+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 28, 2004 Volume 5, Number 26n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Linux users under threat", "Stealth wallpaper could keep WLANs secure" and "Secure Development Framework". ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04 ---- LINUX ADVISORY WATCH: This week, advisories were released for sup, super, rlpr, Multiple, kernel, libpng and Usermin. The distributors include Debian, EnGarde, Fedora, Gentoo, Openwall, RedHat, Trustix, and Turbolinux. http://www.linuxsecurity.com/articles/forums_article-9448.html ---- Open Source Leaving Microsoft Sitting on the Fence? The open source model, with special regard to Linux, has no doubt become a formidable competitor to the once sole giant of the software industry, Microsoft. It is expected when the market share of an industry leader becomes threatened, retaliation with new product or service offerings and marketing campaigns refuting the claims of the new found competition are inevitable. However, in the case of Microsoft, it seems they have not taken a solid or plausible position on the use of open source applications as an alternative to Windows. http://www.linuxsecurity.com/feature_stories/feature_story-168.html -------------------------------------------------------------------- Interview with Brian Wotring, Lead Developer for the Osiris Project Brian Wotring is currently the lead developer for the Osiris project and president of Host Integrity, Inc.He is also the founder of knowngoods.org, an online database of known good file signatures. Brian is the co-author of Mac OS X Security and a long-standing member of the Shmoo Group, an organization of security and cryptography professionals. http://www.linuxsecurity.com/feature_stories/feature_story-164.html -------------------------------------------------------------------- Guardian Digital Launches Next Generation Secure Mail Suite Guardian Digital, the premier open source security company, announced the availability of the next generation Secure Mail Suite, the industry's most secure open source corporate email system. This latest edition has been optimized to support the changing needs of enterprise and small business customers while continually providing protection from the latest in email security threats. http://www.linuxsecurity.com/feature_stories/feature_story-166.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Linux users under threat June 24th, 2004 A newly discovered security hole in Linux, published on an open source website, has raised questions about how Linux security issues should be handled. The vulnerability could allow malicious users to bring down Linux machines with just 24 lines of code, which are available from several open source websites and internet news groups. http://www.linuxsecurity.com/articles/server_security_article-9444.html * Latest Web services spec tackles application flaws June 24th, 2004 OASIS addressed another layer of security concerns around Web services Wednesday when it ratified the Application Vulnerability Description Language (AVDL) 1.0 as a standard, the organization's highest level of ratification. AVDL is an XML schema that enables security products to communicate information about new and existing Web application vulnerabilities between themselves, according to AVDL Technical Committee co-chairman Kevin Heineman. http://www.linuxsecurity.com/articles/projects_article-9445.html * Secure Development Framework June 21st, 2004 This whitepaper deals with developing a secure framework, both for internal and outsourced development. Within this context, secure development is considered to be the process of producing reliable, stable, bug and vulnerability free software. http://www.linuxsecurity.com/articles/projects_article-9436.html +------------------------+ | Network Security News: | +------------------------+ * Wireless endpoint security: Tie up the loose ends June 28th, 2004 Endpoint security transcends the use of personal firewalls and antivirus software. Endpoint devices such as laptops, home-office and remote desktops, and Internet-enabled handhelds are some of the biggest headache sources for security managers. It's hard enough keeping your in-house workstations and servers secure with up-to-date antivirus software and the latest patches and updates. http://www.linuxsecurity.com/articles/network_security_article-9450.html * Building a Linux Router-Firewall June 25th, 2004 This site is an introduction to simple hardware routers for small networks built from old, obsolete hardware and free software. The intended audience for this site are Newbies to both Linux and to hardware routers and firewalls. Included are instructions for hardware assembly and software configuration. One page is a primer for Network security and discusses Firewalls, Anti-Virus and other security tools. http://www.linuxsecurity.com/articles/firewalls_article-9447.html * HNS Audio Learning Session: The Benefits of SSL VPNs June 23rd, 2004 Secure Sockets Layer (SSL) Virtual Private Networks are quickly gaining popularity as serious contenders in the remote-access marketplace. Analysts predict that products based on SSL VPN technology will rival - or even replace - IP Security Protocol (IPSec) VPNs as remote-access solutions. http://www.linuxsecurity.com/articles/network_security_article-9440.html * Stealth wallpaper could keep WLANs secure June 21st, 2004 UK defence contractor BAE Systems has developed a stealth wallpaper to beat electronic eavesdropping on company Wi-Fi networks. The company has produced panels using the technology to produce a screen that will prevent outsiders from listening in on companies' Wi-Fi traffic but let other radio and mobile phone traffic get through. http://www.linuxsecurity.com/articles/privacy_article-9435.html +------------------------+ | General Security News: | +------------------------+ * Book Review: HackNotes Network Security Portable Reference June 25th, 2004 The HackNotes series quickly became one of the best selling titles in the computer security publishing sector. With some great marketing, mostly derived from the famous Hacking Exposed titles, it wasn't a tough job for Foundstone staffers to create this series of successful portable reference publications. Today I'm taking a look at one of the HackNotes titles that is concentrated on Network Security. http://www.linuxsecurity.com/articles/documentation_article-9449.html * Security qualification makes the grade June 24th, 2004 IT departments looking to hire new staff will be interested to learn that one of the world's leading security qualifications, the CISSP (certified information systems security professional), has become the first in the industry to meet the new ISO/IEC 17024 standard. The 17204 benchmark was launched last year by the International Standards Organization as a way of assessing whether qualifications across a range of professions could demonstrate minimum standards. http://www.linuxsecurity.com/articles/general_article-9443.html * Secure Web Based Mail Services June 23rd, 2004 There used to be a time when secure e-mail management was simple. "Managing" meant sorting through your e-mail messages and putting them into appropriate folders. Secure e-mail back then meant using a simple password for e-mail access. However, today, with e-mail being a business-critical application, more threats against e-mail than ever before, and government regulatory concerns, secure e-mail management takes on a whole different meaning. http://www.linuxsecurity.com/articles/privacy_article-9441.html * City firms still failing to guard WLans June 22nd, 2004 Businesses in Europe's leading financial centres are failing to secure their wireless access points despite the risk of "drive-by" hacking. More than 33% of businesses surveyed in London, Milan, Paris and Frankfurt are still making fundamental security mistakes, research by RSA Security revealed. http://www.linuxsecurity.com/articles/network_security_article-9439.html * Akamai Attack Reveals Increased Sophistication June 22nd, 2004 An attack last week against Akamai Technologies Inc. demonstrated the disruption of key Web site activity that a well-placed assault on the Internet's Domain Name System can cause. The incident also revealed a troubling capability on the part of hackers to target core Internet infrastructure technologies, security experts said. http://www.linuxsecurity.com/articles/network_security_article-9437.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Tue Jun 29 2004 - 08:52:49 PDT