[ISN] Linux Security Week - September 8th 2003

From: InfoSec News (isnat_private)
Date: Tue Sep 09 2003 - 01:11:20 PDT

  • Next message: InfoSec News: "[ISN] Police smash UK's biggest credit card fraud ring"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  September 8th, 2003                           Volume 4, Number 36n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "FreeBSD Jails,"
    "Wireless Gone Wild: Time to Plan Your WLAN," "Intrusion Detection
    Terminology," and "How many security vulnerabilities a month are
    ---- >> FREE Apache SSL Guide from Thawte << ----
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
     Click Command:
    This week, advisories were released for sendmail, gdm, node, pam_smb,
    vmware, horde, phpwebsite, eroaster, mindi, gallery, atari800, sendmail,
    and up2date. The distributors include Conectiva, Debian, Gentoo, Red Hat,
    and Turbo Linux.
    FEATURE: A Practical Approach of Stealthy Remote Administration
    This paper is written for those paranoid administrators who are looking
    for a stealthy technique of managing sensitive servers (like your
    enterprise firewall console or IDS).
    Basic Intrusion Prevention using Content-based Filtering
    This article will discuss a very useful but seemingly overlooked
    functionality of Netfilter, a firewall code widely used in Linux, that
    provides content matching and filtering capabilities.
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * FreeBSD Jails
    September 5th, 2003
    Those familiar with Java recognize the security concept of a sandbox. For
    those that aren't, it's the concept that everyone gets a unique,
    well-equipped sandbox to play in, and a person in one sandbox isn't
    allowed into anyone else's sandbox, not even to share anything with anyone
    * The Newest Front in the Anti-Spam Wars
    September 5th, 2003
    As spammers dream up new strategies for slithering into e-mail inboxes
    worldwide, their counterparts, anti-spam software developers, are always
    on the lookout for new ways to stop them cold. A bevy of companies think
    they may have a good answer in challenge-response technology.
    * Password Overload
    September 4th, 2003
    If you're anything like the rest of us, you have user names and passwords
    floating around cyberspace and, even worse, you're doing a poor job at
    keeping them a secret.  I'll admit that I have at least a half-dozen names
    and passwords taped to the outer part of my computer screen. I know that's
    a bad thing, but I also know that I'm not alone.
    * Analyze This!
    September 2nd, 2003
    Whether you have one machine connected to the Internet or ten thousand,
    keeping your network secure should be a top priority. You patch your web
    server and are mindful of your firewall configuration, but is your site
    really secure? How do you check it?
    * Securing MySQL: step-by-step
    September 2nd, 2003
    MySQL is one of the most popular databases on the Internet and it is often
    used in conjunction with PHP. Besides its undoubted advantages such as
    easy of use and relatively high performance, MySQL offers simple but very
    effective security mechanisms.
    | Network Security News: |
    * Wireless Gone Wild: Time to Plan Your WLAN
    September 5th, 2003
    One day, wireless networks will blend so seamlessly with the wired
    infrastructure that wireless LANs (WLANs) will cease to exist as a
    separate category. While that day may be indeed glimmering on the
    networking horizon, it definitely hasn't dawned yet. At this point,
    network managers still face a number of choices specific to wireless
    * Wireless Security: Is WPA Good Enough?
    September 5th, 2003
    With wireless access points proliferating into hotels, airports and
    convention centers, there is a real need for security enhancements that
    will make the corporate world more confident in Wi-Fi technology, says
    Yankee Group wireless/mobile services director Roberta Wiggins.
    "Enterprises are currently hesitant on extending employee access into the
    public Wi-Fi arena," she told NewsFactor.
    * Pocket-Sized Wireless Detection
    September 4th, 2003
    There you are: sitting in your favorite bookstore/caf, sipping a caramel
    latte and casually leafing through the latest copy of Wired magazine when
    you are suddenly bombarded from almost every direction without warning and
    with no means to stop it. Fortunately, the storm you are caught in is made
    up of 802.11 packets which are traveling in the 2.4 or 5 gigahertz range
    and pose no real physical danger to you or those around you.
    * Intrusion Detection Terminology (Part One)
    September 4th, 2003
    Intrusion Detection Systems (IDS) are still in their infancy, but in terms
    of development they are evolving at an extraordinary rate. The terminology
    associated with IDS is evolving just as rapidly. As a result of IDS' rapid
    growth and the marketing prowess of some IDS vendors, some confusion has
    arisen about the correct meaning of key terms. In some cases the same term
    may be used by different vendors to mean different things.
    * Inside NIP Hype
    September 1st, 2003
    Battle lines have been drawn, and volleys are being lobbed between the
    analyst and vendor camps. In dispute: Whether intrusion prevention is out
    of commission or the next network security salvation. On one side, Gartner
    has cast intrusion detection into its "Trough of Disillusionment," saying
    the tech has stalled and calling for these functions to move into
    firewalls. Meanwhile, intrusion-prevention product vendor ForeScout
    Technologies vows to identify and block attackers "with 100 percent
    | General Security News: |
    * Privacy's New Image
    September 5th, 2003
    Where privacy is concerned, Americans distrust their government. But
    they'll gladly hand over their personal information to a corporation to
    get a deal on their groceries.  Europeans, on the other hand, will give
    their government extremely broad surveillance powers, but they largely
    forbid private enterprise from accessing any personal data without their
    express written consent.
    * How many security vulnerabilities a month are acceptable?
    September 3rd, 2003
    Reading through responses to an article I wrote about Mad Hatter and the
    broader subject of auto-immune code, and since I am working on a project
    for a client that involves Sun products in a security context, it begs me
    to ask the question - are twenty security vulnerabilities in one month an
    acceptable number for Sun customers?
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 09 2003 - 03:55:11 PDT