[ISN] Linux Security Week - November 4th 2002

From: InfoSec News (isnat_private)
Date: Tue Nov 05 2002 - 04:07:36 PST

  • Next message: InfoSec News: "[ISN] Math discovery rattles Net security"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  November 4th, 2002                           Volume 3, Number 43n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "The Very Basics
    Of TCP/IP - Layers And What They Do," "IP Smartspoofing," "Smart Security:
    Network Scanners," and "Security Fueling Open-Source Adoption."
    This week, advisories were released for chrn, bzip2, pam_ldap,
    uudecode, inn, kdegraphics, krb5, heimdal, mozilla, ypserv, mod_ssl,
    syslog-ng, and lprng.  The vendors include Caldera, Debian, EnGarde,
    Gentoo, Mandrake, and SuSE.
    Concerned about the next threat? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    FEATURE:  Remote Syslogging: A Primer - The syslog daemon is a very
    versatile tool that should never be overlooked under any circumstances.
    The facility itself provides a wealth of information regarding the local
    system that it monitors.
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Latest Linux Kernel To Control Access
    November 1st, 2002
    The Linux 2.6 kernel contains many features found in commercial Unixes,
    although some significant issues remain to be fixed.  Companies using or
    considering Linux should start planning for the next version, following
    news that developers last week stopped adding new features to the newest
    operating system kernel in preparation for the next upgrade
    * Data warehouses: A Security Disaster
    October 31st, 2002
    Through 2005, 80 percent of enterprises will not have adequately planned,
    defined or incorporated data warehouse security into their overall
    enterprise security plans, increasing by 75 percent the chance that a
    security breach will occur (0.7 probability?
    | Network Security News: |
    * Proxim's Harmony 802.11a WLAN Card: Burning Up The Airwaves
    November 1st, 2002
    As standards wars rage on in 802.11 wireless local-area networks, the
    Proxim Harmony 802.11a card shows the promise of a cost-effective wireless
    bandwidth adequate for video and data by cranking up wireless data rates
    to a theoretical 54 Mbits/second and beyond, although actual throughput is
    * Tougher Security In The Offing For Wireless LANs
    November 1st, 2002
    The Wi-Fi Alliance unveiled new security specifications for 802.11b
    networks, replacing the easy-to-circumvent Wired Equivalent Privacy (WEP)
    that's now standard.
    * Wi-Fi Group Lays Out Better Wireless Security
    October 31st, 2002
    A task group within the IEEE (Institute of Electrical and Electronic
    Engineers) 802.11 working group, which is in charge of the IEEE 802.11b
    and 802.11a standards on which Wi-Fi products are based, is now working on
    a tough new security standard called 802.11i.
    * Book Review: Network Security with OpenSSL
    October 30th, 2002
    Joe "Zonker" Brockmeier writes, "The latest addition to O'Reilly's
    "must-have" references is Network Security with OpenSSL. The book covers
    pretty much all you'd ever need to know about using OpenSSL in your
    programs.  The introduction covers some of the basics of cryptography,
    types of encryption, and so forth for about ten pages before settling down
    to discuss OpenSSL specifically.
    * The Very Basics Of TCP/IP - Layers And What They Do
    October 30th, 2002
    What is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet
    Protocol and is the system of standard protocols that runs the web. That
    is to say, any computer that wants to send WWW information to another via
    the internet will almost certainly want to use TCP/IP as the transmission
    protocol, and understanding it is the key to understand the `lower levels'
    of how the internet works.
    * IP Smartspoofing
    October 29th, 2002
    This paper describes a new technique for IP Spoofing with any network
    application. IP Spoofing is not new and various hacking tools have been
    developed to exploit it.  IP Smart Spoofing uses a combination of ARP
    Cache Poisoning, network address translation and routing.
    * Sniffer Library Version 1.0
    October 29th, 2002
    "This Sniffer package allows a high level programmer to sniff IP packets
    arriving at, and leaving their computer. A queue of IP packets is sent to
    the Java or C++ program and the programmer can analyse each packet in
    sequence. The programmer can optionally filter the queue of IP packets by
    specifying the IP addresses, protocols and port numbers for which packets
    are queued."
    * Smart Security: Network Scanners
    October 28th, 2002
    Don't wait for a hacker to show you where your network's vulnerabilities
    lie. Be smart, and use a network scanner with intelligence--artificial
    intelligence (AI), to be precise.
    | Cryptography News:     |
    * Introducing Network Attached Encryption
    October 31st, 2002
    Application security specialist Ingrian Networks has developed a
    technology to offload encryption functions from application or database
    servers onto appliances with the aim of providing more robust security for
    data in storage.
    * Kerberos Bug Bites
    October 28th, 2002
    A flaw has been identified in certain implementations of the widely used
    Kerberos authentication protocol. The flaw could be exploited by crackers
    to gain root access to authentication servers.
    |  General News:         |
    * Root-Server Attack Traced to South Korea, U.S.
    November 1st, 2002
    Last week's attacks on the Internet's backbone likely emanated from
    computers in the United States and South Korea, FBI Director Robert
    Mueller today said.  "The investigation is ongoing," Mueller said at an
    Internet security conference in Falls Church, Va.
    * Do Bug-Hunting Security Firms Put Users at Risk?
    October 31st, 2002
    When researchers at GreyMagic Software discovered a batch of security
    vulnerabilities in Microsoft's Internet Explorer earlier this month, their
    first response was to test the vulnerabilities and make sure they were for
    real. What they did next, however, raised the ire of Microsoft and others
    within the software industry.
    * NSA and NIST complete profiles for security needs
    October 31st, 2002
    The National Institute of Standards and Technology and the National
    Security Agency have completed profiles for recommended security features
    for five of the 10 technology areas the agencies have targeted for profile
    * Security Fueling Open-Source Adoption
    October 30th, 2002
    Security is becoming one of the main drivers behind the adoption of
    open-source software in the enterprise and government, say security
    experts and CIOs gathered here for Red Hat Inc.'s Open Source Security
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 06:31:50 PST