[ISN] Linux Security Week - December 8th 2003

From: InfoSec News (isn@private)
Date: Tue Dec 09 2003 - 02:33:11 PST

  • Next message: InfoSec News: "[ISN] Hacker research survey"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  December 8th, 2003                            Volume 4, Number 49n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Linux Security
    Expert Defends Debian," "Cross Site Scripting Explained," "Honeypots: The
    sweet spot in network security," and "Security fears push users to open
    source."
    
    ---
    
    >> Get Thawtes NEW Step-by-Step SSL Guide for Apache <<
    
    In this guide you will find out how to test, purchase, install and use a
    Thawte Digital Certificate on you Apache web server. Throughout, best
    practices for set-up are highlighted to help you ensure efficient ongoing
    management of your encryption keys and digital certificates.
    
    Get your copy of this new guide now:
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte29
    
    ---
    
    LINUX ADVISORY WATCH:
    This week, there are multiple serious vulnerabilities that need to be
    addressed.  Advisories were released for bind, rsync, the Linux kernel,
    xboard, and gnupg.  The distributions include Caldera, Conectiva, Debian,
    Guardian Digital's EnGarde Secure Linux, Fedora, FreeBSD, Gentoo,
    Mandrake, Red Hat, Slackware, SuSE, Trustix, Turbolinux, and Yellow Dog
    Linux.
    
    http://www.linuxsecurity.com/articles/forums_article-8474.html
    
    ---
    
    Guardian Digital Customers Protected From Linux Kernel Vulnerability
    
     As a result of the planning and secure design of EnGarde Secure Linux,
     the company's flagship product, Guardian Digital customers are securely
     protected from a vulnerability that lead to the complete compromise of
     several high-profile open source projects, including those belonging to
     the Debian Project.
    
     http://www.linuxsecurity.com/feature_stories/feature_story-155.html
    
    ---
    
    
    FEATURE: R00ting The Hacker
    
    Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
    Hackers is a former intelligence officer in the U.S. Marine Corps who
    currently writes for Computerworld and CNN.com, covering national
    cyber-security issues and critical infrastructure protection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-150.html
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Linux Security Expert Defends Debian
    December 4th, 2003
    
    Debian Project leaders did a good job before and after a breach that took
    down their servers Nov. 21 said Jay Beale, lead developer on the Bastille
    Linux project and a consultant at JJB Security Consulting & Training.
    
    http://www.linuxsecurity.com/articles/forums_article-8464.html
    
    
    * Significant rsync 2.5.6 Security Vulnerability
    December 4th, 2003
    
    The rsync team has received evidence that a vulnerability in rsync was
    recently used in combination with a Linux kernel vulnerability to
    compromise the security of a public rsync server. While the forensic
    evidence we have is incomplete, we have pieced together the most likely
    way that this attack was conducted and we are releasing this advisory as a
    result of our investigations to date.
    
    http://www.linuxsecurity.com/articles/server_security_article-8463.html
    
    
    * Linux Kernel Compromise "Was Not Debian Specific."
    December 3rd, 2003
    
    Recently multiple servers of the Debian project were compromised using a
    Debian developers account and an unknown root exploit. Forensics revealed
    a burneye encrypted exploit. Robert van der Meulen managed to decrypt the
    binary which revealed a kernel exploit. Study of the exploit by the Red
    Hat and SuSE kernel and security teams quickly revealed that the exploit
    used an integer overflow in the brk system call.
    
    http://www.linuxsecurity.com/articles/host_security_article-8448.html
    
    
    * Cross Site Scripting Explained
    December 2nd, 2003
    
    For those of you who don't know the acronym, XSS stands for Cross-Site
    Scripting. It is the term that has been given to web pages that can be
    tricked into displaying web surfer supplied data capable of altering the
    page for the viewer.  This is a pretty broad term and I apologize, but as
    you will see XSS has such a wide ranging berth of attack vectors that such
    a Description is necessary.
    
    http://www.linuxsecurity.com/articles/server_security_article-8440.html
    
    
    * Serious Linux Security Flaw Found
    December 2nd, 2003
    
    A serious vulnerability in the Linux 2.4 kernel has been discovered. The
    flaw allows users on a Linux machine to gain unlimited access privileges,
    according to a security advisory posted by developers of the noncommercial
    Debian Linux distribution.
    
    http://www.linuxsecurity.com/articles/host_security_article-8441.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Fighting Spammers With Honeypots
    December 5th, 2003
    
    Though spam should generally not be considered a real cyber attack, it may
    be difficult to distinguish between virus-contaminated emails, phishing
    scams and bothersome ads (those containing tricky JavaScript or specific
    forged HTML used to track them). Moreover, spammers slow the servers
    receiving legitimate emails and may cause availability problems.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8481.html
    
    
    * Honeypots: The sweet spot in network security
    December 2nd, 2003
    
    The role of decoy-based intrusion-detection technology, or "honeypots," is
    evolving. Once used primarily by researchers as a way to attract hackers
    to a network system in order to study their movements and behavior,
    honeypots are now beginning to play an important part in enterprise
    security. Indeed, by providing early detection of unauthorized network
    activity, honeypots are proving more useful to IT security professionals
    than ever.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8447.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * Network Security: Double Impact
    December 5th, 2003
    
    Should there be two security guards, one to spot potential intruders to
    your house and another one to stop him from getting in? If you transpose
    this to the enterprise-network situation, we are faced with a classic
    debate challenging CIO's and security experts alike.
    
    http://www.linuxsecurity.com/articles/network_security_article-8479.html
    
    
    * Security fears push users to open source
    December 5th, 2003
    
    Security concerns are prompting chief information officers (CIOs) to
    consider moving from Microsoft to open source on the desktop, according to
    a report from investment house Merrill Lynch.  A survey of 100 CIOs, (75
    in the US and 25 in Europe) found that 58 per cent were looking at open
    source because of its better record on security.
    
    http://www.linuxsecurity.com/articles/general_article-8475.html
    
    
    * A Simple Plan (for Security)
    December 3rd, 2003
    
    By the time Sanjay Kumar ascended to CEO of Computer Associates, the
    software giant was inundated with troubles. The tech market bust had
    stunted previously impressive growth. Its software was perceived as second
    rate. Customers railed against outrageous contracts sold by arrogant sales
    staff. Disenfranchised investors began demanding heads, Kumar's among
    them. Lawsuits mounted.
    
    http://www.linuxsecurity.com/articles/general_article-8458.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 09 2003 - 04:50:44 PST