[ISN] Linux Security Week - January 12th 2004

From: InfoSec News (isn@private)
Date: Tue Jan 13 2004 - 03:02:44 PST

  • Next message: InfoSec News: "[ISN] Random Acts of Spamness"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  January 12th, 2004                             Volume 5, Number 2n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Syscheck: a new
    OS file integrity checker," "Book Review: The Effective Incident Response
    Team," and "Managing the Network Security Challenge."
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for the Linux kernel, lftp, ethereal,
    screen, BIND, libnids, mpg321, nd, jabber, zebra, fsp, and vbox3. The
    distributors include Conectiva, Debian, Guardian Digital EnGarde Secure
    Linux, Fedora, Immunix, Mandrake, Openwall, Red Hat, Slackware, SuSE,
    Trustix, and Turbolinux.
    
    http://www.linuxsecurity.com/articles/forums_article-8734.html
    
    ---
    
    Managing Linux Security Effectively in 2004
    
    This article examines the process of proper Linux security management in
    2004.  First, a system should be hardened and patched.  Next, a security
    routine should be established to ensure that all new vulnerabilities are
    addressed.  Linux security should be treated as an evolving process.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-157.html
    
    ---
    
    Guardian Digital Customers Protected From Linux Kernel Vulnerability As a
    result of the planning and secure design of EnGarde Secure Linux, the
    company's flagship product, Guardian Digital customers are securely
    protected from a vulnerability that lead to the complete compromise of
    several high-profile open source projects, including those belonging to
    the Debian Project.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-155.html
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Security flaws force Linux kernel upgrade
    January 8th, 2004
    
    Open-source developers released a new version of the Linux kernel Monday
    in a move aimed at quickly fixing several bugs--among them two serious
    security flaws.  The 2.4.24 upgrade to the Linux kernel comes a month
    after the release of the previous version of the core system software and
    only includes patches for six software issues, including the two flaws.
    
    http://www.linuxsecurity.com/articles/host_security_article-8732.html
    
    
    * Linux kernel security vuln fixed
    January 7th, 2004
    
    Polish security outfit iSEC, which discovered the vuln, warns that "proper
    exploitation of this vulnerability may lead to local privilege escalation
    including execution of arbitrary code with kernel level access".
    
    http://www.linuxsecurity.com/articles/host_security_article-8703.html
    
    
    * The wrong way to upgrade your RPMs
    January 6th, 2004
    
    Most Linux distributions use the RPM[1] format for their software
    packages. RPMs are managed by the rpm program, which typically lives at
    /usr/bin/rpm.[2]
    
    http://www.linuxsecurity.com/articles/documentation_article-8691.html
    
    
    * Syscheck: a new OS file integrity checker
    January 6th, 2004
    
    Syscheck is an Open Source software that checks your files, specially
    binaries and configuration files, to see what has changed on your system.
    
    http://www.linuxsecurity.com/articles/projects_article-8689.html
    
    
    * The mysteriously persistently exploitable program explained
    January 5th, 2004
    
    In a previous article I described a machine compromise that initially
    would seemed to have been impossible. A vulnerable suid root program,
    /usr/sbin/buggy, was upgraded to a non vulnerable version, and yet
    crackers still were exploiting it. In fact, even after the program was
    removed entirely, it was still being exploited.
    
    http://www.linuxsecurity.com/articles/host_security_article-8679.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Improving Passive Packet Capture: Beyond Device Polling
    January 9th, 2004
    
    Passive packet capture is necessary for many activities including network
    debugging and monitoring. With the advent of fast gigabit networks, packet
    capture is becoming a problem even on PCs due to the poor performance of
    popular OSs. The introduction of device polling has improved the capture
    process quite a bit but not really solved the problem.
    
    http://www.linuxsecurity.com/articles/network_security_article-8735.html
    
    
    * Book Review: The Effective Incident Response Team
    January 8th, 2004
    
    With every year that passes it seems that the amount of computer security
    incidents is bigger than ever, yet it's obvious there's more security
    awareness. As the incidents increased in severity it was a natural step
    for organizations to form an incident response team or hire a team to
    respond to those incidents. It's much easier to be prepared than to have
    to clean up after the damage has been done.
    
    http://www.linuxsecurity.com/articles/documentation_article-8730.html
    
    
    * Ease the security burden with a central logging server
    January 7th, 2004
    
    Every network device on your network has some type of logging capability.
    Switches and routers are extremely proficient in logging network events.
    Your organization's security policy should specify some level of logging
    for all network devices.
    
    http://www.linuxsecurity.com/articles/server_security_article-8704.html
    
    
    * Managing the Network Security Challange
    January 6th, 2004
    
    For university information technology departments, a balancing act can be
    challenging. University computer networks are an essential component of
    university operations. Yet, they are often large, heterogeneous, open, and
    used by thousands of individuals whose computing habits and expertise are
    largely unknown.
    
    http://www.linuxsecurity.com/articles/network_security_article-8687.html
    
    
    * NMAP Grepable Output
    January 5th, 2004
    
    One of the often overlooked and underused output methods of nmap is the
    grepable or "machine" output. This output places all results for a single
    host on a single line, making it easier to use with other command line
    tools, like grep and awk. It also makes it easier to use when scripting.
    
    http://www.linuxsecurity.com/articles/documentation_article-8682.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * School District Gives Linux Security Technology High Grades
    January 9th, 2004
    
    As any corporate IT administrator knows, network security is no longer a
    luxury, but a necessity. If your network is not secure, not only do you
    risk losing valuable corporate information, but you also run the risk of
    being liable if your network is used to disrupt other sites, as with
    Distributed Denial of Service (DDoS) attacks.
    
    http://www.linuxsecurity.com/articles/government_article-8736.html
    
    
    * Don't take passwords to the grave
    January 8th, 2004
    
    As an ambulance whisked Jon Hansen to the hospital last year, he held
    tightly to his wife's hand and told her things she needed to know if he
    were to die. "Write down this password," he told her. "Oh, you'll need
    this one, too. And you don't have this one, either."
    
    http://www.linuxsecurity.com/articles/general_article-8733.html
    
    
    * A 90-Day Plan For Developing A Security Management Strategy
    January 7th, 2004
    
    True cybersecurity requires that financial, IT, and operational managers
    from across the enterprise--and outside it--come together to assess and
    guard against their company's most serious risk and exposures. Here's how
    to get started.
    
    http://www.linuxsecurity.com/articles/network_security_article-8706.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jan 13 2004 - 05:37:22 PST