http://www.linuxsecurity.com/articles/security_sources_article-5892.html * Footprints in the Sand, Part One. Fingerprinting Exploits In System And Application Log Files October 11th, 2002 Forensic analysts and incident response engineers are armed with a slew of open source and commercial forensic toolsets to attempt to understand and analyze break-ins they did not witness. The most critical component of forensic analysis is system log files. http://www.linuxsecurity.com/articles/documentation_article-5894.html * Chroot Jails Made Easy with the Jail Chroot ProjectRegister October 11th, 2002 There are always difficult jobs to do as a GNU/Linux system administrator. Sometimes the difficulty lies in finding out how to do a particular job, not neccessarily the job itself. This can be particularly true in the open source world where documentation can often take a back seat to implementation. http://www.linuxsecurity.com/articles/documentation_article-5903.html * When Code Goes Wrong - Format String Exploition October 10th, 2002 I will try to keep this article as short and as easy to understand as possible so the average people would understand this concept. What is Format String? Formatstring are the %d, %s, %u, %x, %p %n in your C langauge that you use when using printf and something similar. How is it vulernable? http://www.linuxsecurity.com/articles/documentation_article-5882.html * Stenographied File Transfer Using Posix File Locks October 10th, 2002 Every computer system is insecure! Why? because by using any system resources that are available to each process information can be leaked. Say for example you can detect CPU usage remotely (possible by measuring the time taken for a ping reply for example). http://www.linuxsecurity.com/articles/documentation_article-5889.html * Assessing Internet Security Risk, Part Five: Custom Web Applications Continued October 9th, 2002 This article is the fifth and final in a series that is designed to help readers to assess the risk that their Internet-connected systems are exposed to. In the first installment, we established the reasons for doing a technical risk assessment. http://www.linuxsecurity.com/articles/documentation_article-5871.html * Introduction to Buffer Overflows October 9th, 2002 Hello, here I am again, this time I'll let you know what is in fact buffer overflow and how you can detect if some program is vulnerable to buffer overflow exploits. This tutorial has C source code, so if you don't know C you can have some problems in this tutorial, you also need to have some notions on ASM and how to use gdb. http://www.linuxsecurity.com/articles/documentation_article-5873.html * Improve Linux Security October 8th, 2002 Although Linux's native support for networking services is part of the OS's appeal, these services can also create a security risk. Stop unnecessary network services. One of the attractions of Linux is its native support for a wide range of TCP/IP services, many of which are configured to run by default. http://www.linuxsecurity.com/articles/host_security_article-5862.html * Security Tools in Linux Distributions, Part I October 7th, 2002 With so many security tools available, it can be hard to know what to use. Many users do not want to be bothered with downloading, learning and configuring security software when so many other things need to be done. http://www.linuxsecurity.com/articles/documentation_article-5848.html * Inhospitable Hosts October 7th, 2002 Intrusion prevention sounds cool. It's sexy. It's the action hero of the infosecurity universe, smacking down the bad guys before they can get in and hurt the assets your organization holds near and dear. But what is it, really? http://www.linuxsecurity.com/articles/intrusion_detection_article-5856.html * Writing anti-IDS Shellcode October 7th, 2002 In the last few weeks i had made an intensive study of Intrusion - Detection Systems like snort. I found that several ways of escaping from being detected while checking for vulnerable CGI's were already made by RFP (rfpat_private). http://www.linuxsecurity.com/articles/documentation_article-5847.html +------------------------+ | Network Security News: | +------------------------+ * A Security Nightmare: Wireless Security October 13th, 2002 And after suffering through the Love Bugs and Code Reds of e-mail, the growth of mobile wireless raises the question of whether businesses have learned their lessons for this second round. So far, experts say, not really. But the final test may still be a few years away. http://www.linuxsecurity.com/articles/network_security_article-5904.html * FreeS/WAN Weekly Summary: IPsec on the Zaurus and more October 10th, 2002 Hackers start using 'side-channel' attacks Side-channel attacks are the next big threat from hackers, according to the head of RSA Labs. Normal attacks on code are conducted by looking at the unencrypted message and the encrypted message and attempt to recover the encryption key http://www.linuxsecurity.com/articles/cryptography_article-5890.html * Firewalls - back to basics October 9th, 2002 A firewall is software or hardware that sits between two networks -- typically, between your LAN and the Internet -- and allows some sorts of network traffic through while preventing others. It works by rules that you set, which define the sort of security you want. http://www.linuxsecurity.com/articles/firewalls_article-5869.html * Guide to Intrusion Prevention October 9th, 2002 In addition to the host application tools discussed in this article, the broad term "intrusion prevention" encompasses several other classes of tools that protect hosts, Web applications and networks by actively blocking malicious actions. http://www.linuxsecurity.com/articles/intrusion_detection_article-5879.html * Ten Minute Firewall October 8th, 2002 Each major version of Linux has had a different firewalling software suite. 2.0 kernels had ipfwadm, 2.2 had ipchains, and 2.4 has iptables. (2.4 can support ipchains-style rules if you load the ipchains module.) Each offers great improvements from its predecessors. http://www.linuxsecurity.com/articles/documentation_article-5866.html +------------------------+ | Vendors/Products: | +------------------------+ * Snort 2.0 - Detection Revisited October 11th, 2002 Sourcefire's commitment to delivering the most innovative and effective intrusion management solutions continues with the latest contribution to Snort 2.0 development. As part of Sourcefire's dedication to the Open Source community, the company continually upgrades Snort with technologies and enhancements developed for its commercial products. http://www.linuxsecurity.com/articles/intrusion_detection_article-5899.html * New threat forces cryptography rethink October 10th, 2002 Hackers start using 'side-channel' attacks Side-channel attacks are the next big threat from hackers, according to the head of RSA Labs. Normal attacks on code are conducted by looking at the unencrypted message and the encrypted message and attempt to recover the encryption key. But side-channel attacks look at other information in an attempt to crack the code, such as the time taken to perform an operation and how power consumption changes. Bert Kaliski, head of RSA Labs, told vnunet.com that these methods are forcing the industry to think again. "Side-channel attacks are causing a fundamental rethink in the way we write encryption software," he said. "As the methods used become automated, our job is getting tougher." http://www.linuxsecurity.com/articles/cryptography_article-5880.html +------------------------+ | General News: | +------------------------+ * Sun Exec Defends Open-Source Security October 11th, 2002 Whitfield Diffie, the inventor of public key cryptography and now chief security officer at Sun Microsystems, spoke out Tuesday in defense of the security of open-source software. In a keynote address at the RSA Conference here, Diffie defended open-source software against an attack made earlier at the same conference by Microsoft's chief security officer, Craig Mundie. http://www.linuxsecurity.com/articles/security_sources_article-5895.html * Security Tops List of Reasons Not to Deploy Web Services October 11th, 2002 End-to-end security of web services forms the most significant barrier to implementation by organizations, but this is not expected to hinder future development. http://www.linuxsecurity.com/articles/general_article-5898.html * Is Linux Really More Secure Than Windows? October 11th, 2002 Microsoft has organized a huge security program as a result of vocal complaints from users, while the Linux effort is, in Eric Hemmendinger's words, "less disciplined but more timely." Ramen, Slapper, Scalper and Mighty may sound like Santa's new team of reindeer, but they are creatures far lower down the evolutionary ladder -- and much less welcome. http://www.linuxsecurity.com/articles/forums_article-5897.html * The Great Security Self-Assessment Test October 8th, 2002 As the laws governing the use of employee and customer data become ever more complex, IT directors are having to spend more time creating legally watertight privacy policies. http://www.linuxsecurity.com/articles/privacy_article-5864.html * NIST-NSA Team Readies Systems Security Guidance October 8th, 2002 The National Information Assurance Partnership in the next month will release two draft guides to create standards for systems security certification and accreditation and for minimum security controls for IT>. http://www.linuxsecurity.com/articles/government_article-5861.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 13:13:37 PDT