+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 6th, 2004 Volume 5, Number 48n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin D. Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include, Anti-Hacker Tool Kit 2/e, A Secure Network Needs Informed Workers, Network Forensic Tools, and Transcript of the LinuxSecurity.com Launch Chat. --- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn05 --- LINUX ADVISORY WATCH This week advisories were released for java, abiworld, cyrus, squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Trustix, Red Hat, and SuSE. http://www.linuxsecurity.com/content/view/117327/150/ ----- Open Letter to the Linux Security Community With an all new look & feel, organizational changes, security events, and additions to our staff, we hope to better serve the Linux and open source community. Although there are many aesthetic improvements, a major part of our development has focused on creating a content structure and backend system that is easy to update. http://www.linuxsecurity.com/content/view/117288/49/ ----- Mass deploying Osiris Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel. http://www.linuxsecurity.com/content/view/101884/49/ ----- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Anti-Hacker Tool Kit 2/e 2nd, December, 2004 In every day life people do all sorts of things with all sorts of tools. But, do they get it right? Every tool has to be used in a certain manner, and if one doesn=E2=80=99t know how to use it, the result c= an be damage. It's the same is with computer and network security tools. Before you can select the right tools for the job, you have to know what tools are available and learn how to use them. http://www.linuxsecurity.com/content/view/117307 * Unprotected PCs can be hijacked in minutes 30th, November, 2004 Simply connecting to the Internet -- and doing nothing else -- exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. http://www.linuxsecurity.com/content/view/116796 * Network Forensic Tools 3rd, December, 2004 Stage 1: Network-capable initial analysis products for first responders, such as Guidance's EnCase Enterprise Edition and Technology Pathway's ProDiscover. These two products can acquire drive images remotely in a live environment, and their use eliminates the need for the Stage 2 tools. http://www.linuxsecurity.com/content/view/117361 * Hacking tool reportedly draws FBI subpoenas 1st, December, 2004 The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org. http://www.linuxsecurity.com/content/view/117282 +------------------------+ | Network Security News: | +------------------------+ * AirTight Networks announced first Wi-Fi Firewall 1st, December, 2004 AirTight Networks, formerly Wibhu Technologies, announced on Tuesday the availability of SpectraGuard 2.0, the first Wi-Fi firewall to protect enterprise networks from wireless security threats. http://www.linuxsecurity.com/content/view/117287 * Bad, Bad Bots 1st, December, 2004 Automated attacks are coming from unexpected quarters--from across the globe, across town, and most creepily, even from across the hall. According to a recent report from anti-virus vendor Symantec, this year's 450 percent increase in the number of attacks on Windows machines is evidence that automation is proving as efficient for 21st-Century hackers as it did for 20th-Century manufacturers. http://www.linuxsecurity.com/content/view/117295 * Linux Netwosix 1.2 Jinko is released 28th, November, 2004 I'm ready to announce that Linux Netwosix 1.2 is ready. I have completely rebuilt , upgraded and secured the system. Please, read the Announcement Release. Is based on the powerful and reliable Kernel 2.6.9 and has been created for the requirements of every SysAdmin. Nepote contains the updated packages. You can download Netwosix from our Download Center or from one of our mirrors. Thank you! http://www.linuxsecurity.com/content/view/116794 +------------------------+ | General Security News: | +------------------------+ * User knowledge key to good security 1st, December, 2004 Given the continual drive to secure today's enterprises, and in light of National Computer Security Day celebrated this week, Security Pipeline tapped Kathleen M. Coe, Symantec Corp.'s regional education director of education services, for insight on how to foster better user security behavior, as well as how to seed a strong corporate security culture companies require today. http://www.linuxsecurity.com/content/view/117296 * Panelists: A Secure Network Needs Informed Workers 1st, December, 2004 Analysts, law enforcement agents and corporate IT managers focused on surprisingly nontechnical security solutions Tuesday as they discussed the latest risks to corporate networks as part of Ziff Davis Media's online "virtual" tradeshow on security. http://www.linuxsecurity.com/content/view/117286 * Why you should take information security seriously 1st, December, 2004 All of us rely on information every day in just about every aspect of our life. As information is so important, we tend to rank it by its reliability. There are some people whose opinion we trust implicitly on certain matters. We accept as a matter of course that information is only valuable if it is accurate. The most valuable sources of information are those that are seen to be inherently reliable and easy to access. http://www.linuxsecurity.com/content/view/117297 * Federated ID facilitates Web services 1st, December, 2004 Companies looking to make Web services available to business partners and their respective user bases must first figure out how to federate identity. Federated identity management refers to managing access so that only those who have a right to use specific services may do so. http://www.linuxsecurity.com/content/view/117294 * Community Spam Fighting Effort Faces Heat 2nd, December, 2004 Lycos Europe is offering a "screensaver that spams the spammers," using idle computer time to attack sites that have been blacklisted for abusive spamming practices. Monitoring of three of the targets housed on Chinese servers shows that two of the sites, bokwhdok.com and printmediaprofits.biz, have been knocked offline by the attack. A third target, rxmedherbals.info, has remained largely available, with intermittent outages. http://www.linuxsecurity.com/content/view/117308 * Transcript of Launch Chat 2nd, December, 2004 To celebrate the launch of the new LinuxSecurity.com, we hosted a community chat event. It was held yesterday (December 1st 2004) at 4:00pm, and featured several prominent visionaries from the open source community including Jay Beale, Brian Hatch, Paul Vixie, Lance Spitzner, and Dave Wreski. The topics discussed ranged from authentication, patch management, honeypots, virtues of open source, SELinux, as well as others. We are planning another event to held in January; please send us your ideas. (contribute@private) http://www.linuxsecurity.com/content/view/117310 * Follow-up: Lycos pulls anti-spam screensaver from site 3rd, December, 2004 Lycos Europe appeared to have pulled a controversial anti-spam screensaver program from its site on Friday, after coming under fire from both security experts and the spammers themselves. http://www.linuxsecurity.com/content/view/117323 * FBI's Cyber-Crime Chief Relates Struggle for Top Talent 1st, December, 2004 The FBI's inability to recruit and keep the best available IT talent has proven to be one of the biggest challenges facing the government's Internet Crime Complaint Center (I3C), a senior official said Tuesday. http://www.linuxsecurity.com/content/view/117285 * Linux in Government: The Government Open Code Collaborative 3rd, December, 2004 As we celebrate the holiday season and prepare for the next round of legislation, a group of state and local governments has banded together to collect and distribute freely the costly software that normally runs taxpayers $100 billion annually. Called the Government Open Code Collaborative or GOCC.gov, this organization states that its members work together voluntarily to encourage "the sharing, at no cost, of computer code developed for and by government entities where the redistribution of this code is allowed". http://www.linuxsecurity.com/content/view/117322 * Is Cyberterrorism Being Thwarted? 3rd, December, 2004 Recently, there's been increased criticism of the federal government's efforts to secure the Internet. The September departure of Amit Yoran from the Department of Homeland Security was widely cited as indicative of problems that run deep, not just through DHS, but the entire government. While everyone agrees there's much work to do, it's important to recognize the accomplishments of the past few years. http://www.linuxsecurity.com/content/view/117324 * Mobile & Wireless: Security was the Watchword in 2004 1st, December, 2004 It's no surprise that the issue that topped the Wi-Fi agenda in 2004 was the same one that's plagued it almost from its introduction. Security, or rather "lack thereof," was an inherent problem in WEP (Wired Equivalent Privacy), the native security spec in the 802.11 IEEE standard. http://www.linuxsecurity.com/content/view/117283 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Dec 07 2004 - 00:53:16 PST