+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 4th, 2002 Volume 3, Number 43n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "The Very Basics Of TCP/IP - Layers And What They Do," "IP Smartspoofing," "Smart Security: Network Scanners," and "Security Fueling Open-Source Adoption." LINUX ADVISORY WATCH: This week, advisories were released for chrn, bzip2, pam_ldap, uudecode, inn, kdegraphics, krb5, heimdal, mozilla, ypserv, mod_ssl, syslog-ng, and lprng. The vendors include Caldera, Debian, EnGarde, Gentoo, Mandrake, and SuSE. http://www.linuxsecurity.com/articles/forums_article-6059.html Concerned about the next threat? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 FEATURE: Remote Syslogging: A Primer - The syslog daemon is a very versatile tool that should never be overlooked under any circumstances. The facility itself provides a wealth of information regarding the local system that it monitors. http://www.linuxsecurity.com/feature_stories/feature_story-123.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Latest Linux Kernel To Control Access November 1st, 2002 The Linux 2.6 kernel contains many features found in commercial Unixes, although some significant issues remain to be fixed. Companies using or considering Linux should start planning for the next version, following news that developers last week stopped adding new features to the newest operating system kernel in preparation for the next upgrade http://www.linuxsecurity.com/articles/host_security_article-6068.html * Data warehouses: A Security Disaster October 31st, 2002 Through 2005, 80 percent of enterprises will not have adequately planned, defined or incorporated data warehouse security into their overall enterprise security plans, increasing by 75 percent the chance that a security breach will occur (0.7 probability? http://www.linuxsecurity.com/articles/documentation_article-6057.html +------------------------+ | Network Security News: | +------------------------+ * Proxim's Harmony 802.11a WLAN Card: Burning Up The Airwaves November 1st, 2002 As standards wars rage on in 802.11 wireless local-area networks, the Proxim Harmony 802.11a card shows the promise of a cost-effective wireless bandwidth adequate for video and data by cranking up wireless data rates to a theoretical 54 Mbits/second and beyond, although actual throughput is lower. http://www.linuxsecurity.com/articles/vendors_products_article-6067.html * Tougher Security In The Offing For Wireless LANs November 1st, 2002 The Wi-Fi Alliance unveiled new security specifications for 802.11b networks, replacing the easy-to-circumvent Wired Equivalent Privacy (WEP) that's now standard. http://www.linuxsecurity.com/articles/network_security_article-6065.html * Wi-Fi Group Lays Out Better Wireless Security October 31st, 2002 A task group within the IEEE (Institute of Electrical and Electronic Engineers) 802.11 working group, which is in charge of the IEEE 802.11b and 802.11a standards on which Wi-Fi products are based, is now working on a tough new security standard called 802.11i. http://www.linuxsecurity.com/articles/security_sources_article-6055.html * Book Review: Network Security with OpenSSL October 30th, 2002 Joe "Zonker" Brockmeier writes, "The latest addition to O'Reilly's "must-have" references is Network Security with OpenSSL. The book covers pretty much all you'd ever need to know about using OpenSSL in your programs. The introduction covers some of the basics of cryptography, types of encryption, and so forth for about ten pages before settling down to discuss OpenSSL specifically. http://www.linuxsecurity.com/articles/documentation_article-6042.html * The Very Basics Of TCP/IP - Layers And What They Do October 30th, 2002 What is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet Protocol and is the system of standard protocols that runs the web. That is to say, any computer that wants to send WWW information to another via the internet will almost certainly want to use TCP/IP as the transmission protocol, and understanding it is the key to understand the `lower levels' of how the internet works. http://www.linuxsecurity.com/articles/documentation_article-6044.html * IP Smartspoofing October 29th, 2002 This paper describes a new technique for IP Spoofing with any network application. IP Spoofing is not new and various hacking tools have been developed to exploit it. IP Smart Spoofing uses a combination of ARP Cache Poisoning, network address translation and routing. http://www.linuxsecurity.com/articles/documentation_article-6033.html * Sniffer Library Version 1.0 October 29th, 2002 "This Sniffer package allows a high level programmer to sniff IP packets arriving at, and leaving their computer. A queue of IP packets is sent to the Java or C++ program and the programmer can analyse each packet in sequence. The programmer can optionally filter the queue of IP packets by specifying the IP addresses, protocols and port numbers for which packets are queued." http://www.linuxsecurity.com/articles/network_security_article-6041.html * Smart Security: Network Scanners October 28th, 2002 Don't wait for a hacker to show you where your network's vulnerabilities lie. Be smart, and use a network scanner with intelligence--artificial intelligence (AI), to be precise. http://www.linuxsecurity.com/articles/network_security_article-6023.html +------------------------+ | Cryptography News: | +------------------------+ * Introducing Network Attached Encryption October 31st, 2002 Application security specialist Ingrian Networks has developed a technology to offload encryption functions from application or database servers onto appliances with the aim of providing more robust security for data in storage. http://www.linuxsecurity.com/articles/cryptography_article-6049.html * Kerberos Bug Bites October 28th, 2002 A flaw has been identified in certain implementations of the widely used Kerberos authentication protocol. The flaw could be exploited by crackers to gain root access to authentication servers. http://www.linuxsecurity.com/articles/security_sources_article-6024.html +------------------------+ | General News: | +------------------------+ * Root-Server Attack Traced to South Korea, U.S. November 1st, 2002 Last week's attacks on the Internet's backbone likely emanated from computers in the United States and South Korea, FBI Director Robert Mueller today said. "The investigation is ongoing," Mueller said at an Internet security conference in Falls Church, Va. http://www.linuxsecurity.com/articles/hackscracks_article-6064.html * Do Bug-Hunting Security Firms Put Users at Risk? October 31st, 2002 When researchers at GreyMagic Software discovered a batch of security vulnerabilities in Microsoft's Internet Explorer earlier this month, their first response was to test the vulnerabilities and make sure they were for real. What they did next, however, raised the ire of Microsoft and others within the software industry. http://www.linuxsecurity.com/articles/forums_article-6056.html * NSA and NIST complete profiles for security needs October 31st, 2002 The National Institute of Standards and Technology and the National Security Agency have completed profiles for recommended security features for five of the 10 technology areas the agencies have targeted for profile development. http://www.linuxsecurity.com/articles/government_article-6054.html * Security Fueling Open-Source Adoption October 30th, 2002 Security is becoming one of the main drivers behind the adoption of open-source software in the enterprise and government, say security experts and CIOs gathered here for Red Hat Inc.'s Open Source Security Summit. http://www.linuxsecurity.com/articles/general_article-6045.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 06:31:50 PST