+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 24th, 2004 Volume 5, Number 21n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Security flaws could corrupt open source databases," "TCP/IP Skills Required for Security Analysts," and "Regulation Compliance Tops Companies' Security Concerns." ---- >> NEW Step-by-Step SSL Guide for Apache from Thawte << Thawtes new guide will show you how to test, purchase, install and use a Thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Download a guide to learn more: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06 ---- LINUX ADVISORY WATCH: This week, advisories were released for heimdal, cvs, neon, cadaver, libpng, iproute, lha, mailman, kdelibs, tcpdump, utempter, subversion, exim, Pound, ProFTPD, Icecast, libuser, passwd, apache, kdelibs, mc, rsync, the and kernel. The distributors include Debian, Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-9330.html ---- Guardian Digital Security Solutions Win Out At Real World Linux Enterprise Email and Small Business Solutions Impres at Linux Exposition. Internet and network security was a consistent theme and Guardian Digital was on hand with innovative solutions to the most common security issues. Attending to the growing concern for cost-effective security, Guardian Digital's enterprise and small business applications were stand-out successes. http://www.linuxsecurity.com/feature_stories/feature_story-164.html ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04 -------------------------------------------------------------------- Interview with Siem Korteweg: System Configuration Collector In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments. http://www.linuxsecurity.com/feature_stories/feature_story-162.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Security flaws could corrupt open source databases May 20th, 2004 Flaws in two popular source code database applications could allow attackers to access and corrupt open-source software projects, according to a security researcher. One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. http://www.linuxsecurity.com/articles/server_security_article-9324.html * Safe and insecure May 19th, 2004 Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. http://www.linuxsecurity.com/articles/network_security_article-9321.html * What's Wrong With E-Mail Accreditation? May 18th, 2004 E-mail accreditation isn't taken all that seriously as a method of spam control. I'm baffled as to why. It appears to be an effective means of helping ensure that spam filters don't accidently block e-mail that the recipient actually wants to get. http://www.linuxsecurity.com/articles/privacy_article-9317.html * Hardened-PHP May 17th, 2004 The Hardened-PHP project team is pleased to announce the release of version 0.1.1 of our PHP security hardening patch. This new Hardened-PHP release is the first one that is publicly announced and is considered stable on atleast linux systems. http://www.linuxsecurity.com/articles/projects_article-9310.html +------------------------+ | Network Security News: | +------------------------+ * Do We Suffer From Wi-Fi Security Paranoia? May 21st, 2004 I'm one of the world's most rabid fans of wireless networking -- known variously as Wi-Fi, 802.11 or AirPort. (Would somebody PLEASE come up with a consistent, user-friendly term for it?) It's just so glorious to be standing in an airport, hotel lobby or city street, open your laptop, and discover that you can go online at cable-modem speeds without hooking up a single cable. http://www.linuxsecurity.com/articles/network_security_article-9332.html * Conference Wireless LAN is Hacker Heaven May 20th, 2004 AirDefense is one of the more respected companies producing wireless LAN security software. AirDefense performed a research experiment at the recent Networld+Interop conference in Las Vegas. Their monitoring software scanned for vulnerabilities and network attacks during the conference producing some astonishing results. http://www.linuxsecurity.com/articles/network_security_article-9326.html * TCP/IP Skills Required for Security Analysts May 19th, 2004 Breaking into the network security industry, and finding a job as a computer security analyst can often be a daunting task. A great deal of us who work in the industry started down this path with nothing but an interest in computer security to begin with, and a desire to work in a field that we love. http://www.linuxsecurity.com/articles/general_article-9320.html * No WLAN? You still need wireless security May 17th, 2004 Although most wireless security solutions target organizations that have deployed wireless networks, there is a class of solutions that target all companies--even those that haven't deployed wireless networks. http://www.linuxsecurity.com/articles/network_security_article-9309.html * Strategies for real and virtual honeypots May 17th, 2004 Few would deny that security has become a huge priority for network administrators over the last few years. Administrators dedicate lots of time to making sure their networks have all of the latest security patches, firewalls, and intruder detection systems designed to log suspicious activity. http://www.linuxsecurity.com/articles/intrusion_detection_article-9308.html * Centralizing the Management of Network Security May 17th, 2004 Two extreme scenarios exist for handling security when dealing with geographically disparate organizations: In the first scenario, local IT staff is employed at the individual remote locations. In this case, organizations have to deal with cultural differences, varying skill levels and capabilities and language barriers that pose potential misunderstandings. http://www.linuxsecurity.com/articles/general_article-9311.html +------------------------+ | General Security News: | +------------------------+ * Open Source Users Unaffected by Sasser Worm May 21st, 2004 Since the 'Sasser' worm hit the Telstra BigPond network at 1AM Saturday, 1st May, Australian computer users have suffered major disruptions, with thousands of home and business users running Microsoft operating systems infected and others experiencing network congestion. http://www.linuxsecurity.com/articles/host_security_article-9333.html * Cisco to patent security fix May 20th, 2004 Cisco Systems has applied for patents on technology that it claims will fix a flaw that has recently been found in one of the most common communications protocols. http://www.linuxsecurity.com/articles/network_security_article-9327.html * Embracing the Art of Hacking May 19th, 2004 The idea that every hacker is an artist and every artist is a hacker isn't groundbreaking -- recent gallery and museum shows have focused on the link between art and coding -- but a new book by programmer Paul Graham gives the concept a fresh twist by advising hackers to improve their skills by borrowing creative techniques from other artists. http://www.linuxsecurity.com/articles/security_sources_article-9322.html * Regulation Compliance Tops Companies' Security Concerns May 18th, 2004 Just a few short years ago, the primary security-related concern for most IT executives was how to prevent hackers from infiltrating their companies' systems. Although that issue still is quite relevant, it's no longer the top concern of many organizations. Today, that honor goes to how to comply with the increasing number of regulatory and compliance mandates required by the U.S. government. http://www.linuxsecurity.com/articles/general_article-9315.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Tue May 25 2004 - 00:16:50 PDT