+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 5th, 2004 Volume 5, Number 1n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Secure Programmer: Keep an Eye on Inputs," "Checklist for Deploying an IDS," and "Wireless Not Yet the Recommended Answer." --- >> Get Thawtes NEW Step-by-Step SSL Guide for Apache << In this guide you will find out how to test, purchase, install and use a Thawte Digital Certificate on you Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Get your copy of this new guide now: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte29 --- LINUX ADVISORY WATCH: This week, advisories were released for xsok, cvs, and proftpd. The distributors include Debian, Gentoo, and Mandrake. http://www.linuxsecurity.com/articles/forums_article-8668.html OSVDB: An Independent and Open Source Vulnerability Database This article outlines the origins, purpose, and future of the Open Source Vulnerability Database project. Also, we talk to with Tyler Owen, a major contributor. http://www.linuxsecurity.com/feature_stories/feature_story-156.html --- Guardian Digital Customers Protected From Linux Kernel Vulnerability As a result of the planning and secure design of EnGarde Secure Linux, the company's flagship product, Guardian Digital customers are securely protected from a vulnerability that lead to the complete compromise of several high-profile open source projects, including those belonging to the Debian Project. http://www.linuxsecurity.com/feature_stories/feature_story-155.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Secure programmer: Keep an eye on inputs December 31st, 2003 This article discusses various ways data gets into your program, emphasizing how to deal appropriately with them; you might not even know about them all! It first discusses how to design your program to limit the ways data can get into your program, and how your design influences what is an input. It then discusses various input channels and what to do about them, including environment variables, files, file descriptors, the command line, the graphical user interface (GUI), network data, and miscellaneous inputs. http://www.linuxsecurity.com/articles/documentation_article-8662.html * Ten Security Checks for PHP, Part 1 December 29th, 2003 Web applications have become a popular way to provide global access to data, services, and products. While this global access is one of the Web's underlying advantages, any security holes in these applications are also globally exposed and frequently exploited. It is extremely easy to write applications that contain unintentional security holes. http://www.linuxsecurity.com/articles/server_security_article-8627.html +------------------------+ | Network Security News: | +------------------------+ * Wireless Not Yet the Recommended Answer January 2nd, 2004 Despite all the talk of networks going wireless in 2003, it will be some time before the enterprise enjoys the promise of ubiquitous IP (Internet protocol) connectivity, according to Meta Group Inc. senior research analyst Bjarne Munch. http://www.linuxsecurity.com/articles/network_security_article-8667.html * Checklist for Deploying an IDS January 2nd, 2004 Installing a Network IDS (NIDS) onto a network requires a significant amount of thought and planning. In addition to the technical issues and product selection there are resource issues, from product cost to manning the sensor feeds and supporting the infrastructure that must also be considered. http://www.linuxsecurity.com/articles/intrusion_detection_article-8675.html * Snort 2.1.0 Available December 30th, 2003 A ton of new and updated rules. This release also includes all the fixes from version 2.0.6. The Snort manual has been updated to reflect v2.1 and address the many suggestions from users. The manual is still a work in progress. http://www.linuxsecurity.com/articles/projects_article-8658.html * fwall 1.4-2 December 29th, 2003 fwall is a simple user-friendly firewall script for iptables. It is based on bash. It includes a configuration for 1-2 interfaces, port forwarding, DoS protection, and so on. http://www.linuxsecurity.com/articles/firewalls_article-8639.html +------------------------+ | General Security News: | +------------------------+ * The Unix Bookshelf, "Linux Server Hacks" January 2nd, 2004 When we last dusted off our Unix bookshelf, we were considering books about "the Unix Way" as an abstraction or paradigm, and hadn't gotten around to discussing any books addressing practical Unix. http://www.linuxsecurity.com/articles/documentation_article-8674.html * Experts: 2004 seen bringing more, worse cyberattacks December 31st, 2003 The New Year will offer weary network administrators little respite from a new generation of Internet worms, viruses and targeted hacks that appeared in 2003, according to security experts. http://www.linuxsecurity.com/articles/network_security_article-8663.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jan 06 2004 - 05:15:14 PST