+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 13th, 2004 Volume 5, Number 36n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin D. Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Defending Against Cross-Site Scripting Attacks," "Linux-based Wi-Fi hot spot on CD," and "Dependence, Risks Drive Demand for Network Security." ---- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 ---- LINUX ADVISORY WATCH: This week, advisories were released for imlib, krb5, and kernel. The distributors include Fedora, Mandrake, and Suse. http://www.linuxsecurity.com/articles/forums_article-9785.html AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. http://www.linuxsecurity.com/feature_stories/feature_story-173.html ---- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Make it & Break It: Defending Against Cross-Site Scripting Attacks. September 13th, 2004 Most Web sites process dynamic content. They take user input from HTTP requests, process the request on the server and then give the user new content. The requests are processed using scripted code (JavaScript, VBScript or Perl, for example) and server components (including CGI, JSP, PHP, COM and ASP.Net). http://www.linuxsecurity.com/articles/security_sources_article-9792.html * Group Policy controls extended to Unix, Linux September 13th, 2004 Microsoft has made no secret of its determination to expand into the data center, but this growth may not happen by the company's own hand. http://www.linuxsecurity.com/articles/vendors_products_article-9795.html * OpenBSDs Theo de Raadt talks software security September 10th, 2004 With security the focus of this year's Australian Unix Users Group (AUUG) conference, OpenBSD founder and project lead Theo de Raadt was invited to speak on exploit mitigation techniques. In an exclusive interview with Computerworld's Rodney Gedda, the man behind an operating system that lays claim to only one remote exploit in the default install in seven years, reveals where we are headed - and how far we have to go - in the search for more secure software http://www.linuxsecurity.com/articles/security_sources_article-9779.html * More big security holes in Linux September 9th, 2004 Open-source developers have warned of serious security holes in two Linux components that could allow attackers to take over a system by tricking a user into viewing a specially-crafted image file or opening an archive. Patches exist for the bugs, which affect LHA and imlib. http://www.linuxsecurity.com/articles/server_security_article-9771.html +------------------------+ | Network Security News: | +------------------------+ * Juniper Incorporates Third-Party Security in SSL VPNs September 8th, 2004 Juniper Networks Inc. is expanding users' security options by opening new interfaces that allow integration of third-party tools with Juniper's line of SSL VPNs Juniper's new Endpoint Defense Initiative works with all NetScreen Secure Sockets Layer VPN appliances, according to officials in Sunnyvale, Calif. http://www.linuxsecurity.com/articles/vendors_products_article-9755.html * Linux-based Wi-Fi hot spot on CD September 8th, 2004 ZoneCD uses a modified version of the Debian Linux distribution called Koppix, which is designed to run from CD and provides automatic hardware detection and configuration. On top of this platform, Public IP provides features needed to run a secure Wi-Fi public hot spot, such as user authentication, a proxy server, content filtering, DNS caching and DHCP and Web server functionality. http://www.linuxsecurity.com/articles/network_security_article-9760.html * Can spammers really exploit wireless networks? September 8th, 2004 A landmark case in America could prove it. A US citizen is thought to have become the first person to be accused of hacking a wireless network in order to send spam. Nicholas Tombros, 37, is charged under the US CAN-SPAM act, which aims to clamp down on unsolicited junk mail. http://www.linuxsecurity.com/articles/network_security_article-9762.html * Dependence, risks drive demand for network security September 8th, 2004 SMALL- to medium-scale enterprises (SMEs), especially those involved in financial and retail services, are being driven by competition and are thus becoming more dependent on the Internet as a business tool. http://www.linuxsecurity.com/articles/network_security_article-9764.html +------------------------+ | General Security News: | +------------------------+ * Hacker communities play cat-and-mouse with security September 10th, 2004 HACKERS worldwide will gradually find it more difficult to hack into computer networks even as their communities continue to grow, according to a German hacker known as Van Hauser. http://www.linuxsecurity.com/articles/network_security_article-9783.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Tue Sep 14 2004 - 03:51:48 PDT