[ISN] Linux Security Week - November 25th 2002

From: InfoSec News (isnat_private)
Date: Mon Nov 25 2002 - 23:30:42 PST

  • Next message: InfoSec News: "[ISN] Bush signs Homeland Security bill"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  November 25th, 2002                          Volume 3, Number 46n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Keeping
    User-Level Access When Locked Out," "chroot login HOWTO," "Making a
    Connection With Tcpdump," and "Open-Source Security Comes Under Fire."
    Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
    part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
    MySQL server to the basic level, one has to abide by the following
    This week, advisories were released for squid, wwoffled, lynx, tcpdump,
    fetchmail, courier, KDE SSL, nullmailer, mhonarc, smrsh, bind, ypserv,
    getbyname, ftpd, Red Hat kernel, samba, windowmaker, dhcp, php, and
    gtetrinet.  The distributors include Caldera, Debian, FreeBSD, Gentoo,
    Mandrake, NetBSD, OpenPKG, Red Hat, SuSE, and Trustix.
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    FEATURE: Security - Physical and Service
    The first installation of a 3 part article covering everything from
    physical security and service security to LAMP security (Linux Apache
    MySQL PHP).
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Keeping User-Level Access When Locked Out
    November 20th, 2002
    Incomplete user-locking procedures can fail, leaving opportunities for
    them to maintain access to your system without your consent.
    * chroot login HOWTO
    November 20th, 2002
    This HOWTO details creating accounts on a *nix operating system that are
    chroot'ed to their home directory. That is, one this user logs in, they
    will not be able to access any other part of the filesystem(s) other than
    what lies in the account's home directory.
    * Caught in a BIND
    November 20th, 2002
    Weinberg's second law, a decades-old programmers' joke, states, "If
    builders built buildings the way programmers wrote programs, then the
    first woodpecker that came along would destroy civilization."
    * Your DNS Servers Aren't Safe
    November 18th, 2002
    A huge new hole that allows remote code execution takeovers of DNS servers
    is in the news. And--once again--it spells big trouble and long hours for
    CSOs and system administrators.
    | Network Security News: |
    * VPN, firewall sales expected to boom
    November 21st, 2002
    Worldwide revenue from sales of VPN (virtual private network) and firewall
    hardware and software will grow by 31 percent from $668 million in the
    third quarter of 2002 to $874 million in the third quarter of next year,
    according to research released Wednesday by Infonetics Research.
    * Military Pushes For Wireless Security
    November 21st, 2002
    Military leaders agree that wireless communication is the wave of the
    future, but they also agree that it needs far greater security features to
    become deployable and reliable on the battlefield.
    * Secure your Samba shares
    November 21st, 2002
    RAV AntiVirus for Samba (Linux) is, as the name describes it, an antivirus
    product 100% dedicated to Linux, protecting file servers from viruses and
    other malwares, regardless of the systems targeted. Due to integration of
    a cutting edge technology named "total platform independence", RAV engine
    detects all malwares, be it for Windows, Linux or other OS.
    * Environment Audit
    November 21st, 2002
    Env_audit is a program that ferrets out everything it can about the
    environment. It is ideal for looking for security problems due to
    misconfiguration or software bugs.  Software developers that write any
    program that shells out to run a command should be audited with this
    * The worst security problems?
    November 19th, 2002
    About a month ago, the SANS Institute, in cooperation with the U.S.
    Federal Bureau of Investigation, released its list of "The Twenty Most
    Critical Internet Security Vulnerabilities (Updated) - The Experts'
    Consensus" for 2002.
    * Making a Connection With tcpdump, Part II
    November 18th, 2002
    Using tcpdump we can analyze the PDUs that establish and terminate a
    TCP/IP connection. TCP uses a special mechanism to open and close
    connections. The tcpdump output below display data from different
    connection scenarios between host and The
    following tcpdump command and options were used to generate output.
    * Making a Connection With tcpdump, Part I
    November 18th, 2002
    As an system administrator, small command-line utilities that require
    little setup and can be used for troubleshooting increase in value --
    especially when you are called out at 2:00am for a system problem.
    | Cryptography News:     |
    * Light at End of Encryption Tunnel
    November 21st, 2002
    Quantum encryption is about to make life much more difficult for Internet
    spies.  A new method of scrambling data manipulates light to create more
    complex patterns than just "on" or "off," as with typical encryption. As a
    result, the information in an e-mail message or file is indecipherable
    because it contains too much "noise."  Not only will it make data
    uncrackable, the new technology also speeds up the increasingly slow
    process of sending coded messages over the Internet.
    |  General News:         |
    * Open-Source Security Comes Under Fire
    November 22nd, 2002
    Thanks to several high-profile vulnerabilities and an overall increase in
    the number of flaws, open-source software has taken over Microsoft Corp.'s
    position at the bottom of the security heap.
    * Real World Linux Security, 2e
    November 22nd, 2002
    The author of this book, Bob Toxen, is one of the 162 recognized
    developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years
    of Linux experience. Trivia from his resume includes that he was one of
    the four developers who did the initial port of UNIX to Silicon Graphics
    hardware, that he was an architect of the client/server system used by
    NASA's Kennedy Space Center and that he wrote the "The Problem Solver"
    column for popular UNIX Review magazine. Currently he is a president of
    Fly-By-Day Consulting, Inc. offering Linux security-consulting services.
    * Is IT Overspending On Security?
    November 20th, 2002
    While viruses, worms and hacking attacks continue to evolve, the costs of
    security failure have about doubled for each of the last five years. It
    has been standard practice for too long for companies to counter this
    trend by investing in additional security technology. In the end, however,
    they still lag the hackers and the malefactors of malicious code.
    * Interview with Lance Spitzner
    November 20th, 2002
    Lance Spitzner is a geek who constantly plays with computers, especially
    network security.  His passion is researching honeypot technologies and
    using them to learn more about the enemy. He is the founder of the
    Honeynet Project, moderator of the honeypot mailing list, co-author of
    "Know Your Enemy", author of Honeypots: Tracking Hackers" and also author
    of several whitepapers. He works as a senior security architect for Sun
    Microsystems, Inc.
    * IT Security: Have You Checked Out Your Staff?
    November 19th, 2002
    Research has revealed firms are increasing their spend on IT security as
    companies become more concerned about protecting data, especially against
    employees.  IT security spend continues to rise in the UK despite the
    ongoing high-tech recession, with companies broadening their strategies to
    include an oft-neglected area: their staff.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 02:23:59 PST