[ISN] Linux Security Week - October 13th 2003

From: InfoSec News (isn@private)
Date: Tue Oct 14 2003 - 05:17:23 PDT

  • Next message: InfoSec News: "[ISN] Homeland Security chief mulls SEC cybersecurity filings"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  October 13th, 2003                            Volume 4, Number 41n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Building an LDAP
    Server on Linux," "Nmap Version Detection Rocks," "The SANS Top 20
    Internet Security Vulnerabilities," and "Demonstrating ROI for Penetration
    Testing."
    
    ---- >> FREE Apache SSL Guide from Thawte << ----
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     Click Command:
     http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
    
    ---
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for mplayer, vixie-cron, openssl,
    kernel, openssh, mysql, SANE, perl, and pine. The distributors include
    Conectiva, Guardian Digital's EnGarde Linux, FreeBSD, Red Hat, and
    TurboLinux.
    
    http://www.linuxsecurity.com/articles/forums_article-8099.html
    
    
    EnGarde GDSN Subscription Price Reduction -
    Guardian Digital, the world's premier open source security company,
    announced today that they will be reducing the annual subscription cost of
    the Guardian Digital Secure Network for EnGarde Community users from $229
    to $60 for a limited time.
    
    
    http://www.linuxsecurity.com/feature_stories/feature_story-151.html
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Introduction to Linux Filesystem and Files
    October 10th, 2003
    
    Everything you do with Linux involves files in one way or another. You
    launch programs from files, read program configurations in files, store
    data in files, deliver files to clients via servers, and so on. Therefore,
    the tools Linux provides for manipulating files are extremely important to
    overall system performance.
    
    http://www.linuxsecurity.com/articles/server_security_article-8103.html
    
    
    * Technology Helps to Remember Passwords
    October 9th, 2003
    
    If you're anything like the rest of us, you have user names and passwords
    floating around cyberspace and, even worse, you're doing a poor job at
    keeping them a secret.  I'll admit that I have at least a half-dozen names
    and passwords taped to the outer part of my computer screen. I know that's
    a bad thing, but I also know that I'm not alone.
    
    http://www.linuxsecurity.com/articles/host_security_article-8098.html
    
    
    * Building an LDAP Server on Linux, Part 1
    October 8th, 2003
    
    Your network is growing in size and complexity. It's taking on a life of
    its own, spreading and growing and absorbing everything in its path.
    You're tearing your hair out trying to keep track, and your users have
    somehow discovered your secret phone number and are pestering you with
    endless questions and demands--where do I find this; I don't want to keep
    track of a dozen different passwords; nothing works like it should.
    
    http://www.linuxsecurity.com/articles/documentation_article-8085.html
    
    
    * Fighting Spam with Qmail (part I)
    October 7th, 2003
    
    Spam is one of the annoying facts of Internet life in the 21st century.
    So, decreasing the amount of annoying spam one gets is a worthy goal, if
    one can do it without too much effort.  In this article, I will explain
    how you can fight spam by making your qmail server filter your messages
    through spamassassin.
    
    http://www.linuxsecurity.com/articles/documentation_article-8076.html
    
    
    * Build and Implement A Single Sign-on Solution
    October 7th, 2003
    
    It is particularly difficult to bolt a single sign-on solution -- SSO, the
    ability to log in once and be authenticated to all your network resources
    -- onto existing applications, but every developer faces this problem when
    building sophisticated portals.
    
    http://www.linuxsecurity.com/articles/privacy_article-8079.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Nmap Version Detection Rocks
    October 10th, 2003
    
    Most people have heard of Nmap, the ubiquitous portscanner and more.
    Recently, a new version of Nmap was released with a new and frequently
    requested feature - version scanning<
    
    http://www.linuxsecurity.com/articles/documentation_article-8105.html
    
    
    * Juggling With Packets: Floating Data Storage
    October 9th, 2003
    
    The following paper explores the possibilities of using certain properties
    of the Internet or any other large network to create a reliable, volatile
    distributed data storage of a large capacity. Most of us, the authors of
    this paper, have attempted to juggle with three or more apples, oranges,
    or other fragile ballistic objects.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8097.html
    
    
    * The SANS Top 20 Internet Security Vulnerabilities
    October 9th, 2003
    
    The vast majority of worms and other successful cyber attacks are made
    possible by vulnerabilities in a small number of common operating system
    services. Attackers are opportunistic. They take the easiest and most
    convenient route and exploit the best-known flaws with the most effective
    and widely available attack tools.
    
    http://www.linuxsecurity.com/articles/projects_article-8096.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * Public Firms May Be Forced To Disclose Computer Security Steps
    October 10th, 2003
    
    Companies that sell stock to the public may be required to disclose what
    they are doing to protect their computer systems, Homeland Security
    Secretary Tom Ridge said Thursday.  Ridge said he already has met with
    William Donaldson, chairman of the Securities and Exchange Commission, to
    consider whether such disclosures should be included in financial filings.
    
    http://www.linuxsecurity.com/articles/general_article-8100.html
    
    
    * Expert Undermines Hacking Suspect's Defence
    October 10th, 2003
    
    An expert witness has undermined the hacking suspect's claim that he was
    framed for an Internet attack on a major US port.  An expert witness in
    the case of a teenager accused of accidentally launching a distributed
    denial of service (DDoS) attack on a major US port said on Thursday there
    was no indication that evidence had been planted on the suspect's hard
    drive.
    
    http://www.linuxsecurity.com/articles/hackscracks_article-8102.html
    
    
    * Risk Assessment Moves Beyond The Patch
    October 9th, 2003
    
    Among the many critical points raised by last weeks's threat update from
    Symantec was a reminder that risk assessment is becoming as important as
    repairing vulnerabilities. Vincent Weafer, senior director of Symantec's
    security response center, called risk assessment "a huge issue for
    enterprise."
    
    http://www.linuxsecurity.com/articles/security_sources_article-8090.html
    
    
    * A Harvest of Security Certifications
    October 9th, 2003
    
    To say that there are a lot of certifications available in security is
    like saying there is a lot of water available in the ocean. Vendors who
    offer other certifications -- such as CIW and CompTIA -- have entries in
    this field alongside organizations such as (ISC)2 that specialize only in
    the security area.
    
    http://www.linuxsecurity.com/articles/general_article-8094.html
    
    
    * Bosses Are The Weakest Link
    October 9th, 2003
    
    Senior managers may recognise the risks of lax IT security, but they
    seldom practice what they preach.  A new report to be published today from
    the Economist Intelligence Unit has found that, while board members see
    security as one of the top issues facing their companies, their knowledge
    of best practices is lacking.
    
    http://www.linuxsecurity.com/articles/forums_article-8092.html
    
    
    * Demonstrating ROI for Penetration Testing (Part Four)
    October 8th, 2003
    
    Bringing business to the Web is in and of itself risky business, just
    through the act of taking data from the inside network to the outside
    network. Data that was once protected by routers and firewalls is brought
    through the layers of security with remote procedure calls and database
    queries and made available to the public network.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8086.html
    
    
    * The Cost Of Compliance
    October 7th, 2003
    
    BellSouth Corp. knows how to work in a regulated environment, having had
    the government involved in its telecom business since its earliest days.
    Nevertheless, meeting the requirements of the Sarbanes-Oxley Act has added
    business-technology costs, in part because the IT department supports a
    group of auditors who review internal financial controls for compliance.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8073.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 14 2003 - 07:59:15 PDT