+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 17th, 2004 Volume 5, Number 20n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Voice Over IP Can Be Vulnerable To Hackers," "Spec in Works to Secure Wireless Networks," and "Understanding TCP Reset Attacks." ---- >> Need to Secure Multiple Domain or Host Names? << Securing multiple domain or host names need not burden you with unwanted administrative hassles. Learn more about how the cost-effective Thawte Starter PKI program can streamline management of your digital certificates. Download a guide to learn more: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06 ---- LINUX ADVISORY WATCH: This week, advisories were released for lha, rsync, film, exim, mc, OpenSSL, heimdal, libneon, clamav, utempter, propftd, apache2, systrace, cvs, procfs, libpng, openoffice, kernel, sysklogd, and live. The distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, and SuSE. http://www.linuxsecurity.com/articles/forums_article-9301.html ---- Guardian Digital Security Solutions Win Out At Real World Linux Enterprise Email and Small Business Solutions Impres at Linux Exposition. Internet and network security was a consistent theme and Guardian Digital was on hand with innovative solutions to the most common security issues. Attending to the growing concern for cost-effective security, Guardian Digital's enterprise and small business applications were stand-out successes. http://www.linuxsecurity.com/feature_stories/feature_story-164.html ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04 -------------------------------------------------------------------- Interview with Siem Korteweg: System Configuration Collector In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments. http://www.linuxsecurity.com/feature_stories/feature_story-162.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * The ease of (ab)using X11, Part 1 May 14th, 2004 A friend of mine decided to finally get a computer recently. He's one of those people who is very bright, he just didn't have the need for one before.[1] Being a very intelligent and worldly guy, he naturally wanted a Linux box. http://www.linuxsecurity.com/articles/documentation_article-9302.html * HNS Learning Session: Introduction to Computer Forensics May 13th, 2004 For this learning session on Help Net Security, we've got Michael J. Staggs, Senior Security Engineer at Guidance Software, discussing the basics of computer forensics. http://www.linuxsecurity.com/articles/government_article-9300.html * Fundamentals: Password Madness May 12th, 2004 While senior technology editor Curt Franklin was hard at work testing authentication tokens for this issue's cover story, I coincidentally ran into some questionable authentication policies and practices as a user. http://www.linuxsecurity.com/articles/privacy_article-9293.html * Net(Free)BSD Systrace Local Root Vulnerability May 12th, 2004 At the end of March Brad Spengler from grsecurity informed the world about a silently patched systrace bypass vulnerability within the linux port of systrace. He also revealed that he found two more holes within systrace, which he did not disclose further. His mail was reason enough to have a look into systrace on nearly all of its supported platforms. http://www.linuxsecurity.com/articles/host_security_article-9291.html +------------------------+ | Network Security News: | +------------------------+ * Voice Over IP Can Be Vulnerable To Hackers, Too May 14th, 2004 As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems. http://www.linuxsecurity.com/articles/network_security_article-9303.html * BlueTooth Hacking For Fun and Profit May 13th, 2004 WiFi wardriving tools have now advanced to the point where it is less a sign of techno-machismo and more a sign of social maladjustment to actually go out and wardrive in your neighborhood. So what's a young wireless data enthusiast to do? http://www.linuxsecurity.com/articles/hackscracks_article-9296.html * Spec in Works to Secure Wireless Networks May 13th, 2004 The Trusted Computing Group said Monday that it is working on a specification to ensure that wireless clients connecting to a network won't serve as a back door to worms and crackers. http://www.linuxsecurity.com/articles/network_security_article-9294.html * Web worm tests network security May 12th, 2004 Using vulnerabilities revealed at the same time as those exploited by the web worm, security firm IRM has demonstrated how they can be used to gain control of a Windows web server. http://www.linuxsecurity.com/articles/network_security_article-9292.html * Understanding TCP Reset Attacks, Part I May 11th, 2004 A vulnerability in TCP, the transmission control protocol, recently received some exposure in the media. Paul Watson released a white paper titled Slipping In The window: TCP Reset Attacks at the 2004 CanSecWest conference, providing a much better understanding of the real-world risks of TCP reset attacks. http://www.linuxsecurity.com/articles/network_security_article-9289.html * Network Security Basics May 11th, 2004 A solid network foundation is the key to business agility, process efficiency, productivity, and competitiveness. It provides intelligent services such as security, availability, reliability, and quality of service (QoS). http://www.linuxsecurity.com/articles/network_security_article-9285.html +------------------------+ | General Security News: | +------------------------+ * Students warn of hacking threat May 14th, 2004 Three Brisbane university students have discovered a major flaw in wireless network technology that means hackers can bring down critical infrastructure in as little as five seconds. http://www.linuxsecurity.com/articles/network_security_article-9305.html * Book Review: Malicious Cryptography May 10th, 2004 Most people are familiar with malware- viruses, worms, Trojans, etc.- and most people are familiar, at least with the concept, of cryptography. However there are far fewer people that truly understand either of these technologies, and even fewer still who understand how the two can be combined to create the next generation of malicious code. http://www.linuxsecurity.com/articles/cryptography_article-9279.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Tue May 18 2004 - 04:02:37 PDT