[ISN] Linux Security Week - May 3rd 2004

From: InfoSec News (isn@private)
Date: Tue May 04 2004 - 04:20:03 PDT

  • Next message: InfoSec News: "[ISN] Who Hacked the Voting System? The Teacher"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 3rd, 2004                                 Volume 5, Number 18n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "File and email
    encryption with GnuPG," "Managing Security for Mobile Users," and "Prelude
    IDS Framework: Open Source Security's Best Kept Secret."
    
    ----
    
    
     >>>> FREE GUIDE-128-bit encryption <<
    
    
    Thawte is one of the few companies that offers 128 bit supercerts. A
    Supercert will allow you to extend the highest allowed 128 bit encryption
    to all your clients even if they use browsers that are limited to 40 bit
    encryption.
    
    Download a guide to learn more:
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten05
    
    ----
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for eterm, mc, the Linux kernel,
    ssmtp, LCDproc, xine, samba, and sysklogd. The distributors include
    Debian, Guardian Digital's EnGarde Linux, Fedora, Gentoo, Mandrake, Red
    Hat, and Slackware.
    
    http://www.linuxsecurity.com/articles/forums_article-9248.html
    
    ----
    
    Guardian Digital Launches Next Generation Internet Defense & Detection
    System
    
    Guardian Digital has announced the first fully open source system designed
    to provide both intrusion detection and prevention functions. Guardian
    Digital Internet Defense & Detection System (IDDS) leverages best-in-class
    open source applications to protect networks and hosts using a unique
    multi-layered approach coupled with the security expertise and ongoing
    security vigilance provided by Guardian Digital.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-163.html
    
    ----
    
    
     >>>> Bulletproof Virus Protection <<
    
    
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    network.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04
    
    --------------------------------------------------------------------
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    ----
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]----------
    +---------------------+
    
    * Linux Vulnerable to Infiltration
    April 29th, 2004
    
    Linux source code could be infiltrated by dubious elements, including
    spies, according to a white paper released by Dan O'Dowd, chief executive
    officer of Green Hills Software Inc.  This is his second white paper in a
    series that his company describes as being focused on "the urgent security
    threat posed by the use of the Linux operating system in U.S. defense
    systems, including the Future Combat System and Global Information Grid."
    
    http://www.linuxsecurity.com/articles/host_security_article-9243.html
    
    
    * Management central to securing Linux
    April 29th, 2004
    
    After performing more security assessments than he can count, Gijo Mathew
    has seen every worst practice imaginable. He's even seen an IT shop
    replace virus-violated data with an unpatched backup that succumbed to the
    same virus. A security strategist for Computer Associates International
    Inc., Mathew has 10 years of experience in software development, computer
    technology, networks and security.
    
    http://www.linuxsecurity.com/articles/general_article-9247.html
    
    
    * Open source databases climb corporate ladder
    April 28th, 2004
    
    Analysts are telling companies committed to open source software that the
    time is right to consider an open source database server. Vendors like
    MySQL and SleepyCat are adding more enterprise-class functionality to the
    software, and that could eventually threaten the hold Oracle, IBM and
    Microsoft have on the market.
    
    http://www.linuxsecurity.com/articles/general_article-9238.html
    
    
    * File and email encryption with GnuPG (PGP) part six
    April 28th, 2004
    
    Last time I showed you how to exchange and verify public PGP keys with an
    individual. After you've verified a user's key (KeyID, bits, type,
    fingerprint, and user's actual identity) you should sign their key.
    Signing a key tells the PGP software (GnuPG in most cases for us Linux
    heads) that you've acknowledged the key is legitimate when verifying the
    signature. Let's take a look at the different verification possibilities.
    
    http://www.linuxsecurity.com/articles/documentation_article-9241.html
    
    
    * What is gpgdir?
    April 26th, 2004
    
    gpgdir is a perl script that uses the CPAN GnuPG module to encrypt and
    decrypt directories using a gpg key specified in ~/.gpgdirrc. gpgdir
    supports recursively descending through a directory in order to make sure
    it encrypts or decrypts every file in a directory and all of its
    subdirectories. In order to help save space all files are compressed using
    gzip before being encrypted and decompressed upon decryption.
    
    http://www.linuxsecurity.com/articles/projects_article-9231.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Protecting Road Warriors: Managing Security for Mobile Users
    April 29th, 2004
    
    Managing security within the confines of an organization or enterprise is
    a difficult job. Worms, viruses, spam, malware, port scans and perimeter
    defense probes are constant threats. Servers and desktop systems require
    regular patching and monitoring, and IDS signatures and firewall rules are
    under constant review and tweaking.
    
    http://www.linuxsecurity.com/articles/network_security_article-9246.html
    
    
    
    * Prelude IDS Framework: "Open Source Security's Best Kept Secret"
    April 28th, 2004
    
    Everyone both involved in information security and many that are not have
    heard of Snort NIDS (Network Intrusion Detection System). But not many
    have heard of a little jewel by the name of Prelude. Prelude is an open
    source framework for building distributed Hybrid Intrusion Detection
    Systems (HIDS). The reason it is called 'Hybrid' is that it utilizes
    sensors which are network based (NIDS).
    
    http://www.linuxsecurity.com/articles/projects_article-9242.html
    
    
    * DOD decentralizes Wi-Fi
    April 27th, 2004
    
    The Defense Department's new wireless fidelity policy seeks help from many
    of its agencies to ensure their employees and contractors use caution when
    operating wireless computer devices at military installations.
    
    http://www.linuxsecurity.com/articles/government_article-9235.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * Quantum crypto coming to light
    April 30th, 2004
    
    Quantum cryptography, a technology that uses photons to encrypt
    communications over fibre-optic lines and the air, is starting to come out
    of the laboratory and into commercial use.
    
    http://www.linuxsecurity.com/articles/cryptography_article-9251.html
    
    
    * Security has its privileges
    April 30th, 2004
    
    Maybe an innocent bystander can be excused for not seeing and stopping a
    crime about to happen, but IT security administrators can't. They need to
    keep their eyes open, according to Gijo Mathew, a security strategist for
    Computer Associates International Inc.
    
    http://www.linuxsecurity.com/articles/general_article-9249.html
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue May 04 2004 - 05:54:13 PDT