[ISN] Linux Security Week - December 2nd 2002

From: InfoSec News (isnat_private)
Date: Tue Dec 03 2002 - 01:33:24 PST

  • Next message: InfoSec News: "[ISN] New opportunities for NIST"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  December 2nd, 2002                           Volume 3, Number 47n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include, "TcpServer:
    Secure, Flexible Daemon Management," "Enterprise Security: The Manager's
    Defense Guide," "Chart A Plan For Security," and "Open Source Insecurity -
    You Decide."
    Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
    part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
    MySQL server to the basic level, one has to abide by the following
    This week, advisories were released for pine, samba, python, sendmail,
    kernel, and mod_php. The distributors include Conectiva, Debian, Guardian
    Digital's EnGarde Secure Linux, Mandrake, Red Hat, Slackware, SuSE, and
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    Feature: Security - Physical and Service
    The first installation of a 3 part article covering everything from
    physical security and service security to LAMP security (Linux Apache
    MySQL PHP).
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * How Did These Processes Get Here?
    November 27th, 2002
    Every now and then I like to issue challenges to my readers. This week you
    have another chance to test your wits against a problem, but the rewards
    are higher. Instead of a measly postcard, the winner will get a copy of
    Hacking Linux Exposed, Second Edition.
    * Internet Site Security
    November 26th, 2002
    Internet Site Security - what a name for a book. When I first heard about
    it I was thinking: '1400 pages, 6 CDs,' but when the book came and I began
    to read through it, I realized how much good information the authors were
    able to fit into just over 400 pages.
    * Open-Source Trojans: A Growing Problem?
    November 25th, 2002
    Experts say the insertion of Trojans into two popular tools reinforces the
    need to run readily available programs, such as MD5 hashes, to ensure that
    code hasn't been altered.  Experts recommend using MD5 hashes to expose
    * tcpserver: Secure, Flexible Daemon Management
    November 25th, 2002
    If you're still running inetd, it's time to move on. Either xinetd or
    tcpserver offer superior security and control. We're going to look at
    tcpserver. Note that there is one limitation: it manages only tcp. If
    you're using UDP or rpc services, tcpserver alone will not do the job. In
    that case, xinetd is the way to go.
    | Network Security News: |
    * Enterprise Security: The Manager's Defense Guide
    November 29th, 2002
    Mirko Zorz submits E-business, the buzzword of the second half of the
    '90s, has managed to survive and overcome problems that have occurred
    after the initial breakthrough, and is now facing a different kind of a
    problem. That is insufficient security that allows malicious users to take
    matters into their own hands, causing material damage not only to the
    companies, but also to individuals in form of their customers.
    * Intrusion detection tipped to grow
    November 28th, 2002
    Better integration of simpler products will create surge in sales
    Intrusion detection system (IDS) hardware and software sales are set to
    rocket as technology shifts are completed, according to the latest figures
    from consulting firm Infonetics Research.
    * OWASP CodeSeeker - An Open Source Application Firewall and IDS
    November 25th, 2002
    The Open Web Application Security Project (OWASP) are pleased to annouce
    the imminent availability of CodeSeeker, an Application Level Firewall and
    Intrusion Detection System (AFWIDS) for Linux, Win32 and Solaris.
    * Chart A Plan For Security
    November 25th, 2002
    I.T. departments are under pressure to cut their operating costs, but
    they're also being asked to improve and standardize information security.
    Because security doesn't come cheap or easy, technology managers need to
    chart a clear plan to effectively assess and strengthen security.
    * Combating Reverse Telnet Using OpenBSD Packet Filter (pf)
    November 25th, 2002
    This article is meant for those who are going to implement firewall using
    OpenBSD. The main purpose for this article is to protect servers (such as
    web, mail, dns and others) within a firewalled network.  This article is
    based on my personal experiences and I could not guarantee it will suit
    all system that you have.
    | General News:          |
    * Forensic Skill Needed To Bring Hackers To Justice
    November 29th, 2002
    Most firms have strategies to prevent their systems being attacked, but
    they should also develop policies on what to do in the event of a security
    breach to preserve evidence and prosecute the culprits, according to
    * Working with the CSO
    November 29th, 2002
    With security an increasing concern for most businesses, it's not
    surprising that many CTOs will soon find themselves working alongside a
    CSO (chief security officer), whose sole function is to safeguard the IT
    structure moving forward. But is this necessary, because many CTOs
    consider security one of their primary concerns?
    * Feds, Firms Unveil Test For Security Pros
    November 29th, 2002
    A new certification program for entry-level computer-security
    professionals will officially get up and running Monday, said
    representatives of the combined industry-government group behind the exam.
    * Open Source Insecurity - You Decide
    November 27th, 2002
    In a study provided by the Aberdeen Group they cited some very interesting
    factoids that seem releveant at first glance. As reported in eWeek, the
    Aberdeen Group chose the following facts to reach their conclusion: "Of
    the 29 advisories issued through October by the CERT Coordination Center
    at Carnegie Mellon University in Pittsburgh, 16 of them addressed
    vulnerabilities in open-source or Linux products.
    * A Tech Sector That's Set to Soar
    November 27th, 2002
    Tech tracker IDC in Framingham, Mass., predicts that the global market
    will grow from $6 billion in 2001 to $14.6 billion 2006, IDC estimates.
    Those will be slower gains than in the mid and late '90s, but "nothing is
    growing as quickly as it used to, because of the economy," says Check
    Point President Jerry Ungerman.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 04:26:41 PST