+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 16, 2004 Volume 5, Number 32n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Image flaw pierces PC security", "OpenVPN 101: introduction to OpenVPN", "SSH Authentication: A Basic Overview", and "Wi-Fi hacking, a primer" ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04 ---- LINUX ADVISORY WATCH: This week, advisories were released for apache, Cfengine, Courier, Ethereal, Gaim, glibc, gnome-vfs, gv, imagemagick, kernel, libpng, libpng10, mozilla, MPlayer, Nessus, Opera, PuTTY, Roundup, sox, SpamAssassin, squirrelmail, and shorewall. http://www.linuxsecurity.com/articles/forums_article-9620.html ---- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html --------------------------------------------------------------------- Security Expert Dave Wreski Discusses Open Source Security LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian Digital, Inc. and respected author of various hardened security and Linux publications, to talk about how Guardian Digital is changing the face of IT security today. Guardian Digital is perhaps best known for their hardened Linux solution EnGarde Secure Linux, touted as the premier secure, open-source platform for its comprehensive array of general purpose services, such as web, FTP, email, DNS, IDS, routing, VPN, firewalling, and much more. http://www.linuxsecurity.com/feature_stories/feature_story-170.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Image flaw pierces PC security August 11th, 2004 Six vulnerabilities in a common code that handles an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X. The security issues appear in a library supporting the portable network graphics (PNG) format, used widely by programs such as the Mozilla and Opera browsers and various e-mail clients. http://www.linuxsecurity.com/articles/host_security_article-9610.html * Secure Your Workplace When Going On Vacation August 10th, 2004 In the northern hemisphere, the long-awaited summer holidays are just around the corner for many workers. The longer days and warmer weather will see many people taking a well-earned break from the office. But leaving computers unattended for a few days can also be a problem unless you take the right precautions. http://www.linuxsecurity.com/articles/host_security_article-9604.html * Spam Blocking Techniques August 10th, 2004 Recent analyst estimates indicate that over 60 percent of the world's email is unsolicited email, or "spam." Spam has now become a significant security issue and a massive drain on financial resources. In fact, this deluge of spam costs corporations an estimated $20 billion each year in lost productivity. http://www.linuxsecurity.com/articles/general_article-9605.html +------------------------+ | Network Security News: | +------------------------+ * Wi-Fi hacking, a primer August 13th, 2004 Wi-Foo: The Secrets of Wireless Hacking is a new technical tome about the security (and insecurity) if 802.11 standards. Written by three security consultants with a history roaming the occult worlds of encyrption and hackery, the book is not for dabblers or those who blush at the site of a UNIX prompt. http://www.linuxsecurity.com/articles/network_security_article-9616.html * OpenVPN 101: introduction to OpenVPN August 12th, 2004 This document will introduce OpenVPN as a free, secure and easy to use and configure SSLbased VPN solution. The document will present some simple (and verified) scenario's that might be useful for preparing security/networking labs with students, for creating a remote access solution or as a new project for the interested home user. http://www.linuxsecurity.com/articles/network_security_article-9611.html * Security Cavities Ail Bluetooth August 9th, 2004 Serious flaws discovered in Bluetooth technology used in mobile phones can let an attacker remotely download contact information from victims' address books, read their calendar appointments or peruse text messages on their phones to conduct corporate espionage. An attacker could even plant phony text messages in a phone's memory, or turn the phone sitting in a victim's pocket or on a restaurant table top into a listening device to pick up private conversations in the phone's vicinity. http://www.linuxsecurity.com/articles/network_security_article-9599.html * What is fwknop? August 9th, 2004 fwknop stands for "Firewall Knock Operator" and is an upcoming piece of fwknop implements network access controls (via iptables) based on a flexible port knocking mini-language, but with a twist; it combines port knocking and passive operating system fingerprinting to make it possible to do things like only allow, say, Linux-2.4/2.6 systems to connect to your SSH daemon. http://www.linuxsecurity.com/articles/projects_article-9600.html +------------------------+ | Cryptography News: | +------------------------+ * SSH Authentication: A Basic Overview August 11th, 2004 SSH is most commonly used to gain a remote shell, but it can be used for file transfers, to display remote X applications on a local machine, and even to securely connect to services that lack encryption. Unfortunately, many who use it from day to day don't have a good understanding of how it actually works. http://www.linuxsecurity.com/articles/cryptography_article-9609.html +------------------------+ | General Security News: | +------------------------+ * Spam: Made In The U.S.A. August 12th, 2004 Proof that the United States is capitalism's capital, a survey released Thursday said that nearly all the world's spam is spewed by a limited number of hard-core spammers within the U.S. http://www.linuxsecurity.com/articles/privacy_article-9615.html * Interview with Bruce Schneier, Counterpane Internet Security August 12th, 2004 Bruce Schneier, founder and CTO of Counterpane Internet Security, is one of the world's foremost security experts and author of the influential books Applied Cryptography, Secrets & Lies and Beyond Fear. His free monthly newsletter, Crypto-Gram, has over 100,000 readers. Interviewed by Glyn Moody, he discusses the lack of accountability of software companies, security through diversity, and why he would rather re-write Windows than TCP/IP. http://www.linuxsecurity.com/articles/cryptography_article-9613.html * Executive Conversation: Attacking the Phishing Threat - What Every Company Needs to Know August 11th, 2004 By now just about every person with an email inbox has been exposed to a phishing scam. Spoofs are showing up with alarming frequency and to make matters worse, criminals have upped the ante with increasingly sophisticated coding and graphics. http://www.linuxsecurity.com/articles/privacy_article-9608.html * Of course Linux is more secure... August 9th, 2004 In the hacking world the answer would probably be 'NO'. Any idiot can write alter somebody else's code to write a virus or worm for Windows. To try and hack into a Linux box that's been properly set up and is kept patched is extremely difficult... not to say virtually impossible. http://www.linuxsecurity.com/articles/host_security_article-9597.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Aug 17 2004 - 03:34:33 PDT