[ISN] Linux Security Week - May 10th 2004

From: InfoSec News (isn@private)
Date: Mon May 10 2004 - 22:48:56 PDT

  • Next message: InfoSec News: "RE: [ISN] [Vmyths.com ALERT] Will U.S. try to extradite Sasser's creator?"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 10th, 2004                                Volume 5, Number 19n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Guarded Memory
    Move," "Scanning the Horizon," "DNS Troubleshooting: Everything Depends on
    It," and "Benefits of BCC."
    
    ----
    
    >> Certify your Software Integrity <<
    
    As a software developer you know that the product you make available on
    the Internet can be tampered with if it is not secured. Our Free Guide
    will show you how to securely distribute your code over the Internet and
    how these certificates operate with different software platforms:
    
    Download a guide to learn more:
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06
    
    ----
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for mc, libpng, LHA, httpd, and rsync.
    The distributors include Debian, Mandrake, Red Hat, and Trustix.
    
    http://www.linuxsecurity.com/articles/forums_article-9272.html
    
    ----
    
    Guardian Digital Security Solutions Win Out At Real World Linux
    
    Enterprise Email and Small Business Solutions Impres at Linux Exposition.
    Internet and network security was a consistent theme and Guardian Digital
    was on hand with innovative solutions to the most common security issues.
    Attending to the growing concern for cost-effective security, Guardian
    Digital's enterprise and small business applications were stand-out
    successes.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-164.html
    
    ----
    
    >> Bulletproof Virus Protection <<
    
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    network.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04
    
    --------------------------------------------------------------------
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    ----
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]----------
    +---------------------+
    
    * Book Review: Computer Security
    May 8th, 2004
    
    Thomas Greene is well-known within the computer and security world for his
    work as Associate Editor of The Register- a British tech newspaper. This
    book is a great contribution to the home and small office market.
    
    http://www.linuxsecurity.com/articles/documentation_article-9277.html
    
    
    * "Every Principle of Security is Being Violated," Says O'Dowd
    May 7th, 2004
    
    "There is no way to fix Linux to bring it up to the level of security that
    is required for national defense systems, a level that is already
    available in proprietary operating systems," says Dan O'Dowd. He's just
    released his third white paper in a series focusing on what his company
    Green Hills Software terms "an urgent security threat posed by the use of
    the Linux operating system in U.S. defense systems."
    
    http://www.linuxsecurity.com/articles/general_article-9274.html
    
    
    * Benefits of BCC
    May 7th, 2004
    
    Benefits of BCC Although in many situations it may be appropriate to list
    email recipients in the To: or CC: fields, sometimes using the BCC: field
    may be the most desirable option. What is BCC?
    
    http://www.linuxsecurity.com/articles/privacy_article-9275.html
    
    
    * Guarded Memory Move (GMM)
    May 5th, 2004
    
    The Guarded Memory Move tool gets handy when you have to study buffer
    overflows and you need to catch them together with a "good" stack image.
    When a stack overflow has been exploited, the back trace is already gone
    together with good information about parameters and local variables, that
    are of vital importance when trying to understand how the attacker is
    trying to work out the exploit.
    
    http://www.linuxsecurity.com/articles/host_security_article-9266.html
    
    
    * SELinux Boosts Server Security
    May 4th, 2004
    
    Security enhanced Linux, a set of kernel modifications and utilities
    initially developed by the National Security Agency, bolsters the security
    of Linux systems by enabling administrators to more finely tune data and
    process permissions. SELinux enforces mandatory access control policies,
    which limit user and application privileges to the minimum required to do
    the job.
    
    http://www.linuxsecurity.com/articles/server_security_article-9261.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * SecurityTalk with K Rudolph, CISSP
    May 6th, 2004
    
    Dancho: Hi Kaie, nice to have you in our first SecurityTalk discussing the
    importance of Security Awareness programmes and the problems related to
    the education of end users.
    
    http://www.linuxsecurity.com/articles/general_article-9270.html
    
    
    * Scanning the Horizon
    May 5th, 2004
    
    How secure is your enterprise network? Today that's a harder question to
    answer than ever, especially as enterprise networks continue to grow in
    size and complexity.
    
    http://www.linuxsecurity.com/articles/network_security_article-9268.html
    
    
    * HNS Learning Session: DDoS Threats
    May 4th, 2004
    
    For the second learning session on Help Net Security, they've got Steve
    Woo, Riverhead Networks Vice President of Marketing and Business
    Development, discussing the threats of Distributed Denial of Service
    attacks. Since the making of this audio session, Riverhead Networks was
    acquired by Cisco Systems.
    
    http://www.linuxsecurity.com/articles/network_security_article-9265.html
    
    
    * DNS Troubleshooting  Everything Depends on It
    May 4th, 2004
    
    The Domain Name System (DNS) service is required to access e-mail, browse
    Web sites and use hostnames in general. DNS resolves hostnames to IP
    addresses and back (e.g. www.cyberguard.com translates to 64.94.50.88).
    This article details how DNS works under normal circumstances and provides
    troubleshooting tips.
    
    http://www.linuxsecurity.com/articles/network_security_article-9262.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * The Internet's Wilder Side
    May 6th, 2004
    
    It was just another Wednesday on the sprawling Internet chat-room network
    known as I.R.C. In a room called Prime-Tyme-Movies, users offered free
    pirated downloads of "The Passion of the Christ'' and "Kill Bill Vol. 2.''
    In the DDO-Matrix channel, illegal copies of Microsoft's Windows software
    and "Prince of Persia: The Sands of Time,'' an Xbox game, were ripe for
    downloading.
    
    http://www.linuxsecurity.com/articles/network_security_article-9269.html
    
    
    * Mitnick busts bomb hoaxer
    May 4th, 2004
    
    Ex-hacker Kevin Mitnick is a hero to the small town of River Rouge,
    Michigan, after using his tech skills to help officials nab the culprit
    behind a harrowing series of bomb threats.
    
    http://www.linuxsecurity.com/articles/general_article-9263.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon May 10 2004 - 23:31:02 PDT