+--------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 2, 2004 Volume 5, Number 31n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +--------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "A Database Encryption Solution", "Wireless access security scheme gets tryout", "E-commerce attack is imminent, warn security experts" and "Linux in Government: Unseating Incumbents" ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn04 ---- LINUX ADVISORY WATCH: This week, advisories were released for MMDF, Mozilla, kernel, php4, webmin, samba, ethereal, l2tpd, mailman, httpd, libxml2, wv, php, Unreal, Opera, mod_ssl and freeswan. The distributors include SCO Group, Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware and Suse. http://www.linuxsecurity.com/articles/forums_article-9542.html ---- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html --------------------------------------------------------------------- Security Expert Dave Wreski Discusses Open Source Security LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian Digital, Inc. and respected author of various hardened security and Linux publications, to talk about how Guardian Digital is changing the face of IT security today. Guardian Digital is perhaps best known for their hardened Linux solution EnGarde Secure Linux, touted as the premier secure, open-source platform for its comprehensive array of general purpose services, such as web, FTP, email, DNS, IDS, routing, VPN, firewalling, and much more. http://www.linuxsecurity.com/feature_stories/feature_story-170.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Survey Results Show Few Linux Security Problems August 2nd, 2004 Other research companies, such as Denmark-based Acunia, have released surveys that report very different results found by those at Evans. Some of these reports note that Windows and Linux are equally secure. Petreley called these findings "erroneous." http://www.linuxsecurity.com/articles/host_security_article-9573.html * Linux Gets Host Application Security July 28th, 2004 When it comes to security, telling applications what they're allowed to do can be a useful antidote to today's unending software vulnerabilities. Simply put, host-based application security allows applications to only perform or communicate in prescribed ways. http://www.linuxsecurity.com/articles/host_security_article-9555.html * A Database Encryption Solution July 28th, 2004 Security is becoming one of the most urgent challenges in database research and industry, and there has also been increasing interest in the problem of building accurate data mining models over aggregate data, while protecting privacy at the level of individual records. Instead of building walls around servers or hard drives, a protective layer of encryption is provided around specific sensitive data-items or objects. http://www.linuxsecurity.com/articles/server_security_article-9559.html +------------------------+ | Network Security News: | +------------------------+ * Data Integrity =96 The Unknown Threat July 30th, 2004 Much of the attention commanded by computer security issues focuses on threats from external sources. Firewalls and perimeter defense tools are deployed to deny unauthorised entry to the network. Experts look for vulnerabilities and ways to ensure that the perimeter cannot be breached. http://www.linuxsecurity.com/articles/security_sources_article-9568.html * Wireless access security scheme gets tryout July 29th, 2004 Paul Wouter of Xelerence Corp. of Canada, is a fan of IPsec. The company maintains and develops Opswan, the Linux IPsec implementation, and he thinks IPsec should be the default tool for wireless connections. Wouter used the Black Hat Briefings this week to test a prototype IPsec wireless authentication scheme called WaveSEC for Windows clients. http://www.linuxsecurity.com/articles/network_security_article-9566.html * Secure programming with the OpenSSL API July 29th, 2004 Learning how to use the API for OpenSSL -- the best-known open library for secure communication -- can be intimidating, because the documentation is incomplete. Fill in the gaps, and tame the API, with the tips in this article. After setting up a basic connection, see how to use OpenSSL's BIO library to set up both a secured and unsecured connection. http://www.linuxsecurity.com/articles/documentation_article-9567.html * Other People's Wi-Fi July 27th, 2004 If you come across an unencrypted, unprotected Wi-Fi signal that isn't yours, do you have a right to use it? That's the question I faced a couple of weeks back, when I sat down in my Dad's living room in his fifth-floor apartment in lovely Queens, N.Y. - home of Archie Bunker, Harry Houdini's grave, the Ramones, and the New York Mets (motto: "At least we're not the Montreal Expos.") http://www.linuxsecurity.com/articles/privacy_article-9554.html * E-commerce attack is imminent, warn security experts July 26th, 2004 A surge in internet scanning activity in the past week could indicate a fresh wave of attacks on e-commerce servers, UK-based web services company Netcraft warned. The firm has detected a surge in scans of port 443, used by Secure Sockets Layer (SSL), a technology designed for securely transmitting financial data such as e-commerce transactions. http://www.linuxsecurity.com/articles/general_article-9545.html +------------------------+ | General Security News: | +------------------------+ * Linux in Government: Unseating Incumbents July 30th, 2004 Despite the riotous cheerleading occuring among Democrats in Boston this week and that soon to occur among Republicans in New York, it's the summer doldrums in a still flat technology market. At times like this, you can imagine tumbleweeds rolling by as the saloon doors flap and creek to stillness. http://www.linuxsecurity.com/articles/vendors_products_article-9572.html * Are P2P networks leaking military secrets? July 30th, 2004 A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella. http://www.linuxsecurity.com/articles/government_article-9571.html * The best-laid plans for protecting your data in a power failure July 29th, 2004 Case in point, on Aug. 14, 2003, at about 4:20 p.m. EST, the power went out across much of the Northeastern U.S., affecting an estimated 50 million people. Since the outage occurred on a weekday afternoon, businesses were in the midst of conducting their routine activities and transactions, with most using computers. http://www.linuxsecurity.com/articles/general_article-9564.html * Survey Says Linux Hacks Are Rare July 29th, 2004 Adding more fuel to the Linux vs. Windows fire, a research firm released a survey Wednesday that noted only 8% of Linux developers had ever seen a virus infect their systems. Evans Data, a research firm that regularly polls developers, surveyed 500 Linux developers. An overwhelming majority--92%--claimed that their machines had never been infected by malicious code, and fewer than 7% said that they'd been the victims of three of more hacker intrusions. http://www.linuxsecurity.com/articles/general_article-9562.html * Cybersecurity experts wanted July 26th, 2004 New worries about national cybersecurity are prompting government officials to press colleges for rigorous curricula that train future cyberprotectors. More educational programs, and up-to-date classes that adapt quickly to new needs in cybersecurity, were among suggestions at a hearing in the House Science Committee Wednesday. http://www.linuxsecurity.com/articles/government_article-9547.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Wed Aug 04 2004 - 15:57:50 PDT