[ISN] Linux Security Week - May 17th 2004

From: InfoSec News (isn@private)
Date: Tue May 18 2004 - 03:13:47 PDT

  • Next message: InfoSec News: "[ISN] DefCon 12 WarDriving Contest Registration Now Open"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 17th, 2004                                Volume 5, Number 20n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Voice Over IP
    Can Be Vulnerable To Hackers," "Spec in Works to Secure Wireless
    Networks," and "Understanding TCP Reset Attacks."
    
    ----
    
    >> Need to Secure Multiple Domain or Host Names? <<
    
    Securing multiple domain or host names need not burden you with unwanted
    administrative hassles. Learn more about how the cost-effective Thawte
    Starter PKI program can streamline management of your digital
    certificates.
    
    Download a guide to learn more:
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06
    
    ----
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for lha, rsync, film, exim, mc,
    OpenSSL, heimdal, libneon, clamav, utempter, propftd, apache2, systrace,
    cvs, procfs, libpng, openoffice, kernel, sysklogd, and live. The
    distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake,
    NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.
    
    http://www.linuxsecurity.com/articles/forums_article-9301.html
    
    ----
    
    Guardian Digital Security Solutions Win Out At Real World Linux
    
    Enterprise Email and Small Business Solutions Impres at Linux Exposition.
    Internet and network security was a consistent theme and Guardian Digital
    was on hand with innovative solutions to the most common security issues.
    Attending to the growing concern for cost-effective security, Guardian
    Digital's enterprise and small business applications were stand-out
    successes.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-164.html
    
    ----
    
    >> Bulletproof Virus Protection <<
    
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    network.
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04
    
    --------------------------------------------------------------------
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    ----
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]----------
    +---------------------+
    
    * The ease of (ab)using X11, Part 1
    May 14th, 2004
    
    A friend of mine decided to finally get a computer recently. He's one of
    those people who is very bright, he just didn't have the need for one
    before.[1] Being a very intelligent and worldly guy, he naturally wanted a
    Linux box.
    
    http://www.linuxsecurity.com/articles/documentation_article-9302.html
    
    
    * HNS Learning Session: Introduction to Computer Forensics
    May 13th, 2004
    
    For this learning session on Help Net Security, we've got Michael J.
    Staggs, Senior Security Engineer at Guidance Software, discussing the
    basics of computer forensics.
    
    http://www.linuxsecurity.com/articles/government_article-9300.html
    
    
    * Fundamentals: Password Madness
    May 12th, 2004
    
    While senior technology editor Curt Franklin was hard at work testing
    authentication tokens for this issue's cover story, I coincidentally ran
    into some questionable authentication policies and practices as a user.
    
    http://www.linuxsecurity.com/articles/privacy_article-9293.html
    
    
    * Net(Free)BSD Systrace Local Root Vulnerability
    May 12th, 2004
    
    At the end of March Brad Spengler from grsecurity informed the world about
    a silently patched systrace bypass vulnerability within the linux port of
    systrace. He also revealed that he found two more holes within systrace,
    which he did not disclose further. His mail was reason enough to have a
    look into systrace on nearly all of its supported platforms.
    
    http://www.linuxsecurity.com/articles/host_security_article-9291.html
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Voice Over IP Can Be Vulnerable To Hackers, Too
    May 14th, 2004
    
    As voice over IP sweeps across the high-tech landscape, many IT managers
    are being lulled into a dangerous complacency because they look upon
    Internet phoning as a relatively secure technology--not as an IP service
    susceptible to the same worms, viruses, and other pestilence that
    threatens all networked systems.
    
    http://www.linuxsecurity.com/articles/network_security_article-9303.html
    
    
    * BlueTooth Hacking For Fun and Profit
    May 13th, 2004
    
    WiFi wardriving tools have now advanced to the point where it is less a
    sign of techno-machismo and more a sign of social maladjustment to
    actually go out and wardrive in your neighborhood. So what's a young
    wireless data enthusiast to do?
    
    http://www.linuxsecurity.com/articles/hackscracks_article-9296.html
    
    
    * Spec in Works to Secure Wireless Networks
    May 13th, 2004
    
    The Trusted Computing Group said Monday that it is working on a
    specification to ensure that wireless clients connecting to a network
    won't serve as a back door to worms and crackers.
    
    http://www.linuxsecurity.com/articles/network_security_article-9294.html
    
    
    * Web worm tests network security
    May 12th, 2004
    
    Using vulnerabilities revealed at the same time as those exploited by the
    web worm, security firm IRM has demonstrated how they can be used to gain
    control of a Windows web server.
    
    http://www.linuxsecurity.com/articles/network_security_article-9292.html
    
    
    * Understanding TCP Reset Attacks, Part I
    May 11th, 2004
    
    A vulnerability in TCP, the transmission control protocol, recently
    received some exposure in the media. Paul Watson released a white paper
    titled Slipping In The window: TCP Reset Attacks at the 2004 CanSecWest
    conference, providing a much better understanding of the real-world risks
    of TCP reset attacks.
    
    http://www.linuxsecurity.com/articles/network_security_article-9289.html
    
    
    * Network Security Basics
    May 11th, 2004
    
    A solid network foundation is the key to business agility, process
    efficiency, productivity, and competitiveness. It provides intelligent
    services such as security, availability, reliability, and quality of
    service (QoS).
    
    http://www.linuxsecurity.com/articles/network_security_article-9285.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * Students warn of hacking threat
    May 14th, 2004
    
    Three Brisbane university students have discovered a major flaw in
    wireless network technology that means hackers can bring down critical
    infrastructure in as little as five seconds.
    
    http://www.linuxsecurity.com/articles/network_security_article-9305.html
    
    
    * Book Review: Malicious Cryptography
    May 10th, 2004
    
    Most people are familiar with malware- viruses, worms, Trojans, etc.- and
    most people are familiar, at least with the concept, of cryptography.
    However there are far fewer people that truly understand either of these
    technologies, and even fewer still who understand how the two can be
    combined to create the next generation of malicious code.
    
    http://www.linuxsecurity.com/articles/cryptography_article-9279.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue May 18 2004 - 04:02:37 PDT