[ISN] Linux Security Week - October 6th 2003

From: InfoSec News (isn@private)
Date: Mon Oct 06 2003 - 23:09:05 PDT

  • Next message: InfoSec News: "[ISN] Call for Papers - EICAR 2004"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  October 6th, 2003                             Volume 4, Number 40n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Integer Array
    Overflows Tutorial," "Wireless Network Policy Development," "Traffic
    Control HOWTO," and "Blind SQL Injection: Are Your Vulnerable."
    
    ---- >> FREE Apache SSL Guide from Thawte << ----
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     Click Command:
     http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
    
    ---
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for proftpd, openssl, marbles,
    freesweep, webfs, OpenSSL, mpg123, teapop, and proftpd. The distributors
    include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo,
    Immunix, Red Hat, Trustix, and Turbolinux.
    
    http://www.linuxsecurity.com/articles/forums_article-8057.html
    
    
    FEATURE: R00ting The Hacker
    Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
    Hackers is a former intelligence officer in the U.S. Marine Corps who
    currently writes for Computerworld and CNN.com, covering national
    cyber-security issues and critical infrastructure protection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-150.html
    
    ---
    
    FEATURE: A Practical Approach of Stealthy Remote Administration
    
    This paper is written for those paranoid administrators who are looking
    for a stealthy technique of managing sensitive servers (like your
    enterprise firewall console or IDS).
    
    http://www.linuxsecurity.com/feature_stories/feature_story-149.html
    
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Linux--The Most Secure OS of All
    October 3rd, 2003
    
    Some may claim otherwise, but many insist that Linux is the most secure
    operating system (OS) of them all. Linux security advocates point to a
    plethora of hardened distributions and hardened kernels, for one thing.
    Linux administrators can also take also take many steps to make any distro
    even more secure, starting with installation procedures.
    
    http://www.linuxsecurity.com/articles/forums_article-8063.html
    
    
    * Spam: This Time It's Personal
    October 2nd, 2003
    
    Andy Markley was really looking forward to a work-free Labor Day weekend
    far away from his computer. But he made the mistake of checking his inbox
    before he left for his planned holiday.  Hundreds of e-mails greeted
    Markley that Saturday morning, most of them reporting an undeliverable
    message sent from his e-mail account.
    
    http://www.linuxsecurity.com/articles/privacy_article-8052.html
    
    
    * Blind SQL Injection: Are Your Vulnerable
    October 1st, 2003
    
    SQL Injection can deliver total control of your server to an attacker
    giving them the ability to read, write and manipulate all data stored in
    your backend systems.
    
    http://www.linuxsecurity.com/articles/server_security_article-8045.html
    
    
    * Web Exploits Explained
    October 1st, 2003
    
    The most common attacks that we all know of are discussed in this chapter.
    Hackers exploit web vulnerabilities that most have little or no control
    over.  The most common web server vulnerabilities exist within Microsoft
    Internet Information Server (IIS), Sun ONE Java web server, Apache and a
    few other web servers.
    
    http://www.linuxsecurity.com/articles/documentation_article-8046.html
    
    
    * Integer Array Overflows Tutorial
    October 1st, 2003
    
    This paper discusses the exploitation of integer arrays due to lack of
    calculations to limit the amount of elements added to them. This is a
    fairly common occurrence in programming today, while somewhat known and
    understood in character array form, I've never seen it mentioned on the
    integer level. Expectations for this paper are that you have knowledge of
    stack based overflows, heap based overflows, memory workings, some
    knowledge of character array overflows wouldn't hurt, and of course good
    ANSI C programming experience.
    
    http://www.linuxsecurity.com/articles/documentation_article-8042.html
    
    
    * Review: Linux Security Cookbook
    September 29th, 2003
    
    If you work with Linux you certainly know of many resources where you can
    get your questions answered when running into a problem. When it comes to
    securing your Linux box, there's a myriad of things you have to think
    about and this is where this cookbook comes into the picture.
    
    http://www.linuxsecurity.com/articles/documentation_article-8022.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Stopping Spam at the Gateway
    October 3rd, 2003
    
    I hate spam. You hate spam. We all hate spam. But none of us hate spam as
    much as ISPs and business network administrators do. Alexis Rosen,
    president and co-owner of Public Access Networks, which runs Panix, one of
    the oldest ISPs, concedes that while spam may "not be as bad as Adolph
    Hitler, it is morally evil."
    
    http://www.linuxsecurity.com/articles/privacy_article-8058.html
    
    
    * Wireless Network Policy Development (Part Two)
    October 3rd, 2003
    
    Part One of this article explained the need for wireless policy, some of
    the inherent threats of wireless networks, and covered some of the
    essential components of a wireless policy. This second and final article
    will continue to discuss essential components for policy development, as
    well as address other considerations that one should be aware of.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8060.html
    
    
    * Traffic Control HOWTO
    October 2nd, 2003
    
    Traffic control encompasses the sets of mechanisms and operations by which
    packets are queued for transmission/reception on a network interface. The
    operations include enqueuing, policing, classifying, scheduling, shaping
    and dropping. This HOWTO provides an introduction and overview of the
    capabilities and implementation of traffic control under Linux.
    
    http://www.linuxsecurity.com/articles/documentation_article-8054.html
    
    
    * VoIP: The New Telephone Security Risk
    October 2nd, 2003
    
    They have their networks locked tight, their data hidden behind firewalls
    and their e-mail scanned by virus protection software. But too many IT
    managers and security officers overlook a crucial security risk: the
    telephone system. As voice over IP (VoIP) setups become more common within
    enterprises, the risk of compromise of phone services is on the rise.
    
    http://www.linuxsecurity.com/articles/network_security_article-8049.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * The Bottom Line: Software and copyright
    October 4th, 2003
    
    Still, on the whole, no cost up-front is hard to beat. The software giants
    already concede their products have no advantages over open source
    products in terms of security and reliability. They hope to maintain sales
    based on superior service and customer service, but then again, none of
    the companies mentioned have a reputation for much other than arrogance
    when it comes to dealing with customers.
    
    http://www.linuxsecurity.com/articles/projects_article-8065.html
    
    
    * Study: Regulations driving security spending
    September 30th, 2003
    
    A poll of corporate executives published Monday found that companies are
    increasing spending on security to satisfy legislation--not necessarily
    because their CEOs have seen the light.
    
    http://www.linuxsecurity.com/articles/government_article-8031.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 01:31:51 PDT