[ISN] Linux Security Week - June 28, 2004

From: InfoSec News (isn@private)
Date: Tue Jun 29 2004 - 06:25:20 PDT

  • Next message: InfoSec News: "[ISN] ISO endorses key security certification"

    |  LinuxSecurity.com                         Weekly Newsletter        |
    |  June 28, 2004                           Volume 5, Number 26n       |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Linux users
    under threat", "Stealth wallpaper could keep WLANs secure" and "Secure
    Development Framework". ----
    >> Bulletproof Virus Protection <<
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    This week, advisories were released for sup, super, rlpr, Multiple,
    kernel, libpng and Usermin. The distributors include Debian, EnGarde,
    Fedora, Gentoo, Openwall, RedHat, Trustix, and Turbolinux.
    Open Source Leaving Microsoft Sitting on the Fence?
    The open source model, with special regard to Linux, has no doubt become a
    formidable competitor to the once sole giant of the software industry,
    Microsoft. It is expected when the market share of an industry leader
    becomes threatened, retaliation with new product or service offerings and
    marketing campaigns refuting the claims of the new found competition are
    inevitable. However, in the case of Microsoft, it seems they have not
    taken a solid or plausible position on the use of open source applications
    as an alternative to Windows.
    Interview with Brian Wotring, Lead Developer for the Osiris Project
    Brian Wotring is currently the lead developer for the Osiris project and
    president of Host Integrity, Inc.He is also the founder of knowngoods.org,
    an online database of known good file signatures. Brian is the co-author
    of Mac OS X Security and a long-standing member of the Shmoo Group, an
    organization of security and cryptography professionals.
    Guardian Digital Launches Next Generation Secure Mail Suite
    Guardian Digital, the premier open source security company, announced the
    availability of the next generation Secure Mail Suite, the industry's most
    secure open source corporate email system. This latest edition has been
    optimized to support the changing needs of enterprise and small business
    customers while continually providing protection from the latest in email
    security threats.
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    | Host Security News: | <<-----[ Articles This Week ]----------
    * Linux users under threat
    June 24th, 2004
    A newly discovered security hole in Linux, published on an open source
    website, has raised questions about how Linux security issues should be
    handled. The vulnerability could allow malicious users to bring down Linux
    machines with just 24 lines of code, which are available from several open
    source websites and internet news groups.
    * Latest Web services spec tackles application flaws
    June 24th, 2004
    OASIS addressed another layer of security concerns around Web services
    Wednesday when it ratified the Application Vulnerability Description
    Language (AVDL) 1.0 as a standard, the organization's highest level of
    ratification. AVDL is an XML schema that enables security products to
    communicate information about new and existing Web application
    vulnerabilities between themselves, according to AVDL Technical Committee
    co-chairman Kevin Heineman.
    * Secure Development Framework
    June 21st, 2004
    This whitepaper deals with developing a secure framework, both for
    internal and outsourced development. Within this context, secure
    development is considered to be the process of producing reliable, stable,
    bug and vulnerability free software.
    | Network Security News: |
    * Wireless endpoint security: Tie up the loose ends
    June 28th, 2004
    Endpoint security transcends the use of personal firewalls and antivirus
    software. Endpoint devices such as laptops, home-office and remote
    desktops, and Internet-enabled handhelds are some of the biggest headache
    sources for security managers. It's hard enough keeping your in-house
    workstations and servers secure with up-to-date antivirus software and the
    latest patches and updates.
    * Building a Linux Router-Firewall
    June 25th, 2004
    This site is an introduction to simple hardware routers for small networks
    built from old, obsolete hardware and free software. The intended audience
    for this site are Newbies to both Linux and to hardware routers and
    firewalls. Included are instructions for hardware assembly and software
    configuration. One page is a primer for Network security and discusses
    Firewalls, Anti-Virus and other security tools.
    * HNS Audio Learning Session: The Benefits of SSL VPNs
    June 23rd, 2004
    Secure Sockets Layer (SSL) Virtual Private Networks are quickly gaining
    popularity as serious contenders in the remote-access marketplace.
    Analysts predict that products based on SSL VPN technology will rival - or
    even replace - IP Security Protocol (IPSec) VPNs as remote-access
    * Stealth wallpaper could keep WLANs secure
    June 21st, 2004
    UK defence contractor BAE Systems has developed a stealth wallpaper to
    beat electronic eavesdropping on company Wi-Fi networks. The company has
    produced panels using the technology to produce a screen that will prevent
    outsiders from listening in on companies' Wi-Fi traffic but let other
    radio and mobile phone traffic get through.
    | General Security News: |
    * Book Review: HackNotes Network Security Portable Reference
    June 25th, 2004
    The HackNotes series quickly became one of the best selling titles in the
    computer security publishing sector. With some great marketing, mostly
    derived from the famous Hacking Exposed titles, it wasn't a tough job for
    Foundstone staffers to create this series of successful portable reference
    publications. Today I'm taking a look at one of the HackNotes titles that
    is concentrated on Network Security.
    * Security qualification makes the grade
    June 24th, 2004
    IT departments looking to hire new staff will be interested to learn that
    one of the world's leading security qualifications, the CISSP (certified
    information systems security professional), has become the first in the
    industry to meet the new ISO/IEC 17024 standard. The 17204 benchmark was
    launched last year by the International Standards Organization as a way of
    assessing whether qualifications across a range of professions could
    demonstrate minimum standards.
    * Secure Web Based Mail Services
    June 23rd, 2004
    There used to be a time when secure e-mail management was simple.
    "Managing" meant sorting through your e-mail messages and putting them
    into appropriate folders. Secure e-mail back then meant using a simple
    password for e-mail access. However, today, with e-mail being a
    business-critical application, more threats against e-mail than ever
    before, and government regulatory concerns, secure e-mail management takes
    on a whole different meaning.
    * City firms still failing to guard WLans
    June 22nd, 2004
    Businesses in Europe's leading financial centres are failing to secure
    their wireless access points despite the risk of "drive-by" hacking. More
    than 33% of businesses surveyed in London, Milan, Paris and Frankfurt are
    still making fundamental security mistakes, research by RSA Security
    * Akamai Attack Reveals Increased Sophistication
    June 22nd, 2004
    An attack last week against Akamai Technologies Inc. demonstrated the
    disruption of key Web site activity that a well-placed assault on the
    Internet's Domain Name System can cause. The incident also revealed a
    troubling capability on the part of hackers to target core Internet
    infrastructure technologies, security experts said.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Tue Jun 29 2004 - 08:52:49 PDT