[ISN] Linux Security Week - June 14th 2004

From: InfoSec News (isn@private)
Date: Mon Jun 14 2004 - 22:52:21 PDT

  • Next message: InfoSec News: "[ISN] Electronic jihad: Web sites featuring calls to arms, video of attacks"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  June 14th, 2004                               Volume 5, Number 24n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Using Jabber as
    a log monitor," "Best Practices for Storage Security," "Use Webmin for
    Linux Administration," and "Secure Development: A Polarised Response."
    >> Bulletproof Virus Protection <<
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    This week, advisories were released for gatos, jftpgw, ethereal, gallery,
    rsync, log2mail, kernel, lha, postgresql, cvs, cups, squirrelmail, squid,
    tla, Ethereal, tripwire, sitecopy, mailman, apache, mdkonline, xpcd,
    mod_ssl, ksymoops, and kerberos5. The distributors include Debain, Fedora,
    FreeBSD, Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, SuSE,
    Trustix, and Turbo Linux.
    Interview with Brian Wotring, Lead Developer for the Osiris Project
    Brian Wotring is currently the lead developer for the Osiris project and
    president of Host Integrity, Inc.He is also the founder of knowngoods.org,
    an online database of known good file signatures. Brian is the co-author
    of Mac OS X Security and a long-standing member of the Shmoo Group, an
    organization of security and cryptography professionals.
    Guardian Digital Launches Next Generation Secure Mail Suite
    Guardian Digital, the premier open source security company, announced the
    availability of the next generation Secure Mail Suite, the industry's most
    secure open source corporate email system. This latest edition has been
    optimized to support the changing needs of enterprise and small business
    customers while continually providing protection from the latest in email
    security threats.
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    | Host Security News: | <<-----[ Articles This Week ]----------
    * More flaws foul security of open-source repository
    June 10th, 2004
    Security researchers have found at least six more flaws in the
    open-software world's most popular program for maintaining code under
    * The need for Security Testing
    June 10th, 2004
    Will help C-level executives understand what Security Testing is and how
    the Open Source Security Testing Methodology Manual (OSSTMM) can help
    raise the level of security within their organization.
    * The ease of (ab)using X11, Part 2
    June 9th, 2004
    Last time we looked at how you can get access to an X11 server, the
    desktop software you are using when you're running graphical environments
    like Gnome or KDE. When you have access to the X11 server, you can do some
    remarkable things.
    * Best Practices for Storage Security
    June 9th, 2004
    IT professionals and their businesses have learned the hard way in recent
    years that disaster can strike at anytime and that they must be prepared.
    Companies unable to resume operations within ten days of a disaster hit
    are not likely to survive, stated a study from the Strategic Research
    * Use Webmin for Linux Administration
    June 9th, 2004
    Administering Linux and Unix-based servers does not need to be the scourge
    of your work day.  With a handy tool called Webmin as part of your
    arsenal, you can regain complete control of your servers via the Web
    | Network Security News: |
    * Using Jabber as a log monitor
    June 14th, 2004
    Jabber, the streaming XML technology mainly used for instant messaging, is
    well-suited to its most common task. However, Jabber is a far more generic
    tool. It's not a chat server per se, but rather a complete XML routing
    framework. This has some pretty far-reaching implications.
    * Managing the security of data flow
    June 14th, 2004
    Customer Relationship Management (CRM) systems are cited as one of the
    major technology successes of the last decade. These 'super databases'
    enable the real-time sharing of information across global organisations,
    increasing the visibility of the sales pipeline and providing a central
    control of the customer experience.
    * Ease the security burden with a central logging server
    June 14th, 2004
    Every network device on your network has some type of logging capability.
    Switches and routers are extremely proficient in logging network events.
    Your organization's security policy should specify some level of logging
    for all network devices.
    * The DOMINO Theory: How to Thwart Wi-Fi Cheats
    June 10th, 2004
    Byaltering the Multiple Access Control (MAC) protocol, one of the series
    of protocols that govern how bandwidth is distributed between multiple
    users of the same wi-fi access point byrandomly assigning each hotspot
    user a rate for data transfer, it is possible tosiphon off most or all of
    the bandwidth.
    * Securing the Wireless Enterprise
    June 10th, 2004
    With recent technological advances, wireless devices are well positioned
    to add value as corporate productivity tools. Investments in this area
    have the potential to provide widespread improvements in mobile worker
    efficiency, business activity monitoring, exception handling, and
    organizational throughput.
    | General Security News: |
    * Security holes splatter Open Source
    June 11th, 2004
    A KEY OPEN source tool used by developers to track and manage changes in
    computer code has six security glitches and counting. Concurrent Versions
    System (CVS) is used to manage code on a number of top open source
    software development projects.
    * Secure Development: A Polarised Response
    June 8th, 2004
    Thankfully these days' assessing the security of an application prior to
    implementation is a normal process for most organisations.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Mon Jun 14 2004 - 23:45:18 PDT