[ISN] Linux Security Week - September 29th 2003

From: InfoSec News (isn@private)
Date: Tue Sep 30 2003 - 03:18:26 PDT

  • Next message: InfoSec News: "[ISN] Apocalypse Soon?"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  September 29th, 2003                          Volume 4, Number 39n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Fit best
    practice with your security software," "Linux Security: Good Enough,"
    "Comparison Review: Network Intrusion-Prevention Systems," and "Test your
    data recovery plan."
    ---- >> FREE Apache SSL Guide from Thawte << ----
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
     Click Command:
    This week, advisories were released for vnc, krb5, php4, ipmasq, ssh, ARP,
    openssh, wu-ftpd, ipmasq, sendmail, proftpd and perl.  The distributors
    include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux,
    FreeBSD, Gentoo, Red Hat, Slackware, SuSE, and TurboLinux.
    FEATURE: R00ting The Hacker
    Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
    Hackers is a former intelligence officer in the U.S. Marine Corps who
    currently writes for Computerworld and CNN.com, covering national
    cyber-security issues and critical infrastructure protection.
    FEATURE: A Practical Approach of Stealthy Remote Administration
    This paper is written for those paranoid administrators who are
    looking for a stealthy technique of managing sensitive servers
    (like your enterprise firewall console or IDS).
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Creating Trustworthy Archives
    September 25th, 2003
    The efficient and secure storage of business records is fundamental to the
    insurance industry. Since its conception, organisations and individuals
    providing insurance services have needed to retain critical records to
    ensure the successful operation of their business.
    * Fit best practice with your security software
    September 25th, 2003
    Companies are increasingly considering their security as world events cast
    doubt on their ability to deal with natural disaster, human error or
    malicious attack.  Spending on security has reached record levels, and
    continues to climb as businesses seek to reassure shareholders and comply
    with standards and changing legal requirements.
    * Linux Security: Good Enough
    September 25th, 2003
    It's not that Linux is some bulletproof wonder of security. It's not. If
    you want an operating system that really been built from the ground up to
    be secure what you want is OpenBSD. The crew behind it has made safe, sane
    security job number one before Bill Gates could spell security if you
    spotted him the 's' and the 'y.'
    | Network Security News: |
    * The dangers of strikeback
    September 25th, 2003
    Who hasn't suffered from an cyberincursion and yearned to strike back at
    the attacker? Who didn't smile a little when the Nachi worm, which
    attempted to undo the damage caused by other worms, was released into the
    wild? "Strikeback" - actions taken by victims of cybercrime to hack the
    machines of their attackers - has been much discussed in the security
    community lately, and these links offers insight into the spectrum of that
    discussion. You'll learn that while striking back at attackers may be
    emotionally satisfying, this practice has any number of legal and ethical
    problems - and it may not even make the Internet much safer.
    * Intrusion Prevention and Detection: Are They Just Missing the
    September 25th, 2003
    Organizations know they must protect themselves from the mysterious enemy
    that is a `hacker' and viruses such as LoveLetter, but often there is a
    misguided belief that these external threats are the main risks to
    businesses. There is still a fundamental lack of awareness, especially
    amongst small and medium-sized businesses, of the threat lurking within
    the organization and the technologies available to protect them.
    * Exploring RSA Encryption in OpenSSL
    September 25th, 2003
    When sending your credit card number through a public medium, such as the
    Internet, your financial credibility may be compromised if the number is
    not first encrypted. It is impossible to tell who may be listening in on
    your connection as you shop for new CDs or books.
    * Test your data recovery plan
    September 24th, 2003
    Too many companies think they have disaster recovery measures in place,
    when in reality no one really knows whether they will work or how to
    implement them. The problem is that no one person is given the
    responsibility for disaster recovery, and therefore there is often no
    follow through.
    * Kerberos Security
    September 23rd, 2003
    Kerberos is a network authentication system that can help solve those two
    issues. It reduces the number of passwords each user has to memorize to
    use an entire network to one the Kerberos password. In addition, Kerberos
    incorporates encryption and message integrity to solve the second issue,
    ensuring that sensitive authentication data is never sent over the network
    in the clear.
    * Comparison Review: Network Intrusion-Prevention Systems
    September 23rd, 2003
    You've probably been on the receiving end of at least one NIP system
    vendor's marketing machine. We've certainly gotten a call or two. Although
    we were sure the promise of absolute protection against all attacks, known
    and unknown, was a bit much to hope for, we figured there had to be more
    to the claim than hot air. So we asked vendors to let us put their NIP
    devices to the test.
    | General Security News: |
    * Will Security Professionals Get Promoted?
    September 26th, 2003
    As CEOs turn to security professionals to protect the enterprise, it's
    about time some security professionals became top executives themselves.
    Security is finally becoming a primary IT job function. But does it mean
    that security professionals will be granted their own role in executive
    * Attacks prompt shutdown of antispam lists
    September 26th, 2003
    Three Web sites that provide spam-blocking lists have been forced offline
    as a result of crippling Internet attacks in what experts on Thursday said
    is an escalation in the war between spammers and opponents of unsolicited
    * Report: Microsoft dominance poses security risk
    September 24th, 2003
    A computer industry group critical of Microsoft plans to release a report
    on Wednesday arguing that the software giant's dominance in key
    technologies threatens national infrastructure.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 30 2003 - 06:13:49 PDT