+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 27th, 2004 Volume 5, Number 38n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin D. Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Sawing Linux Logs with Simple Tools," "Open source wireless tools emerge," and "Security Still A Worry As WLANs Expand." ---- >> Crypto Challenge VI has begun << Be the first to crack the code and win a Sony DCRHC40 MiniDV Digital Handycam Camcorder. More prizes in the weekly Lunch Hour Challenge - make sure you check the site regularly. CLICK HERE to sign up NOW http://ad.doubleclick.net/clk;10740242;10262156;m ---- LINUX ADVISORY WATCH: This week, advisories were released for lukemftpd, cvs, Heimdal, mpg123, SnipSnap, Foomatic, CUPS, and login_radius. The distributors include Debian, FreeBSD, Gentoo, Mandrake, OpenBSD, and Suse. http://www.linuxsecurity.com/articles/forums_article-9931.html AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. http://www.linuxsecurity.com/feature_stories/feature_story-173.html ---- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html ---- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Hardening the PAM framework September 25th, 2004 In yesterday's article we began looking at how PAM can securely authenticate Windows users. Today we'll check the PAM framework, harden the basic services that we expect to authenticate to, and look at new PAM modules that might make our systems more secure. http://www.linuxsecurity.com/articles/documentation_article-9939.html * Sawing Linux Logs with Simple Tools September 24th, 2004 So there you are with all of your Linux servers humming along happily. You have tested, tweaked, and configured until they are performing at their peak of perfection. Users are hardly whining at all. Life is good. You may relax and indulge in some nice, relaxing rounds of TuxKart. After all, you earned it. http://www.linuxsecurity.com/articles/documentation_article-9930.html * Hardening Linux authentication and user identity September 23rd, 2004 PAM is an authentication mechanism that originated on Solaris, but is used on various systems, including Linux. The Linux PAM implementation allows a system administrator to choose how users authenticate to various services. New modules can be added by an administrator at any time, offering overall flexibility in how authentication happens. http://www.linuxsecurity.com/articles/documentation_article-9922.html * SpamAssassin sports new open-source license September 23rd, 2004 Project leaders for the widely used software chose to enter the fold of the Apache Software Foundation to take advantage of the nonprofit group's legal and technical resources. To make the move, SpamAssassin had to adopt the Apache License. http://www.linuxsecurity.com/articles/vendors_products_article-9927.html +------------------------+ | Network Security News: | +------------------------+ * Open source wireless tools emerge September 23rd, 2004 The wireless development landscape differs from the wired world in a number of ways. For one thing, the dominance of handheld device manufacturers and proprietary OS makers has meant that open source projects for wireless connectivity have been slow to take off. But now this sector is showing some signs of life. http://www.linuxsecurity.com/articles/security_sources_article-9924.html * Are Firewalls Useful? And Another Thing... September 23rd, 2004 If you ever feel in need of a lesson in humility, try reading through the TCP/IP RFCs and related literature. I have two questions I have no idea how to answer but rather naively expected that reading this material would help. It didn't, in truth because I didn't understand most of it; so now I'm asking you to explain the issues to me. http://www.linuxsecurity.com/articles/firewalls_article-9919.html * Security Still A Worry As WLANs Expand: Survey September 22nd, 2004 About half the companies responding to the survey said that security was the chief concern preventing growth of WLANs. However, about 84 percent of the companies that have deployed WLANs said they have not suffered from security breaches. http://www.linuxsecurity.com/articles/network_security_article-9904.html +------------------------+ | General Security News: | +------------------------+ * Open Source VoIP Ready For Its Close Up September 25th, 2004 Open Source Voice over IP (define) is ready for its close up. Asterisk, a popular Voice over IP PBX (define), has released version 1.0.0. http://www.linuxsecurity.com/articles/forums_article-9938.html * European Companies Join In Boosting Linux Security September 24th, 2004 A consortium of European companies, including Linux-distributor Mandrakesoft, has been awarded a three-year, $8.6 million contract to boost security of the open-source Linux operating system, the companies said Thursday. http://www.linuxsecurity.com/articles/projects_article-9934.html * Insiders Weigh Law Banning Wireless Spam September 24th, 2004 In less than a month, it will be illegal to send commercial messages to any Internet domain associated with wireless messaging subscription services. http://www.linuxsecurity.com/articles/network_security_article-9929.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Tue Sep 28 2004 - 04:14:32 PDT