+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 6th, 2003 Volume 4, Number 40n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Integer Array Overflows Tutorial," "Wireless Network Policy Development," "Traffic Control HOWTO," and "Blind SQL Injection: Are Your Vulnerable." ---- >> FREE Apache SSL Guide from Thawte << ---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache --- LINUX ADVISORY WATCH: This week, advisories were released for proftpd, openssl, marbles, freesweep, webfs, OpenSSL, mpg123, teapop, and proftpd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo, Immunix, Red Hat, Trustix, and Turbolinux. http://www.linuxsecurity.com/articles/forums_article-8057.html FEATURE: R00ting The Hacker Dan Verton, the author of The Hacker Diaries: Confessions of Teenage Hackers is a former intelligence officer in the U.S. Marine Corps who currently writes for Computerworld and CNN.com, covering national cyber-security issues and critical infrastructure protection. http://www.linuxsecurity.com/feature_stories/feature_story-150.html --- FEATURE: A Practical Approach of Stealthy Remote Administration This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS). http://www.linuxsecurity.com/feature_stories/feature_story-149.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Linux--The Most Secure OS of All October 3rd, 2003 Some may claim otherwise, but many insist that Linux is the most secure operating system (OS) of them all. Linux security advocates point to a plethora of hardened distributions and hardened kernels, for one thing. Linux administrators can also take also take many steps to make any distro even more secure, starting with installation procedures. http://www.linuxsecurity.com/articles/forums_article-8063.html * Spam: This Time It's Personal October 2nd, 2003 Andy Markley was really looking forward to a work-free Labor Day weekend far away from his computer. But he made the mistake of checking his inbox before he left for his planned holiday. Hundreds of e-mails greeted Markley that Saturday morning, most of them reporting an undeliverable message sent from his e-mail account. http://www.linuxsecurity.com/articles/privacy_article-8052.html * Blind SQL Injection: Are Your Vulnerable October 1st, 2003 SQL Injection can deliver total control of your server to an attacker giving them the ability to read, write and manipulate all data stored in your backend systems. http://www.linuxsecurity.com/articles/server_security_article-8045.html * Web Exploits Explained October 1st, 2003 The most common attacks that we all know of are discussed in this chapter. Hackers exploit web vulnerabilities that most have little or no control over. The most common web server vulnerabilities exist within Microsoft Internet Information Server (IIS), Sun ONE Java web server, Apache and a few other web servers. http://www.linuxsecurity.com/articles/documentation_article-8046.html * Integer Array Overflows Tutorial October 1st, 2003 This paper discusses the exploitation of integer arrays due to lack of calculations to limit the amount of elements added to them. This is a fairly common occurrence in programming today, while somewhat known and understood in character array form, I've never seen it mentioned on the integer level. Expectations for this paper are that you have knowledge of stack based overflows, heap based overflows, memory workings, some knowledge of character array overflows wouldn't hurt, and of course good ANSI C programming experience. http://www.linuxsecurity.com/articles/documentation_article-8042.html * Review: Linux Security Cookbook September 29th, 2003 If you work with Linux you certainly know of many resources where you can get your questions answered when running into a problem. When it comes to securing your Linux box, there's a myriad of things you have to think about and this is where this cookbook comes into the picture. http://www.linuxsecurity.com/articles/documentation_article-8022.html +------------------------+ | Network Security News: | +------------------------+ * Stopping Spam at the Gateway October 3rd, 2003 I hate spam. You hate spam. We all hate spam. But none of us hate spam as much as ISPs and business network administrators do. Alexis Rosen, president and co-owner of Public Access Networks, which runs Panix, one of the oldest ISPs, concedes that while spam may "not be as bad as Adolph Hitler, it is morally evil." http://www.linuxsecurity.com/articles/privacy_article-8058.html * Wireless Network Policy Development (Part Two) October 3rd, 2003 Part One of this article explained the need for wireless policy, some of the inherent threats of wireless networks, and covered some of the essential components of a wireless policy. This second and final article will continue to discuss essential components for policy development, as well as address other considerations that one should be aware of. http://www.linuxsecurity.com/articles/security_sources_article-8060.html * Traffic Control HOWTO October 2nd, 2003 Traffic control encompasses the sets of mechanisms and operations by which packets are queued for transmission/reception on a network interface. The operations include enqueuing, policing, classifying, scheduling, shaping and dropping. This HOWTO provides an introduction and overview of the capabilities and implementation of traffic control under Linux. http://www.linuxsecurity.com/articles/documentation_article-8054.html * VoIP: The New Telephone Security Risk October 2nd, 2003 They have their networks locked tight, their data hidden behind firewalls and their e-mail scanned by virus protection software. But too many IT managers and security officers overlook a crucial security risk: the telephone system. As voice over IP (VoIP) setups become more common within enterprises, the risk of compromise of phone services is on the rise. http://www.linuxsecurity.com/articles/network_security_article-8049.html +------------------------+ | General Security News: | +------------------------+ * The Bottom Line: Software and copyright October 4th, 2003 Still, on the whole, no cost up-front is hard to beat. The software giants already concede their products have no advantages over open source products in terms of security and reliability. They hope to maintain sales based on superior service and customer service, but then again, none of the companies mentioned have a reputation for much other than arrogance when it comes to dealing with customers. http://www.linuxsecurity.com/articles/projects_article-8065.html * Study: Regulations driving security spending September 30th, 2003 A poll of corporate executives published Monday found that companies are increasing spending on security to satisfy legislation--not necessarily because their CEOs have seen the light. http://www.linuxsecurity.com/articles/government_article-8031.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 01:31:51 PDT