[ISN] Linux Security Week - March 8th 2004

From: InfoSec News (isn@private)
Date: Tue Mar 09 2004 - 00:36:54 PST

  • Next message: InfoSec News: "[ISN] Internet banking 'no longer safe'"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  March 8th, 2004                               Volume 5, Number 10n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "The MD5CRK
    Project," "Network Protocol Stack & TCP hacking," "Establishing a Secure
    E-Commerce Storefront," and "Use Process of Sustained Risk Management.
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for the Linux kernel, xboing, pwlib,
    tcpdump, and libxml2. The distributors include Debian, Fedora, FreeBSD,
    and Mandrake.
    
    http://www.linuxsecurity.com/articles/forums_article-9003.html
    
    ----
    
    >> Internet Productivity Suite:  Open Source Security <<
    Trust Internet Productivity Suites open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    design.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn09
    
    ----
    
    Interview with Vincenzo Ciaglia, Founder of Netwosix - In this article, a
    brief introduction of Netwosix is given and the project founder Vincenzo
    Ciaglia is interviewed.  Netwosix is light Linux distribution for system
    administrators and advanced users.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-160.html
    
    --------------------------------------------------------------------
    
    Guardian Digital Launches Next Generation EnGarde Secure Linux
    
    Guardian Digital, Inc., the world's premier open source security company,
    announced an update to the next generation, award-winning platform that
    delivers features designed to ease the process of building a complete
    Internet presence and the level of security necessary to prevent system
    compromise. EnGarde Secure Linux leverages the best open source
    applications available to provide secure Internet connectivity, user
    privacy, Web and email functions, and intrusion detection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-159.html
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]----------
    +---------------------+
    
    * The MD5CRK Project
    March 5th, 2004
    
    The MD5CRK project seeks to prove empirally that MD5 is a hash algorithm
    that exhibits the not-so-cryptographically-sound property of collisions.
    This has already been proven theoretically, but nobody really paid
    attention, so this distributed computing project was created.
    
    http://www.linuxsecurity.com/articles/cryptography_article-9004.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Updated: fwall 1.4.6_rc4
    March 4th, 2004
    
    Fwall is a simple user-friendly firewall script for iptables. It is based
    on bash. It includes a configuration for 1-2 interfaces, port forwarding,
    DoS protection, and so on. The base code was cleaned up. Succession of
    rules was fixed. Logging of syn packets in the OUTPUT and FORWARD chains
    was fixed.
    
    http://www.linuxsecurity.com/articles/firewalls_article-9001.html
    
    
    * Protect Your Wireless Network
    March 3rd, 2004
    
    If you have a wireless network set up in your home, you might be inviting
    criminals to steal from you without even having to break in. Wireless
    internet or Wi-Fi is becoming big business and computer users are lining
    up to buy the equipment that will allow them to use their laptop computers
    just about anywhere.
    
    http://www.linuxsecurity.com/articles/network_security_article-8992.html
    
    
    * Network Protocol Stack & TCP hacking
    March 3rd, 2004
    
    The network protocol stack, which forms the carrier and pipeline of data
    from one host to another is designed in such a way that we can interact
    with different layers at desired level.
    
    http://www.linuxsecurity.com/articles/network_security_article-8996.html
    
    
    * FreeS/WAN Development Halted
    March 2nd, 2004
    
    After more than five years of active development, the FreeS/WAN project
    will be coming to an end. Nine months after the release of FreeS/WAN 2.00,
    Opportunistic Encryption (OE) has not caught on as we'd hoped.
    
    http://www.linuxsecurity.com/articles/projects_article-8988.html
    
    
    * New HoneyNet Challenge!
    March 2nd, 2004
    
    This month's challenge is different. Traditional SotM challenges have been
    about analyzing specific attacks against specific honeypots. This time we
    are going to take a step back and look at the bigger picture.
    
    http://www.linuxsecurity.com/articles/projects_article-8989.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * LLV  Imports: Establishing a Secure E-Commerce Storefront
    March 7th, 2004
    
    Companies today understand the importance of e-commerce in the new
    economy. With the number of active Internet users approaching 640 million
    worldwide, the demand for products and services via the Internet is
    increasing rapidly. Guardian Digital Corporate Commerce Suite enables
    companies to meet this high demand and still focus on their core
    competencies rather than being concerned with how their online presence is
    functioning.
    
    http://www.linuxsecurity.com/articles/vendors_products_article-9008.html\
    
    
    * DOES open source software enhance security?
    March 5th, 2004
    
    Analysis There are several reasons why open-source software provides for
    superior computer and network security, but the computing public seems
    confused about why this is so, writes Thomas C Greene.
    
    http://www.linuxsecurity.com/articles/general_article-9007.html
    
    
    * Use process of sustained risk management to eradicate knee-jerk
    security scrambles
    March 3rd, 2004
    
    Consider a firm with 5,000 servers. IT management should know the
    configuration of those machines, especially what has been patched and to
    what level. NetIQ estimates that eight out of 10 UK companies do not have
    the processes in place to report on this accurately. The result is a
    knee-jerk reaction to patch the system at the appearance of each worm or
    virus.
    
    http://www.linuxsecurity.com/articles/general_article-8993.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Mar 09 2004 - 03:24:15 PST