[ISN] Linux Security Week - January 26th 2004

From: William Knowles (wk@private)
Date: Tue Jan 27 2004 - 06:22:13 PST

  • Next message: William Knowles: "[ISN] Viruses and hackers make Windows more secure - Gates"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  January 26th, 2004                             Volume 5, Number 4n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "An Introduction
    To SQL Injection Attacks For Oracle Developers," "Linux as a Firewall
    Foundation," "Problems and Challenges with Honeypots," and "Extrusion or
    Intrusion."
    
    >> Enterprise Security for the Small Business <<
    Never before has a small business productivity solution been designed with
    such robust security features.  Engineered with security as a main focus,
    the Guardian Digital Internet Productivity Suite is the cost-effective
    solution small businesses have been waiting for.
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07
    
    ---
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for cvs, screen, kdepim, mc, tcpdump,
    kernel, slocate, honeyd, isakmpd, and lftp. The distributors include
    Conectiva, Debian, Guardian Digital EnGarde Secure Linux, Gentoo, OpenBSD,
    Red Hat, Trustix, and Turbolinux.
    
    http://www.linuxsecurity.com/articles/forums_article-8802.html
    
    ---
    
    Managing Linux Security Effectively in 2004
    
    This article examines the process of proper Linux security management in
    2004.  First, a system should be hardened and patched.  Next, a security
    routine should be established to ensure that all new vulnerabilities are
    addressed.  Linux security should be treated as an evolving process.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-157.html
    
    ---
    
    Guardian Digital Customers Protected From Linux Kernel Vulnerability As a
    result of the planning and secure design of EnGarde Secure Linux, the
    company's flagship product, Guardian Digital customers are securely
    protected from a vulnerability that lead to the complete compromise of
    several high-profile open source projects, including those belonging to
    the Debian Project.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-155.html
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Security group warns of hole in Linux kernel
    January 23rd, 2004
    
    The kernel is the core of the Linux operating system and provides basic
    services for all other parts of the operating system such as allocating
    processor time for the programs running on the computer and managing the
    system's memory or storage.
    
    http://www.linuxsecurity.com/articles/host_security_article-8804.html
    
    
    * An Introduction To SQL Injection Attacks For Oracle Developers
    January 23rd, 2004
    
    Most application developers underestimate the risk of SQL injection
    attacks against web applications that use Oracle as the back-end database.
    This paper is intended for application developers, database
    administrators, and application auditors to highlight the risk of SQL
    injection attacks and demonstrate why web applications may be vulnerable.
    
    http://www.linuxsecurity.com/articles/server_security_article-8807.html
    
    * Linux beefs up standards
    January 20th, 2004
    
    Red Hat corporate Linux distributors will next month introduce their
    Enterprise Directory Services and Authentication course to Australia. By
    all accounts, the skills it seeks to impart, in conjunction with others in
    the Red Hat Certified Engineer (RHCE) program, are going to be in
    increasing demand.
    
    http://www.linuxsecurity.com/articles/general_article-8789.html
    
    
    * Standardizing on Security
    January 19th, 2004
    
    Things that are created in an open fashion tend to be the best of breed.
    They benefit from the entire world seeing them at their most basic level,
    and parties collaborating to enhance them and make them better. Open
    technology is an example of this.
    
    http://www.linuxsecurity.com/articles/general_article-8781.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Book Review: Designing Network Security - 2nd Edition
    January 25th, 2004
    
    This is a very good book. It provides a good foundation of basic universal
    security practice and then goes into detail on how to implement network
    security using Cisco hardware and software. No single aspect is covered in
    exceptional depth- the book is meant to give a little information on the
    whole range of security rather than mastering any one area of network
    security.
    
    http://www.linuxsecurity.com/articles/network_security_article-8808.html
    
    
    * Security by Obscurity
    January 23rd, 2004
    
    A response by Bob Alberti, CISSP President of Sanction, Inc. to MSNBC's
    report by Brock N. Meeks titled "Fort N.O.C.'s" [Network Operating
    Center].  Ah yes, "Security by obscurity":  "Many people believe that
    'security through obscurity' is flawed because... secrets are hard to
    keep."
    
    http://www.linuxsecurity.com/articles/general_article-8805.html
    
    
    * Linux as a Firewall Foundation
    January 23rd, 2004
    
    For a few days in NYC, LinuxWorld is the center of the open source
    universe.  In keeping with that spirit, we examine some AO member
    recommendations on firewalls based on the open-source OS.  Whether it's
    used to power complex datacenters or breathe new life into aging machines,
    Linux has undoubtedly established itself as a formidable IT presence.
    
    http://www.linuxsecurity.com/articles/firewalls_article-8801.html
    
    
    * Wireless Security Basics
    January 22nd, 2004
    
    You've just bought a wireless router so you can use your laptop all over
    the house.  You get it all setup and surprise, surprise it works. Now that
    should be the end of it right? Wrong.  The default setup for wireless
    networks is setup to get the network up and running but does nothing to
    protect your network.
    
    http://www.linuxsecurity.com/articles/network_security_article-8796.html
    
    
    * Extrusion or Intrusion - which is the real threat?
    January 20th, 2004
    
    In the hit-parade of security technology buzz words, Anti-virus and IDS
    (Intrusion Detection Systems) are in the top 5.  After all, there are a
    lot of bad guys out there writing worms and trying to break in.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8783.html
    
    
    * Problems and Challenges with Honeypots
    January 20th, 2004
    
    For the past 18 months we have seen a tremendous growth in honeypot
    technologies. Everything from OpenSource solutions such as Honeyd and
    Honeynets, to commercial offerings such as KFSensor are commonly
    available. However, as with any relatively new technology, there are still
    many challenges and problems. In this paper we take an overview of what
    several of these problems are, and look at possible approaches on how to
    solve them.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8788.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * How to hit an elliptic curveball
    January 23rd, 2004
    
    It was at the end of an IT security event hosted by the Canadian Advanced
    Technology Alliance last October that someone called to Ian McKinnon from
    the back of the room. His cheeks flushed and eyes beaming, he approached
    somewhat awkwardly, nervously, as though he was slightly out of breath.
    
    http://www.linuxsecurity.com/articles/cryptography_article-8806.html
    
    
    * Code That Can't Be Cracked
    January 21st, 2004
    
    Want to win a million bucks and a high-paying job for life?  That's what
    Mississauga-based Certicom Corp. is offering anyone who can crack the code
    to its products and patents surrounding Elliptic Curve Cryptology (ECC) --
    a combination of algebra and algorithms that ensure everything from
    cellphone chatter to wireless e-mail sent and received on an
    Internet-enabled phone or a Blackberry PDA can't be hacked.
    
    http://www.linuxsecurity.com/articles/cryptography_article-8791.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jan 27 2004 - 12:34:38 PST