+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 13th, 2003 Volume 4, Number 41n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Building an LDAP Server on Linux," "Nmap Version Detection Rocks," "The SANS Top 20 Internet Security Vulnerabilities," and "Demonstrating ROI for Penetration Testing." ---- >> FREE Apache SSL Guide from Thawte << ---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache --- LINUX ADVISORY WATCH: This week, advisories were released for mplayer, vixie-cron, openssl, kernel, openssh, mysql, SANE, perl, and pine. The distributors include Conectiva, Guardian Digital's EnGarde Linux, FreeBSD, Red Hat, and TurboLinux. http://www.linuxsecurity.com/articles/forums_article-8099.html EnGarde GDSN Subscription Price Reduction - Guardian Digital, the world's premier open source security company, announced today that they will be reducing the annual subscription cost of the Guardian Digital Secure Network for EnGarde Community users from $229 to $60 for a limited time. http://www.linuxsecurity.com/feature_stories/feature_story-151.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Introduction to Linux Filesystem and Files October 10th, 2003 Everything you do with Linux involves files in one way or another. You launch programs from files, read program configurations in files, store data in files, deliver files to clients via servers, and so on. Therefore, the tools Linux provides for manipulating files are extremely important to overall system performance. http://www.linuxsecurity.com/articles/server_security_article-8103.html * Technology Helps to Remember Passwords October 9th, 2003 If you're anything like the rest of us, you have user names and passwords floating around cyberspace and, even worse, you're doing a poor job at keeping them a secret. I'll admit that I have at least a half-dozen names and passwords taped to the outer part of my computer screen. I know that's a bad thing, but I also know that I'm not alone. http://www.linuxsecurity.com/articles/host_security_article-8098.html * Building an LDAP Server on Linux, Part 1 October 8th, 2003 Your network is growing in size and complexity. It's taking on a life of its own, spreading and growing and absorbing everything in its path. You're tearing your hair out trying to keep track, and your users have somehow discovered your secret phone number and are pestering you with endless questions and demands--where do I find this; I don't want to keep track of a dozen different passwords; nothing works like it should. http://www.linuxsecurity.com/articles/documentation_article-8085.html * Fighting Spam with Qmail (part I) October 7th, 2003 Spam is one of the annoying facts of Internet life in the 21st century. So, decreasing the amount of annoying spam one gets is a worthy goal, if one can do it without too much effort. In this article, I will explain how you can fight spam by making your qmail server filter your messages through spamassassin. http://www.linuxsecurity.com/articles/documentation_article-8076.html * Build and Implement A Single Sign-on Solution October 7th, 2003 It is particularly difficult to bolt a single sign-on solution -- SSO, the ability to log in once and be authenticated to all your network resources -- onto existing applications, but every developer faces this problem when building sophisticated portals. http://www.linuxsecurity.com/articles/privacy_article-8079.html +------------------------+ | Network Security News: | +------------------------+ * Nmap Version Detection Rocks October 10th, 2003 Most people have heard of Nmap, the ubiquitous portscanner and more. Recently, a new version of Nmap was released with a new and frequently requested feature - version scanning< http://www.linuxsecurity.com/articles/documentation_article-8105.html * Juggling With Packets: Floating Data Storage October 9th, 2003 The following paper explores the possibilities of using certain properties of the Internet or any other large network to create a reliable, volatile distributed data storage of a large capacity. Most of us, the authors of this paper, have attempted to juggle with three or more apples, oranges, or other fragile ballistic objects. http://www.linuxsecurity.com/articles/security_sources_article-8097.html * The SANS Top 20 Internet Security Vulnerabilities October 9th, 2003 The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. http://www.linuxsecurity.com/articles/projects_article-8096.html +------------------------+ | General Security News: | +------------------------+ * Public Firms May Be Forced To Disclose Computer Security Steps October 10th, 2003 Companies that sell stock to the public may be required to disclose what they are doing to protect their computer systems, Homeland Security Secretary Tom Ridge said Thursday. Ridge said he already has met with William Donaldson, chairman of the Securities and Exchange Commission, to consider whether such disclosures should be included in financial filings. http://www.linuxsecurity.com/articles/general_article-8100.html * Expert Undermines Hacking Suspect's Defence October 10th, 2003 An expert witness has undermined the hacking suspect's claim that he was framed for an Internet attack on a major US port. An expert witness in the case of a teenager accused of accidentally launching a distributed denial of service (DDoS) attack on a major US port said on Thursday there was no indication that evidence had been planted on the suspect's hard drive. http://www.linuxsecurity.com/articles/hackscracks_article-8102.html * Risk Assessment Moves Beyond The Patch October 9th, 2003 Among the many critical points raised by last weeks's threat update from Symantec was a reminder that risk assessment is becoming as important as repairing vulnerabilities. Vincent Weafer, senior director of Symantec's security response center, called risk assessment "a huge issue for enterprise." http://www.linuxsecurity.com/articles/security_sources_article-8090.html * A Harvest of Security Certifications October 9th, 2003 To say that there are a lot of certifications available in security is like saying there is a lot of water available in the ocean. Vendors who offer other certifications -- such as CIW and CompTIA -- have entries in this field alongside organizations such as (ISC)2 that specialize only in the security area. http://www.linuxsecurity.com/articles/general_article-8094.html * Bosses Are The Weakest Link October 9th, 2003 Senior managers may recognise the risks of lax IT security, but they seldom practice what they preach. A new report to be published today from the Economist Intelligence Unit has found that, while board members see security as one of the top issues facing their companies, their knowledge of best practices is lacking. http://www.linuxsecurity.com/articles/forums_article-8092.html * Demonstrating ROI for Penetration Testing (Part Four) October 8th, 2003 Bringing business to the Web is in and of itself risky business, just through the act of taking data from the inside network to the outside network. Data that was once protected by routers and firewalls is brought through the layers of security with remote procedure calls and database queries and made available to the public network. http://www.linuxsecurity.com/articles/security_sources_article-8086.html * The Cost Of Compliance October 7th, 2003 BellSouth Corp. knows how to work in a regulated environment, having had the government involved in its telecom business since its earliest days. Nevertheless, meeting the requirements of the Sarbanes-Oxley Act has added business-technology costs, in part because the IT department supports a group of auditors who review internal financial controls for compliance. http://www.linuxsecurity.com/articles/security_sources_article-8073.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 14 2003 - 07:59:15 PDT