+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 15th, 2004 Volume 5, Number 45n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin D. Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Sloppy Sysadmins Leave Linux Security Lacking," "CLASS 5 Automated Vulnerability Remediation," and "Building a LAMP Server w/ LDAP Authentication." ---- >> LinuxSecurity.com Version 2 << Get ready ... the new LinuxSecurity.com site will soon be revealed. The same great content you've come to expect with a whole new look and great new features. A sneak preview is coming soon! ---- LINUX ADVISORY WATCH: This week, advisories were released for xpdf, libtiff3, sasl, shadow, ruby, freeam, gzip, libgd1, gnats, libgd2, Gallery, ImageMagick, zgv, mtink, Apache, pavuk, samba, libxml, webmin, and speedtouch. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, and Trustix. http://www.linuxsecurity.com/articles/forums_article-10247.html Mass deploying Osiris Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel. http://www.linuxsecurity.com/feature_stories/feature_story-175.html >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Sloppy Sysadmins Leave Linux Security Lacking November 12th, 2004 Linux has gaping security holes caused by systems administrators who either can't or won't keep up with the latest patches, according to a report from British security firm mi2g. http://www.linuxsecurity.com/articles/server_security_article-10248.html * Say hello to the 'time bomb' exploit November 12th, 2004 Prepare yourself for "time bomb" exploits that attack web-based systems at a pre-determined time. http://www.linuxsecurity.com/articles/network_security_article-10249.html * Security pros bemoan need for tactical focus November 12th, 2004 Operational and tactical considerations continue to dominate the IT security agenda, despite a growing need for more strategic approaches to data protection, said attendees at the Computer Security Institute's annual conference here this week. http://www.linuxsecurity.com/articles/general_article-10251.html * Exclusive interview of DK Matai with Linux/Security Pipeline November 12th, 2004 This exclusive interview with Mitch Wagner and Tom Dunlap at Security Pipeline in California succeeded the mi2g Intelligence Unit's response to Matthew McKenzie and Scott Finnie on 6th November to the Linux Pipeline article "Experts Challenge mi2g security study" authored by Tom Dunlap and published on 5th November. http://www.linuxsecurity.com/articles/forums_article-10250.html * CLASS 5 Automated Vulnerability Remediation November 11th, 2004 CLASS 5 AVR (Automated Vulnerability Remediation) is a tiered architecture platform that provides customizable and automated remediation capabilities based on user-defined action policies when vulnerabilities are reported. http://www.linuxsecurity.com/articles/host_security_article-10244.html * Guardian Digital Offers Free Sarbanes Assessment November 10th, 2004 Guardian Digital, Inc., the world's premier provider of open source security solutions, today announced the launch of a new initiative aimed at helping companies assess their network-readiness in meeting Sarbanes-Oxley (SOX) legislation requirements. http://www.linuxsecurity.com/articles/vendors_products_article-10240.html * The reality of virtual servers November 9th, 2004 Server virtualization is one of those rare technologies that sounds too good to be true, but it's real. Its earliest use was to consolidate underutilized server hardware onto a smaller number of machines. Since those early days, it has grown into a multipurpose solution that enables greater reliability, improved management, and other benefits that make it an all-but-indispensable tool for enterprise datacenter administrators. http://www.linuxsecurity.com/articles/general_article-10230.html * Recovering From an Attack November 8th, 2004 No matter the size of your network, sooner or later you'll have to clean up an infected machine. Recovery from an attack can be daunting, but following some simple steps will make it less painful. http://www.linuxsecurity.com/articles/security_sources_article-10220.html +------------------------+ | Network Security News: | +------------------------+ * Cisco Beefs Up WLAN Security November 10th, 2004 Cisco Systems Wednesday unveiled a line of enterprise-grade multi-band wireless access points that include beefed up security. It also said it is adding intrusion detection capabilities for its entire Structured Wireless-Aware Network (SWAN) wireless LAN framework. http://www.linuxsecurity.com/articles/vendors_products_article-10238.html * Is Gap Growing Between Security Haves and Have-Nots? November 9th, 2004 Patch management, compliance and vulnerability management all vied for the attention of attendees on Monday at the Computer Security Institute's annual Computer Security conference here. However, some security professionals worried about a new digital divide: large enterprises that can afford security and small companies that can't. http://www.linuxsecurity.com/articles/security_sources_article-10232.html * Building a LAMP Server w/ LDAP Authentication November 9th, 2004 This tutorial is designed to guide you through the initial steps of setting up an Apache, MySQL, and PHP server on Linux which will utilize an external LDAP server for authenticating users. The server will be able to use either Apache's authentication process (i.e. via httpd.conf), or PHP's (i.e. coded into your app). http://www.linuxsecurity.com/articles/documentation_article-10227.html * Interview: The men behind ettercapNG November 9th, 2004 In 2001 two Italians released the first beta version of ettercap, a network protocol analyzer. This summer they released ettercapNG, which was completely rewritten from scratch with better, modular code, making it easier to add new features and write and submit patches. Ettercap is now covered in most security books. http://www.linuxsecurity.com/articles/projects_article-10228.html * Prevention Methods Shore Up Wireless LAN Defenses November 8th, 2004 Security developers took more than a decade to move from intrusion detection to intrusion prevention in the world of wired networking. But in the fast-paced wireless space, vendors are already jumping on prevention as the first step in security. http://www.linuxsecurity.com/articles/network_security_article-10223.html +------------------------+ | General Security News: | +------------------------+ * IT Managers Have False Sense Of Security November 15th, 2004 Corporate IT managers are a bit bi-polar when it comes to network security, said a survey released this week at the Computer Security Institute's annual conference in Washington, D.C. Just as an overwhelming majority of IT execs think that their networks are safer than they were a year ago, an even larger percentage admit in that attacks are on the rise. http://www.linuxsecurity.com/articles/network_security_article-10252.html * Security company defends Linux-is-vulnerable survey November 11th, 2004 A UK security company has published an open letter following a furore in the Linux camp after a study claimed that nearly two thirds of successful Internet-based attacks occurred on the open source operating system. http://www.linuxsecurity.com/articles/general_article-10246.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Nov 16 2004 - 06:36:27 PST