[ISN] Linux Security Week - April 19th 2004

From: InfoSec News (isn@private)
Date: Tue Apr 20 2004 - 00:32:48 PDT

  • Next message: InfoSec News: "[ISN] Last part of security strategy released"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  April 19th, 2004                              Volume 5, Number 16n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "CARP your way to
    high availability," "File and Email Encryption with GnuPG," "Lies, damned
    Lies and Patches," and "Slow down the Security Patch Cycle."
    >> Free Trial SSL Certificate from Thawte <<
    Take your first step towards giving your online business a competitive
    advantage. Test-drive a Thawte SSL certificate our easy online guide will
    show you how.
    This week, advisories were released for apache, the Linux kernel, mysql,
    xonix, ssmtp, openoffice, squid, cvs, Heimdal, iproute, pwlib, scorched,
    tcpdump, cadaver, and mailman. The distributors include Conectiva, Debian,
    Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.
    Guardian Digital Launches Next Generation Internet
    Defense & Detection System
    Guardian Digital has announced the first fully open source system designed
    to provide both intrusion detection and prevention functions. Guardian
    Digital Internet Defense & Detection System (IDDS) leverages best-in-class
    open source applications to protect networks and hosts using a unique
    multi-layered approach coupled with the security expertise and ongoing
    security vigilance provided by Guardian Digital.
    >> Bulletproof Virus Protection <<
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    | Host Security News: | <<-----[ Articles This Week ]----------
    * CARP your way to high availability
    April 16th, 2004
    You're putting out system management fires, with five SSH sessions open on
    your desktop. The mail server needs a restart after that kernel patch, so
    you su to root and type reboot. Just as the connection closes, your brain
    catches up with your fingertips.
    * OSVDB Looking for Developers
    April 16th, 2004
    The OSVDB project has been growing steadily for the last 2 years. At first
    the software behind OSVDB was simple, and easily maintained by a single
    person with others contributing smaller pieces.
    * File and email encryption with GnuPG (PGP) part five
    April 15th, 2004
    Verification is part of any security system. SSH, FTP, POP, and IMAP
    servers ask for your password before it lets you log into the machine, get
    your files, or snag your email. NTP can be configured to require keys
    before it'll let you mess with it's clock. CIFS requires a password or
    kerberos tickets before granting you access to shares.
    * Linux Kernel  ISO9660 File System Component Buffer Overflow
    April 15th, 2004
    The Linux kernel performs no length checking on symbolic links stored on
    an ISO9660 file system, allowing a malformed CD to perform an arbitrary
    length overflow in kernel memory.
    * Lies, damned  lies and patches
    April 13th, 2004
    Vendors can argue about platform security all they want, but there's a
    simple test of a secure computer: it's the machine that has been patched,
    says Kerry Thompson.
    | Network Security News: |
    * Hackers Attack Linux Supercomputers
    April 14th, 2004
    Unknown attackers have compromised a large number of Linux and Solaris
    machines in high-speed computing networks at Stanford University,
    California, and other academic research facilities, according to a
    university advisory.
    * Auditors working on cyber-risk standard
    April 14th, 2004
    Plans by an industry consortium to develop a checklist to assess
    cyber-threats could help IT directors justify security spending and help
    protect companies against hackers, according to IT directors and industry
    | General Security News: |
    * Would you bend the rules?
    April 15th, 2004
    Windows users in your organisation are severely affected by a spate of
    viruses, worms and blended threats. Meanwhile, non-Windows users (Linux
    and Mac OS users for instance) are spared and continue with their daily
    chores. As the IT manager, you finally decide that an IT security policy
    be implemented. This policy sets out several guidelines, one of which
    governs the use of acceptable applications within the company network.
    * Check out Securitydocs.com
    April 14th, 2004
    SecurityDocs.com was founded two months ago with the intention of indexing
    information security white papers.  The web site currently has about 1,400
    papers in over 80 categories.
    * Slow down the security patch cycle
    April 13th, 2004
    There are many myths surrounding computer network security that are
    counterproductive to finding a true solution to the problem. One of these
    is the belief that vendors should speed up the process of producing and
    releasing patches for security vulnerabilities that have been discovered
    by security researchers.
    * The end of an era?
    April 13th, 2004
    McKee's argument has merit, and there is an army of hardcore Linux
    developers and users who agree and are pushing to make this open source
    technology an alternative to the omnipresent Windows. Security, stability
    and the democratic nature of Linux development are all reasons why the
    software is superior to Windows, advocates say; but the most important
    reason to adopt Linux, according to McKee and his allies, is because it's
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Tue Apr 20 2004 - 02:33:35 PDT