+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 21, 2004 Volume 5, Number 25n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Using Jabber as a log monitor," "Ease the security burden with a central logging server" and "Managing the security of data flow". ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn04 ---- LINUX ADVISORY WATCH: This week, advisories were released for cvs, krb5, kernel, subversion, ethereal, squirrelmail, gallery, Webmin, squid, aspell and tripwire. The distributors include Debian, Fedora, Gentoo, Red Hat, Slackware, Suse, and Trustix. http://www.linuxsecurity.com/articles/forums_article-9425.html ---- Open Source Leaving Microsoft Sitting on the Fence? The open source model, with special regard to Linux, has no doubt become a formidable competitor to the once sole giant of the software industry, Microsoft. It is expected when the market share of an industry leader becomes threatened, retaliation with new product or service offerings and marketing campaigns refuting the claims of the new found competition are inevitable. However, in the case of Microsoft, it seems they have not taken a solid or plausible position on the use of open source applications as an alternative to Windows. http://www.linuxsecurity.com/feature_stories/feature_story-168.html -------------------------------------------------------------------- Interview with Brian Wotring, Lead Developer for the Osiris Project Brian Wotring is currently the lead developer for the Osiris project and president of Host Integrity, Inc.He is also the founder of knowngoods.org, an online database of known good file signatures. Brian is the co-author of Mac OS X Security and a long-standing member of the Shmoo Group, an organization of security and cryptography professionals. http://www.linuxsecurity.com/feature_stories/feature_story-164.html -------------------------------------------------------------------- Guardian Digital Launches Next Generation Secure Mail Suite Guardian Digital, the premier open source security company, announced the availability of the next generation Secure Mail Suite, the industry's most secure open source corporate email system. This latest edition has been optimized to support the changing needs of enterprise and small business customers while continually providing protection from the latest in email security threats. http://www.linuxsecurity.com/feature_stories/feature_story-166.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Baiting the Hook to Catch the Hacker June 18th, 2004 The hacking community has cost organisations around the globe many millions of dollars in lost time and revenue. In SA, hackers pose a huge security threat - even though companies often do not openly admit this.Graham Vorster, chief technology officer at Duxbury Networking, says it's time to take a more aggressive stance with hackers as he describes new methods of 'hacker baiting'. http://www.linuxsecurity.com/articles/general_article-9423.html * Defacement spree hits government sites June 18th, 2004 The IT security of Australian Web-hosting providers has come under serious question, with more than 30 state and local government Web sites defaced in the last six months - including the homepages of two locally hosted foreign diplomatic missions and the highly sensitive NSW Casino Control Board. http://www.linuxsecurity.com/articles/hackscracks_article-9422.html * HNS Audio Learning Session: Alternatives to Passwords June 17th, 2004 The third annual survey into office scruples conducted by Infosecurity Europe 2004 found that office workers are still not information security savvy. A survey of office workers found that 71% were willing to part with their password for a chocolate bar. In this 8 minutes long audio learning session, John Stuart, Signify CEO, discusses what are the alternatives to passwords. http://www.linuxsecurity.com/articles/network_security_article-9420.html * New Linux Security Hole Found June 15th, 2004 A Linux bug was recently uncovered by a young Norwegian programmer that, when exploited by a simple C program, could crash most Linux 2.4 or 2.6 distributions running on an x86 architecture. "Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the program--like cgi-bin and FTP access," reports the discoverer, =C3=98yvind S=C3=A6ther. http://www.linuxsecurity.com/articles/server_security_article-45.html +------------------------+ | Network Security News: | +------------------------+ * Wireless Infidelity June 21st, 2004 While the growth of 802.11b wireless networking has been explosive, problems with security of data being transmitted have plagued the technology almost since its conception. Still in spite of its drawbacks 802.11b has some compelling reasons for its deployment, both by the consumer and in the enterprise. Those reasons include its low cost, its ease of deployment and the tremendous convenience that wireless networking offers. http://www.linuxsecurity.com/articles/network_security_article-9433.html * Application Denial of Service (DoS) Attacks June 18th, 2004 Denial of Services attacks aimed at disrupting network services range from simple bandwidth exhaustion attacks and those targeted at flaws in commercial software to complex distributed attacks exploiting specific COTS software flaws. These types of attack are not new and have been used to devastating effect to prevent normal operation of the victim sites. Historically, these attacks by hacktivists and extortionists alike have targeted companies as diverse as eBay and Microsoft, the RIAA and SCO, and a plethora of online gambling companies. http://www.linuxsecurity.com/articles/network_security_article-9426.html * Ease the security burden with a central logging server June 16th, 2004 Every network device on your network has some type of logging capability. Switches and routers are extremely proficient in logging network events. Your organization's security policy should specify some level of logging for all network devices. http://www.linuxsecurity.com/articles/network_security_article-50.html * Using Jabber as a log monitor June 14th, 2004 Jabber, the streaming XML technology mainly used for instant messaging, is well-suited to its most common task. However, Jabber is a far more generic tool. It's not a chat server per se, but rather a complete XML routing framework. This has some pretty far-reaching implications. http://www.linuxsecurity.com/articles/network_security_article-39.html +------------------------+ | General Security News: | +------------------------+ * Open source Internet protocol security project gets nod from Novell June 18th, 2004 Novell announced that it is sponsoring and contributing to the popular open source Linux implementation of the IP security (IPsec) standard development project, Openswan. The open source project brings all of the features needed for building and deploying secure commercial grade virtual private networks (VPNs) to Linux. http://www.linuxsecurity.com/articles/projects_article-9424.html * Evaluating the ROSI: Where's the problem? June 17th, 2004 Many believe that demonstrating a ROSI in the enterprise is nigh impossible because there are no metrics that measure the ROSI unless a company is attacked or security is outsourced to a managed security provider. However, I've always been astounded by this attitude, as to me it appears that the most obvious point has been completely missed; organisations must begin with information risk assessments in order to evaluate the true effectiveness of their ROSI. http://www.linuxsecurity.com/articles/network_security_article-9419.html * First mobile phone virus discovered June 16th, 2004 The first ever computer virus that can infect mobile phones has been discovered, anti-virus software developers said today, adding that up until now it has had no harmful effect. http://www.linuxsecurity.com/articles/network_security_article-9414.html * Managing the security of data flow June 14th, 2004 Customer Relationship Management (CRM) systems are cited as one of the major technology successes of the last decade. These 'super databases' enable the real-time sharing of information across global organisations, increasing the visibility of the sales pipeline and providing a central control of the customer experience. A far cry from the early databases which were supported in the locally networked environment, CRM systems have pushed database capabilities into the enterprise arena, providing accurate monitoring of customer information and enabling corporations to sell and market to customers through a centrally managed delivery mechanism. http://www.linuxsecurity.com/articles/network_security_article-41.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Tue Jun 22 2004 - 05:29:48 PDT