+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 23rd, 2004 Volume 5, Number 8n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "A practical approach for defeating Nmap OS-Fingerprinting," "SSL vs. IPsec: Which Is Right For Your VPN," and "Sniffing Switched Networks." ---- >> Internet Productivity Suite: Open Source Security << Trust Internet Productivity Suites open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn08 ---- LINUX ADVISORY WATCH: This week, advisories were released for gnupg, kernel, mc, mutt, slocate, XFree86, gaim, freeradius, samba, phpMyAdmin, clamav, mailman, metamail, racoon, shmat, OpenSSL, and PWLib. The distributors include Debian, Fedora, Gentoo, Immunix, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, SuSE, Trustix, and Turbolinux. http://www.linuxsecurity.com/articles/forums_article-8940.html ---- Interview with Vincenzo Ciaglia, Founder of Netwosix - In this article, a brief introduction of Netwosix is given and the project founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux distribution for system administrators and advanced users. http://www.linuxsecurity.com/feature_stories/feature_story-160.html -------------------------------------------------------------------- Guardian Digital Launches Next Generation EnGarde Secure Linux Guardian Digital, Inc., the world's premier open source security company, announced an update to the next generation, award-winning platform that delivers features designed to ease the process of building a complete Internet presence and the level of security necessary to prevent system compromise. EnGarde Secure Linux leverages the best open source applications available to provide secure Internet connectivity, user privacy, Web and email functions, and intrusion detection. http://www.linuxsecurity.com/feature_stories/feature_story-159.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Linux Kernel Flaws Uncovered February 21st, 2004 Security researchers are warning of potentially serious vulnerabilities in the Linux kernel that could allow malicious hackers to gain full super-user privileges. The vulnerability affects the 2.6.x branch prior to version 2.6.3 and the Linux kernel memory management code. http://www.linuxsecurity.com/articles/host_security_article-8947.html * A practical approach for defeating Nmap OS-Fingerprinting February 20th, 2004 In my opinion, it's pretty clear that we can't rely on only one security tool to remotely guess the Operating System. This paper has shown that it's very easy to fool Nmap (and other similar tools) when trying to profile a remote device, and that all those attempts can be properly logged by the remote administrator. http://www.linuxsecurity.com/articles/documentation_article-8941.html * Linux serves up triple threat February 20th, 2004 Three separate security flaws could be used by an ordinary user to gain total control of a Linux server or workstation, security researchers have warned. http://www.linuxsecurity.com/articles/host_security_article-8945.html * Another security hole found in Linux kernel February 19th, 2004 A second serious vulnerability in the mremap system call found in the Linux kernel was discovered Wednesday and enterprises are urged to immediately update to new versions of the kernel or apply patches from their distributor. http://www.linuxsecurity.com/articles/host_security_article-8935.html * Dealing With The End Of Life Of Red Hat Linux 7.x, 8.0 and 9 February 18th, 2004 Red Hat Linux versions 7.0, 7.1, 7.2, 7.3 and 8.0 hit their end of life December 31, 2003. Red Hat Linux version 9 hits end of life on April 30, 2004. As you are reading this paper on or after January 1st, 2004 the support for Red Hat Linux 7.x and 8.0 is already ended. http://www.linuxsecurity.com/articles/host_security_article-8932.html * The Os-Hids Project February 18th, 2004 OsHids is an Open Source software that analyzes your log files and take some actions if it founds something malicious. The OsHids can be run on "Real-time", as a daemon, or you can execute it using crontab. http://www.linuxsecurity.com/articles/intrusion_detection_article-8927.html * Using GnuPG, Part I February 17th, 2004 In today's world, communication has broken all previous time and distance limits. Now you can talk with someone in real-time no matter how far away he is. That advantage has also brought some major problems with itself. http://www.linuxsecurity.com/articles/cryptography_article-8921.html +------------------------+ | Network Security News: | +------------------------+ * SSL vs. IPsec: Which Is Right For Your VPN? February 17th, 2004 Dave Wreski, CEO of Guardian Digital, says "Guardian Digital customers implement IPsec VPNs for connecting their branch offices and critical internal systems and SSL VPNs as an option for mobile users." Wreski is the author of much of the authoritative documentation on Linux security. http://www.linuxsecurity.com/articles/network_security_article-8922.html * WiFi Opens Doors For Crooks, Identity Thieves February 16th, 2004 Wireless technology is exploding in popularity. But as KIRO 7 Eyewitness News Consumer Investigator Wayne Havrelly discovered, high-tech criminals love it even more than you do. http://www.linuxsecurity.com/articles/network_security_article-8918.html * Sniffing Switched Networks February 16th, 2004 You are probably familiar with how easy it is to sniff traffic on a shared network and how traffic is sent. But I will explain a bit about how a hub works on a shared network as an introduction anyway. http://www.linuxsecurity.com/articles/network_security_article-8915.html +------------------------+ | General Security News: | +------------------------+ * Linux servers 'attacked more often' February 20th, 2004 Linux advocates often take pride in the operating system being more secure than Windows but this claim may have attracted unwanted attention from the hacking community. http://www.linuxsecurity.com/articles/server_security_article-8944.html * Information Security & Negligence February 20th, 2004 Numerous recommendations since September 11, 2001 have been published on the evils of negligence relative to protecting one's assets (cyber & physical). In light of the articles, references, statutes, case laws and other relevant pieces of this puzzle, how do you physically "prove" negligence versus the common business practice of risk management? http://www.linuxsecurity.com/articles/general_article-8939.html * Leak An Experiment in Open Source? February 19th, 2004 But for those who do, including plenty of people in peer-to-peer networks and in Internet Relay Chat (IRC) rooms worldwide, the 660 MB file containing the code is essentially open source material. http://www.linuxsecurity.com/articles/forums_article-8933.html * CSO Magazine and CERT Security Capability Model February 19th, 2004 The model is organized into four topic areas -- Risk Assessment/Management, Management and Policy, System and Network Management, and Physical Security. Questions within each practice topic area are listed in the recommended order for moving from least capable to more capable. http://www.linuxsecurity.com/articles/general_article-8934.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 23 2004 - 17:37:44 PST