+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 12th, 2004 Volume 5, Number 15n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "AFICK: Another File Integrity Checker," "File And Email Encryption With GnuPG," and "Networking improvements in the 2.6 kernel." ---- >> Secure Online Data Transfer with SSL << Get Thawte's new introductory guide to SSL security which covers the basics of how it operates. A discussion of the various applications of SSL certificates and their appropriate deployment is also included along with details of how to test SSL on your web server. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte02 ---- LINUX ADVISORY WATCH: This week, advisories were released for the Linux kernel, interchange, fte, sysstat, oftpd, squid, heimdal, tcpdump, portage, kde, tcpdump, sysstat, ClamAV, Automake, and mplayer. The distributors include Debian, Gentoo, Mandrake, and Turbolinux. http://www.linuxsecurity.com/articles/forums_article-9160.html ---- Guardian Digital Launches Next Generation Internet Defense & Detection System Guardian Digital has announced the first fully open source system designed to provide both intrusion detection and prevention functions. Guardian Digital Internet Defense & Detection System (IDDS) leverages best-in-class open source applications to protect networks and hosts using a unique multi-layered approach coupled with the security expertise and ongoing security vigilance provided by Guardian Digital. http://www.linuxsecurity.com/feature_stories/feature_story-163.html ---- Interview with Siem Korteweg: System Configuration Collector In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments. http://www.linuxsecurity.com/feature_stories/feature_story-162.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Growing Acceptance of Linux has Dark Side April 9th, 2004 There are still few viruses aimed at Linux, says David Wreski, chief executive officer of Guardian Digital Inc., an Allendale, N.J., maker of Internet and security applications for Linux, but there have been Linux-specific viruses and worms and the threat is growing. http://www.linuxsecurity.com/articles/host_security_article-9162.html * Understanding Patches April 8th, 2004 When vendors become aware of vulnerabilities in their products, they often issue patches to fix the problem. Make sure to apply relevant patches to your computer as soon as possible so that your system is protected. http://www.linuxsecurity.com/articles/host_security_article-9157.html * AFICK: Another File Integrity Checker April 8th, 2004 Afick stands for "Another File Integrity Checker". It is a security tool, very close from the well known tripwire. It allows to monitor the changes on your files systems, and so can detect intrusions. It's designed to be quick and portable (perl script) on unix and windows operating systems. http://www.linuxsecurity.com/articles/host_security_article-9155.html * Introduction to Enterprise Linux April 7th, 2004 Summary: What is Enterprise Linux? Who has it? What does it cost? Are there any viable free alternatives? These are all questions that this article will address and try to answer. http://www.linuxsecurity.com/articles/vendors_products_article-9149.html * Volunteer Security Pros Launch Free Vulnerability Database April 6th, 2004 A group of volunteer security professionals has compiled what is likely one of the larger freely accessible vulnerability databases on the Internet. The OSVDB (Open Source Vulnerability Database) is meant to serve as a central collection point for information on any and all security vulnerabilities. http://www.linuxsecurity.com/articles/security_sources_article-9146.html * Forrester questions Linux security April 6th, 2004 A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. The report finds that on average, Linux distributors took longer than Microsoft to patch security holes, although Microsoft flaws tended to be more severe. http://www.linuxsecurity.com/articles/general_article-9142.html * File And Email Encryption With GnuPG (PGP) April 5th, 2004 File and mail security is easy to achieve with the right tools. PGP has proven itself the leader, and GnuPG is the tool of choice in the Linux world. Anyone who has read this column a while knows I'm a bit obsessive about crypto. With the speed of modern or even old processors, there's no reason that there should be any cleartext transmissions on the Internet at all. http://www.linuxsecurity.com/articles/cryptography_article-9134.html +------------------------+ | Network Security News: | +------------------------+ * Networking improvements in the 2.6 kernel April 7th, 2004 The new Linux 2.6 kernel offers many improvements over the 2.4 version. One area of technical advancement is in the kernel networking options. Although there are enhancements in most of the files associated with the networking options, this article focuses on major feature improvements and additions that affect entire sections rather than on specific files. http://www.linuxsecurity.com/articles/network_security_article-9153.html +------------------------+ | General Security News: | +------------------------+ * ROI: A Measure Of IT Success April 8th, 2004 It is certainly difficult to justify investments in security protection and assign a dollar amount to the level of security needed to keep an organization safe. Incorrect decisions may lead to an exhaustion of resources or an oversight in areas needing protection, potentially resulting in a breach. Says Wreski, "Investing in a solid infrastructure with room for future expansion up front is good business sense, and leveraging open-source solutions that consistently deliver greater ROI, increased security protection, and better flexibility will fundamentally change how information is managed. http://www.linuxsecurity.com/articles/general_article-9154.html * The Issue of Compliance - Its Here and Its Expanding! April 8th, 2004 Complexity of language aside, Sarbox has wide-ranging implications that span the breadth of the high-tech industry. It has become increasingly important to know which portions of the law apply to your organization, and to the organizations that you do business with. http://www.linuxsecurity.com/articles/general_article-9159.html * The Myth of the Secure Operating System? April 5th, 2004 The old adage about there being "safety in numbers" no longer applies, at least not in the world of IT security. Microsoft platforms are not only the most widespread, but also the most attacked. About that much, most -- but not all -- commentators agree. http://www.linuxsecurity.com/articles/network_security_article-9138.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Tue Apr 13 2004 - 05:14:50 PDT