+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 14th, 2004 Volume 5, Number 24n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Using Jabber as a log monitor," "Best Practices for Storage Security," "Use Webmin for Linux Administration," and "Secure Development: A Polarised Response." ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04 ---- LINUX ADVISORY WATCH: This week, advisories were released for gatos, jftpgw, ethereal, gallery, rsync, log2mail, kernel, lha, postgresql, cvs, cups, squirrelmail, squid, tla, Ethereal, tripwire, sitecopy, mailman, apache, mdkonline, xpcd, mod_ssl, ksymoops, and kerberos5. The distributors include Debain, Fedora, FreeBSD, Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, SuSE, Trustix, and Turbo Linux. http://www.linuxsecurity.com/articles/forums_article-34.html ---- Interview with Brian Wotring, Lead Developer for the Osiris Project Brian Wotring is currently the lead developer for the Osiris project and president of Host Integrity, Inc.He is also the founder of knowngoods.org, an online database of known good file signatures. Brian is the co-author of Mac OS X Security and a long-standing member of the Shmoo Group, an organization of security and cryptography professionals. http://www.linuxsecurity.com/feature_stories/feature_story-164.html -------------------------------------------------------------------- Guardian Digital Launches Next Generation Secure Mail Suite Guardian Digital, the premier open source security company, announced the availability of the next generation Secure Mail Suite, the industry's most secure open source corporate email system. This latest edition has been optimized to support the changing needs of enterprise and small business customers while continually providing protection from the latest in email security threats. http://www.linuxsecurity.com/feature_stories/feature_story-166.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * More flaws foul security of open-source repository June 10th, 2004 Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development. http://www.linuxsecurity.com/articles/projects_article-28.html * The need for Security Testing June 10th, 2004 Will help C-level executives understand what Security Testing is and how the Open Source Security Testing Methodology Manual (OSSTMM) can help raise the level of security within their organization. http://www.linuxsecurity.com/articles/network_security_article-31.html * The ease of (ab)using X11, Part 2 June 9th, 2004 Last time we looked at how you can get access to an X11 server, the desktop software you are using when you're running graphical environments like Gnome or KDE. When you have access to the X11 server, you can do some remarkable things. http://www.linuxsecurity.com/articles/documentation_article-27.html * Best Practices for Storage Security June 9th, 2004 IT professionals and their businesses have learned the hard way in recent years that disaster can strike at anytime and that they must be prepared. Companies unable to resume operations within ten days of a disaster hit are not likely to survive, stated a study from the Strategic Research Institute. http://www.linuxsecurity.com/articles/network_security_article-25.html * Use Webmin for Linux Administration June 9th, 2004 Administering Linux and Unix-based servers does not need to be the scourge of your work day. With a handy tool called Webmin as part of your arsenal, you can regain complete control of your servers via the Web browser. http://www.linuxsecurity.com/articles/server_security_article-24.html +------------------------+ | Network Security News: | +------------------------+ * Using Jabber as a log monitor June 14th, 2004 Jabber, the streaming XML technology mainly used for instant messaging, is well-suited to its most common task. However, Jabber is a far more generic tool. It's not a chat server per se, but rather a complete XML routing framework. This has some pretty far-reaching implications. http://www.linuxsecurity.com/articles/network_security_article-39.html * Managing the security of data flow June 14th, 2004 Customer Relationship Management (CRM) systems are cited as one of the major technology successes of the last decade. These 'super databases' enable the real-time sharing of information across global organisations, increasing the visibility of the sales pipeline and providing a central control of the customer experience. http://www.linuxsecurity.com/articles/network_security_article-41.html * Ease the security burden with a central logging server June 14th, 2004 Every network device on your network has some type of logging capability. Switches and routers are extremely proficient in logging network events. Your organization's security policy should specify some level of logging for all network devices. http://www.linuxsecurity.com/articles/server_security_article-40.html * The DOMINO Theory: How to Thwart Wi-Fi Cheats June 10th, 2004 Byaltering the Multiple Access Control (MAC) protocol, one of the series of protocols that govern how bandwidth is distributed between multiple users of the same wi-fi access point byrandomly assigning each hotspot user a rate for data transfer, it is possible tosiphon off most or all of the bandwidth. http://www.linuxsecurity.com/articles/network_security_article-29.html * Securing the Wireless Enterprise June 10th, 2004 With recent technological advances, wireless devices are well positioned to add value as corporate productivity tools. Investments in this area have the potential to provide widespread improvements in mobile worker efficiency, business activity monitoring, exception handling, and organizational throughput. http://www.linuxsecurity.com/articles/network_security_article-30.html +------------------------+ | General Security News: | +------------------------+ * Security holes splatter Open Source June 11th, 2004 A KEY OPEN source tool used by developers to track and manage changes in computer code has six security glitches and counting. Concurrent Versions System (CVS) is used to manage code on a number of top open source software development projects. http://www.linuxsecurity.com/articles/general_article-33.html * Secure Development: A Polarised Response June 8th, 2004 Thankfully these days' assessing the security of an application prior to implementation is a normal process for most organisations. http://www.linuxsecurity.com/articles/projects_article-21.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Mon Jun 14 2004 - 23:45:18 PDT