[ISN] Linux Security Week - March 1st 2004

From: InfoSec News (isn@private)
Date: Tue Mar 02 2004 - 08:47:36 PST

  • Next message: InfoSec News: "[ISN] With Bagle, Netsky, March comes in like a worm"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  March 1st, 2004                                Volume 5, Number 9n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include " How to be a
    Security Warrior," "Three Security Flaws Found in Linux," and "The
    Proactive vs. Reactive Security Approach."
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for XFree86, the Linux kernel,
    lbreakout2, mailman, synaesthesia, hsftp, pwlib, metamail, libxml2,
    mtools, OpenSSL, mod_python, and libxml2. The distributors include
    Conectiva, Debian, Fedora, Immunix, Mandrake, NetBSD, Red Hat, Suse,
    Trustix, and Turbolinux.
    
    http://www.linuxsecurity.com/articles/forums_article-8975.html
    
    ----
    
    >> Internet Productivity Suite:  Open Source Security <<
    
    Trust Internet Productivity Suites open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    design.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn09
    
    ----
    
    Interview with Vincenzo Ciaglia, Founder of Netwosix - In this article, a
    brief introduction of Netwosix is given and the project founder Vincenzo
    Ciaglia is interviewed.  Netwosix is light Linux distribution for system
    administrators and advanced users.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-160.html
    
    --------------------------------------------------------------------
    
    Guardian Digital Launches Next Generation EnGarde Secure Linux
    
    Guardian Digital, Inc., the world's premier open source security company,
    announced an update to the next generation, award-winning platform that
    delivers features designed to ease the process of building a complete
    Internet presence and the level of security necessary to prevent system
    compromise. EnGarde Secure Linux leverages the best open source
    applications available to provide secure Internet connectivity, user
    privacy, Web and email functions, and intrusion detection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-159.html
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]----------
    +---------------------+
    
    * How to be a 'security warrior,' part 2
    February 27th, 2004
    
    No soldier goes into battle without training. But once he's in the
    trenches, he sometimes has to rely on skills he didn't learn in boot camp.
    The same goes for today's security admins, many of whom are new to Linux
    or even security administration.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8974.html
    
    
    * The Web Application Security Consortium
    February 26th, 2004
    
    The Web Application Security Consortium is a group of top security experts
    dedicated to developing and promoting standards of best practice for the
    World Wide Web. Rising to meet the challenges of web security, the
    Consortium will focus its efforts to assist application developers,
    security professionals, and software vendors through collaborative effort.
    more.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8972.html
    
    
    * How to be a 'security warrior,' part 1
    February 26th, 2004
    
    In computer warfare, security admins must go into battle riding on a
    strong vehicle and armed with effective tools, according to security
    expert Anton Chuvakin. Fortunately, the security warrior who's protecting
    Linux has both.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8973.html
    
    
    * Three Security Flaws Found in Linux
    February 24th, 2004
    
    Security experts have warned that three separate security flaws in Linux
    have been identified that could allow a user to gain control over a Linux
    server or workstation, according to a report published Friday in
    Silion.com. The report said the flaws affects all current versions of
    Linux.
    
    http://www.linuxsecurity.com/articles/host_security_article-8956.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * A Bio Approach to Network Security
    February 25th, 2004
    
    Active Countermeasures models the human body's immune reaction to invasion
    by microbes. It runs a periodic vulnerability analysis based on the latest
    advisories from security monitoring organizations such as CERT,
    prioritizes the threats, scans the network for vulnerable machines, then
    automatically deploys a payload of prevention.
    
    http://www.linuxsecurity.com/articles/network_security_article-8966.html
    
    
    * Improving Passive Packet Capture: Beyond Device Polling (Updated)
    February 23rd, 2004
    
    Many network monitoring tools are based on passive packet capture. The
    principle is the following: the tool passively captures packets flowing on
    the network and analyzes them in order to compute traffic statistics and
    reports including network protocols being used, communication problems,
    network security and bandwidth usage.
    
    http://www.linuxsecurity.com/articles/documentation_article-8953.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * Simple Optics Make Quantum Relay
    February 26th, 2004
    
    Quantum cryptography devices and networks, which transport photons whose
    properties can be used to represent the 1s and 0s of digital information,
    could also benefit from repeaters. Today's prototype quantum cryptography
    systems provide theoretically perfect security, but these systems can't
    carry information over long distances.
    
    http://www.linuxsecurity.com/articles/cryptography_article-8971.html
    
    
    * Linux Gets Security Boost from NSA
    February 25th, 2004
    
    Most stories about government deployments of Linux involve a distributor
    helping various federal and municipal agencies install the open source
    operating system. But in this case, a federal agency is helping Linux.
    
    http://www.linuxsecurity.com/articles/projects_article-8963.html
    
    
    * RSA Panel: Cryptography Can't Foil Human Weakness
    February 25th, 2004
    
    Enhanced security can solve many issues, but it can't improve the thing
    that sits between the keyboard and the chair--the user--a cryptographers'
    panel concluded Tuesday.
    
    http://www.linuxsecurity.com/articles/cryptography_article-8965.html
    
    
    * The Proactive vs. Reactive Security Approach
    February 23rd, 2004
    
    To tailor security properly, there has to be a healthy mix of techniques,
    starting with proactive tactics such as installing firewalls, deciding on
    an intrusion detection system, considering hosted applications, and
    tinkering with network security options. In the mix are also reactive
    options such as data recovery, antiviral patches, and frequent security
    updates to applications and hardware.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8952.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Mar 02 2004 - 11:49:54 PST