+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 17th, 2003 Volume 4, Number 46n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Profile, Nessus Vulnerability Scanner," "Securing Your Wireless Networks," "SSL networking heats up," and "Attacking the DNS Protocol." --- >> Get Thawte's NEW Step-by-Step SSL Guide for Apache << In this guide you will find out how to test, purchase, install and use a Thawte Digital Certificate on you Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Get you copy of this new guide now: Click Command: https://www.guardiandigital.com/cgi-bin/thawteguide.pl?guidetype=apache --- LINUX ADVISORY WATCH: This week, advisories were released for thhtpd, cups, ethereal, mpg123, xinetd, hylafax, postgresql, conquest, epic4, glibc, and and zebra. The distributors include Conectiva, Debian, Mandrake, Red Hat, and SuSE. http://www.linuxsecurity.com/articles/forums_article-8332.html OpenVPN: An Introduction and Interview with Founder, James Yonan In this article, Duane Dunston gives a brief introduction to OpenVPN and interviews its founder James Yonan. http://www.linuxsecurity.com/feature_stories/feature_story-152.html --- FEATURE: R00ting The Hacker Dan Verton, the author of The Hacker Diaries: Confessions of Teenage Hackers is a former intelligence officer in the U.S. Marine Corps who currently writes for Computerworld and CNN.com, covering national cyber-security issues and critical infrastructure protection. http://www.linuxsecurity.com/feature_stories/feature_story-150.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * How Not to Program in PHP -- Part I November 14th, 2003 PHP has become an Open Source success for web development because of its ease of use and ubiquitous code. But PHP's very reputation for quick development could get you in trouble unless you take advantage of its built-in security precautions. Just as there are tried and true rules for programming in PHP, there are also clear ways NOT to program in PHP. Most of the latter stem from carelessness. http://www.linuxsecurity.com/articles/security_sources_article-8331.html * Security by design beats retro-fitting November 13th, 2003 Corporate network security is increasingly becoming a design consideration rather than a matter of "retro-fitting" security appliances and software, according to industry consultants. Alphawest's national business continuity manager Tim Smith said the company has seen a new trend this year in networks being designed to meet security concerns. http://www.linuxsecurity.com/articles/network_security_article-8321.html * Managing User Accounts in Lindows November 13th, 2003 A special account called root can be found in any Linux or other UNIX-based system. The Lindows login manager calls this account Administrator. Sometimes the root account is called the Super-User account. This account has full permission over the system--it can do almost anything. http://www.linuxsecurity.com/articles/host_security_article-8322.html * Data forensics November 13th, 2003 Part of your security package should include forensic testing, and the process is as important as the tools you use. Jon Tullett identifies the right approach. With incident response closely tied to business continuity and the bottom line, computer forensics has become a core component of corporate security, and a daily weapon in the arsenal of law enforcement agencies. http://www.linuxsecurity.com/articles/host_security_article-8327.html * Profile: Nessus Vulnerability Scanner November 10th, 2003 The power and performance of Nessus, combined with the price- FREE- make it a compelling choice for a vulnerability scanner. Nessus also makes no assumptions regarding what services are running on what ports and it actively attempts to exploit vulnerabilities rather than just comparing version numbers of the active services. http://www.linuxsecurity.com/articles/security_sources_article-8294.html +------------------------+ | Network Security News: | +------------------------+ * Security tops networking priority list November 14th, 2003 According to a recent survey conducted by SearchNetworking.com, security products are at the top of many networking pros' wish lists. Forty-seven percent of respondents to SearchNetworking.com's 2003 Networking Report Card survey said that network security would be among the initiatives that receive the greatest resource commitments from their organizations next year. http://www.linuxsecurity.com/articles/network_security_article-8335.html * Securing Your Wireless Networks November 13th, 2003 Wireless security has had more than its fair share of bad press. The failure of the wired equivalent privacy (WEP) encryption standard to withstand hacking attacks did nothing to help the situation. And doubts linger over its successor, the Wi-Fi Protected Access (WPA), which will include the second version of WPA 2 and the 802.1x authentication standard. http://www.linuxsecurity.com/articles/network_security_article-8328.html * SSL networking heats up November 12th, 2003 The market is heating up for products that allow secure access to corporate networks based on a widely used browser security technology known as secure sockets layer encryption. Cisco Systems became the latest company to introduce a virtual private network (VPN) product based on secure sockets layer (SSL) encryption when it announced on Monday that it would add the feature to its 3000 series of network concentrators. http://www.linuxsecurity.com/articles/vendors_products_article-8320.html * Attacking the DNS Protocol November 12th, 2003 DNS is a heavily used protocol on the Internet yet has numerous security considerations. This paper whilst containing nothing new on DNS security brings together in one document many strands of DNS security which has been published and reported in many separate publications before. As such this document intends to act as a single point of reference for DNS security. http://www.linuxsecurity.com/articles/network_security_article-8318.html +------------------------+ | General Security News: | +------------------------+ * NIST posts security control guidelines for comment November 14th, 2003 The National Institute of Standards and Technology yesterday released an initial public draft of recommended security controls for federal information systems. The guidelines for mandatory controls are expected to go into effect in two years. http://www.linuxsecurity.com/articles/documentation_article-8336.html * 2+2=5: Microsoft Prepares FUD Security Assault on Linux November 12th, 2003 "Microsoft Corp. is preparing a major PR assault over Windows' perceived security failings in which it will criticize Linux for taking too long to fix bugs, we have learned. In a sign that the inroads made by the Open Source community are starting to rattle the software giant, Microsoft has hired several analysts to review how fast holes are patched in the open source software and is expected to announce that Windows compares favorably." http://www.linuxsecurity.com/articles/forums_article-8308.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Nov 18 2003 - 07:01:50 PST