[ISN] Linux Security Week - May 31st 2004

From: InfoSec News (isn@private)
Date: Tue Jun 01 2004 - 01:28:47 PDT

  • Next message: InfoSec News: "[ISN] Department of Defense Releases FY04 Report to Congress on PRC Military Power"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 31st, 2004                                Volume 5, Number 22n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Minimizing
    Privileges," "Security in an ERP World," "Key Considerations for
    Outsourcing Security," and "CIOs Gear Up for Changing Security Climate."
    >> Secure Online Data Transfer with SSL <<
    Get Thawte's new introductory guide to SSL security which covers the
    basics of how it operates. A discussion of the various applications of SSL
    certificates and their appropriate deployment is also included along with
    details of how to test SSL on your web server.
    Download a guide to learn more:
    This week, advisories were released for libneon, mailman, kde, xpcd,
    kdepim, httpd, SquirrelMail, cvs, neon, subversion, cadaver, metamail,
    firebird, opera, mysql, mc, apache, heimdal, kernel, utempter, and LHA.
    The distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo,
    Mandrake, OpenBSD, Red Hat, Slackware, SuSE, and TurboLinux.
    Linux and National Security
    As the open source industry grows and becomes more widely accepted, the
    use of Linux as a secure operating system is becoming a prominent choice
    among corporations, educational institutions and government sectors.
    With national security concerns at an all time high, the question remains:
    Is Linux secure enough to successfully operate the government and
    military's most critical IT applications?
    >> Bulletproof Virus Protection <<
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    Guardian Digital Security Solutions Win Out At Real World Linux
    Enterprise Email and Small Business Solutions Impres at Linux Exposition.
    Internet and network security was a consistent theme and Guardian Digital
    was on hand with innovative solutions to the most common security issues.
    Attending to the growing concern for cost-effective security, Guardian
    Digital's enterprise and small business applications were stand-out
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    | Host Security News: | <<-----[ Articles This Week ]----------
    * Secure programmer: Minimizing privileges
    May 26th, 2004
    Secure programs must minimize privileges so that any bugs are less likely
    to be become security vulnerabilities. This article discusses how to
    minimize privileges by minimizing the privileged modules, the privileges
    granted, and the time the privileges are active.
    * Secure coding attracts interest, investment
    May 26th, 2004
    A new product from computer security firm @stake will help developers
    search computer code for errors, security holes and other flaws that
    malicious hackers can use to break applications -- and break into
    * Security in an ERP World
    May 25th, 2004
    Every good hacker story ends with the line: "and then he's got root access
    to your network and can do whatever he wants." But the story really
    doesn't end there. This is just the beginning of the real damage that the
    hacker can inflict.
    | Network Security News: |
    * Snort up for revamp, says creator
    May 24th, 2004
    The creator of Snort, the open-source network-based Intrusion Detection
    System (IDS), says the software is up for an overhaul.  IDS has failed to
    impress the market, Martin Roesch told delegates at the AusCERT computer
    security conference in Queensland.
    | General Security News: |
    * Key Considerations for Outsourcing Security
    May 27th, 2004
    As last summer's virus attacks vividly demonstrated, companies of every
    size are finding themselves hard pressed to maintain around-the-clock
    network security.
    * CIOs Gear Up for Changing Security Climate
    May 27th, 2004
    "Security and business continuity have been pushed to the top of my list
    post-9/11," says Lockheed Martin CIO Joseph R. Cleveland. "We've always
    been focused on information security, but now we've had to think
    differently about the combination of information and physical security."
    * Auditors warn of foreign risks to weapons software
    May 27th, 2004
    The Defense Department's control of the source of weapons software came
    under fire today in a report issued by the General Accounting Office,
    which said overseas production of software creates an unacceptable
    security environment.
    * EU seeks quantum cryptography response to Echelon
    May 26th, 2004
    The European Union plans to invest $13 million during the next four years
    to develop a secure communication system based on quantum cryptography,
    using physical laws governing the universe on the smallest scale to create
    and distribute unbreakable encryption keys, project coordinators said
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Tue Jun 01 2004 - 04:48:58 PDT