[ISN] Linux Security Week - December 1st 2003

From: InfoSec News (isn@private)
Date: Tue Dec 02 2003 - 00:52:30 PST

  • Next message: InfoSec News: "[ISN] A two-pronged approach to cybersecurity"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  December 1st, 2003                            Volume 4, Number 48n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Detecting
    Intrusions with your Firewall Log and OsHids," "Firewall Builder 1.1," and
    "SSL: Not So Secure For Network Security."
    
    >> Free Trial SSL Certificate from Thawte <<
    
    Take your first step towards giving your online business a competitive
    advantage. Test-drive a Thawte SSL certificate our easy online guide will
    show you how.
    
    Get started now:
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte28
    
    ---
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for BIND, Ethereal, Glibc, Libnids,
    phpSysInfo, Stunnel, EPIC, iproute, Pan, and XFree86. The distributors
    include Guardian Digital's EnGarde Linux, Gentoo, Mandrake, and Red Hat.
    
    http://www.linuxsecurity.com/articles/forums_article-8420.html
    
    ---
    
    Guardian Digital Launches First Secure Small Business Internet
    Productivity Solution
    
    Building a complete Internet security and productivity system for your
    organization just got a whole lot simpler and more secure with Guardian
    Digital Internet Productivity Suite. Web-based management, spam and virus
    control, groupware, VPN services, and more!
    
    Find out more now:
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=ips01
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Secure Web Sites and Servers
    November 28th, 2003
    
    If you are hosting your Web site on your own server, you need to pay
    particular attention to security. You should probably install intrusion
    detection software such as Tripwire.  If you're running a Web server you
    need to be aware of security issues that can impact your business. Hackers
    patrol the Web and are always looking for new domains that have not got
    up-to-date security on their systems.
    
    http://www.linuxsecurity.com/articles/server_security_article-8421.html
    
    
    * Probability Defense: Bayesian Filters
    November 27th, 2003
    
    Bayesian filtering works very well, measured at greater than 99.9 percent
    accuracy at detecting spam and other unwanted e-mails.  In his paper, "A
    Plan For Spam", Paul Graham popularized Bayesian filtering on word
    groupings to prevent spammers from getting their messages across. After
    all, how can you sell a new genital enlargement cream without using the
    words "enlargement" or "bigger" in conjunction with certain other words?
    
    http://www.linuxsecurity.com/articles/server_security_article-8418.html
    
    
    * Java security, Part 1: Crypto basics
    November 26th, 2003
    
    The Java platform, both its base language features and library extensions,
    provides an excellent base for writing secure applications. In this
    tutorial, the first of two parts on Java security, Brad Rubin guides you
    through the basics of cryptography and how it is implemented in the Java
    programming language, using plenty of code examples to illustrate the
    concepts.
    
    http://www.linuxsecurity.com/articles/cryptography_article-8411.html
    
    
    * Detecting Intrusions with your Firewall Log and OsHids
    November 25th, 2003
    
    In this article we are going to talk about one of the basics, but
    powerful, methods of Intrusion Detection: Firewall's Log analysis.
    Although a firewall generates a lot of log, being difficult to analyze it,
    you can use the OsHids tool to monitor your logs (generating an easy to
    view log in html with an PHP interface) and help you visualize any attempt
    to bypass your firewall policy.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8401.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Routers don't protect by default
    November 28th, 2003
    
    Routers are a good way to protect your computer from malicious attacks,
    but they are ineffective if not configured correctly. For example,
    wireless routers are inherently less secure than wired ones since they
    broadcast data back and forth between your computer and your Internet
    connection via high-frequency radio signals which can be intercepted.
    
    http://www.linuxsecurity.com/articles/network_security_article-8424.html
    
    
    * Weak monitoring lets hackers run riot
    November 28th, 2003
    
    Too many IT administrators are taking their eye off the ball and allowing
    easy back-door entry into company systems, a leading computer forensics
    expert has claimed.  In an interview with vnunet.com, Bryan Sartin,
    technology director at security service provider Ubizen, said that
    breaches are often the result of poor monitoring.
    
    http://www.linuxsecurity.com/articles/hackscracks_article-8423.html
    
    
    * Firewall Builder 1.1
    November 26th, 2003
    
    Firewall Builder consists of an object-oriented GUI and a set of policy
    compilers for various firewall platforms. In Firewall Builder, a firewall
    policy is a set of rules; each rule consists of abstract objects that
    represent real network objects and services (hosts, routers, firewalls,
    networks, protocols).
    
    http://www.linuxsecurity.com/articles/firewalls_article-8407.html
    
    
    * Think Like a Hacker - The Best Scanning Tool
    November 26th, 2003
    
    A curious change has come over the image of computer security in the last
    few years. Whereas headlines once screamed the exploits of allegedly evil
    hackers, the story now is all about bad code -- unpatched software, poorly
    secured firewalls and computer passwords left in plain sight. The hackers
    are not the real culprits; the security holes are.
    
    http://www.linuxsecurity.com/articles/host_security_article-8408.html
    
    
    * SSL: Not So Secure For Network Security
    November 24th, 2003
    
    The omnipresent SSL (Secure Socket Layer) which is supposed to offer a
    secure channel to transmit sensitive data across the Internet, may
    actually be opening up a gaping hole in your network security. This was
    the surprising bit of information was delivered to the attending bankers
    on the second day of bank.net event here in Mumbai by Udi Segall,
    Marketing Product Manager Radwell.
    
    http://www.linuxsecurity.com/articles/network_security_article-8391.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * Wi-Fi arrest highlights security dangers
    November 28th, 2003
    
    Experts agree on one point: As the popularity of wireless local-area
    networking gear grows for small businesses and consumers, break-ins on
    unsecured networks are likely to become more common and increasingly
    involve criminal activity, experts said. Wi-Fi shipments are expected to
    nearly quadruple from a projected 9.8 million units this year to 47.4
    million units by 2007, according to research firm Synergy Research Group.
    
    http://www.linuxsecurity.com/articles/hackscracks_article-8425.html
    
    
    * So when will Linux vendors charge for security fixes?
    November 28th, 2003
    
    Linux vendors spend money building security bug fixes. How much longer
    will they give them away for free, writes SecurityFocus columnist Hal
    Flynn.
    
    http://www.linuxsecurity.com/articles/vendors_products_article-8419.html
    
    
    * Secrets of Computer Espionage: Tactics and Countermeasures
    November 24th, 2003
    
    All the books I've reviewed so far are there to teach you how to protect
    your system from various intrusion attempts, show you how to configure
    things for optimal performance or provide you with an understanding of an
    operating system. The book I've read this time deals with a topic that is
    often overlooked but still very important - computer espionage.
    
    http://www.linuxsecurity.com/articles/documentation_article-8398.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 02 2003 - 02:46:02 PST