[ISN] Linux Security Week - February 28th 2005

From: InfoSec News (isn@private)
Date: Tue Mar 01 2005 - 01:46:55 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  February 28th, 2005                         Volume 6, Number 9n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@private    |
|                   Benjamin D. Thomas      ben@private     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Linux kernel
to include IPv6 firewall," "Automated Patching: An Easier Approach to
Managing Your Network Security," and "Honeypot Project finds decline
in Linux attacks."

---

>> Enterprise Security for the Small Business <<
Never before has a small business productivity solution been
designed with such robust security features.  Engineered with
security as a main focus, the Guardian Digital Internet Productivity
Suite is the cost-effective solution small businesses have been
waiting for.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07

---

LINUX ADVISORY WATCH

This week, advisories were released for emacs, gftp, bidwatcher,
mailman, squid, mod_python, kdeedu, gamin, pcmcia, openssh,
postgresql, gimp, midnight commander, gproftpd, cyrus imap, cups,
kdelibs, xpdf, uim, cpio, and vim.  The distributors include Debian,
Fedora, Gentoo, Mandrake, Red Hat, and SuSE.

http://www.linuxsecurity.com/content/view/118428/150/

---------------

Getting to Know Linux Security: File Permissions

Welcome to the first tutorial in the 'Getting to Know Linux Security'
series.  The topic explored is Linux file permissions.  It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod.  This guide is intended for users new to Linux
security, therefore very simple.

http://www.linuxsecurity.com/content/view/118181/49/

---

The Tao of Network Security Monitoring: Beyond Intrusion Detection

The Tao of Network Security Monitoring is one of the most
comprehensive and up-to-date sources available on the subject. It
gives an excellent introduction to information security and the
importance of network security monitoring, offers hands-on examples
of almost 30 open source network security tools, and includes
information relevant to security managers through case studies,
best practices, and recommendations on how to establish training
programs for network security staff.

http://www.linuxsecurity.com/content/view/118106/49/

---

Encrypting Shell Scripts

Do you have scripts that contain sensitive information like
passwords and you pretty much depend on file permissions to keep
it secure?  If so, then that type of security is good provided
you keep your system secure and some user doesn't have a "ps -ef"
loop running in an attempt to capture that sensitive info (though
some applications mask passwords in "ps" output).

http://www.linuxsecurity.com/content/view/117920/49/

--------

>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------+
| Security News:      | <<-----[ Articles This Week ]----------
+---------------------+

* Knoppix Hacks
  21st, February, 2005

Many people, at least people in the techno-geek world, are familiar
with Knoppix at least far enough to know it is a version of Linux.
Some of those people may even know that it is a portable version of
Linux that is able to boot entirely from the CD without the need for
any installation. But, this book will show those people just how
versatile and powerful a tool Knoppix can be- even for supporting and
maintaining Windows systems.

http://www.linuxsecurity.com/content/view/118393


* HITB E-Zine: Issue #36 Released
  20th, February, 2005

After a nice Chinese New Year break we are pleased to bring you Issue
#36 of the HITB e-zine. This is a pretty interesting issue with an
exclusive article on Red Hat PIE Protection written by Zarul Shahrin
as well as an article on building a simple wireless authenticated
gateway using OpenBSD by Rosli Sukri (member of the HITB CTF
Crew).

http://www.linuxsecurity.com/content/view/118389


* Linux kernel to include IPv6 firewall
  21st, February, 2005

Version 2.6.12 of the Linux kernel is likely to include packet
filtering that will work with IPv6, the latest version of the
Internet Protocol.  Netfilter/iptables, the firewall engine that is
part of the Linux kernel, already allows stateless packet filtering
for versions 4 and 6 of the Internet protocol, but only allows
stateful packet filtering for IPv4. Stateful packet filtering is the
more secure method, since it analyses whole streams of packets,
rather than only checking the headers of individual packets -- as is
done in stateless packet filtering.

http://www.linuxsecurity.com/content/view/118398


* Firewall Builder 2.0.6
  24th, February, 2005

Firewall Builder consists of an object-oriented GUI and a set of
policy compilers for various firewall platforms. In Firewall Builder,
a firewall policy is a set of rules; each rule consists of abstract
objects that represent real network objects and services (hosts,
routers, firewalls, networks, protocols).

http://www.linuxsecurity.com/content/view/118422


* Automated Patching: An Easier Approach to Managing Your Network
Security
  22nd, February, 2005

Patch management is an essential administration task within today's
busy IT networks with the constant threat of new security bugs. Some
companies will wait for an attack before taking necessary action to
protect themselves from further threat whilst others consider
patching as often as possible.

http://www.linuxsecurity.com/content/view/118401


* Security holes affect multiple Linux/Unix products
  23rd, February, 2005

Attackers could launch malicious code by exploiting vulnerabilities
in a file transferring tool used in many Linux and Unix systems,
according to two security firms.

http://www.linuxsecurity.com/content/view/118414


* Zen and the Art of Intrusion Detection
  22nd, February, 2005

If a tree falls in a forest with no-one to hear it, does it make a
sound?	So goes a typical zen-like philosophical question.  While
it's thought-provoking, what does it have to do with Intrusion
Detection Systems (IDS)?  Simple  if you're not there to watch the
tree fall, do you need to know whether it fell or not?	The same
principle applies with IDS.

http://www.linuxsecurity.com/content/view/118402


* Review: Linux Server Security
  23rd, February, 2005

Staying on my current security theme, O'Reilly has published a second
edition of Linux Server Security by Michael D. Bauer. The book,
targeted toward those managing Internet-connected systems, also known
as bastion hosts, packs a powerful arsenal of security design, theory
and practical configuration schemes into 500
pages.

http://www.linuxsecurity.com/content/view/118412


* Oracle wraps top-notch security around Linux
  23rd, February, 2005

Oracle has tightened up the security of a number of its products to
allow customers to use them in critical national infrastructures,
including in conjunction with open source technology from Linux.
Oracle has met the Common Criteria Evaluations at the EAL4 level
the highest industry security level for commercial software for its
Oracle Internet Directory, a middleware component of Oracle Identity
Management; Oracle9i Database release 2; and the Oracle9i Label
Security release 2.

http://www.linuxsecurity.com/content/view/118415


* How to cut patchwork and save a cool $100m
  24th, February, 2005

ccording to Gilligan, a new vulnerability is discovered nearly every
day in the commercial software products the Air Force uses  not just
Microsoft, but also Linux, Oracle and Cisco Systems. "What we are now
reaping is the unfortunate consequence of an era of software
development in the 90s, when the rush to get the product to market
overrode the importance of correctness in the quality of the
software."

http://www.linuxsecurity.com/content/view/118419


* Novell appliance takes security to the edge
  22nd, February, 2005

Novell has developed a Linux-based "perimeter security" hardware
appliance that protects companies against security threats such as
hackers, viruses, worms, spam and network intrusions.  Novell
launched the Novell Security Manager at last week's RSA conference.
It is aimed at small and medium-sized businesses.

http://www.linuxsecurity.com/content/view/118400


* Firefox phishing flaw fixed
  25th, February, 2005

A vulnerability that could allow Web addresses to be spoofed has been
fixed in an updated version of the Firefox browser  The Mozilla
Foundation released an update to the Firefox Web browser on Thursday
to fix several vulnerabilities, including one that would allow domain
spoofing.

http://www.linuxsecurity.com/content/view/118429


* Arkeia Network Backup Agent Remote Access (Exploit?)
  21st, February, 2005

On February 18th, 2005 "John Doe" posted  a remote buffer overflow
exploit for the Arkeia Network Backup Client.  This vulnerability
affected all known versions of the software, going back as far as the
4.2 series (when the company was called Knox). The buffer overflow
occurs when a large data section is sent with a packet marked as type
77. The  Arkeia Network Backup Client is your typical backup agent;
it runs with the highest privileges available (root or LocalSystem)
and waits for a connection from the backup server. The Arkeia client
and server both use TCP port 617 for communication. According to the
SANS ISC, the kids are wasting no time.

http://www.linuxsecurity.com/content/view/118392


* Honeypot Project finds decline in Linux attacks
  24th, February, 2005

Unpatched Linux systems are lasting longer on the internet before
being compromised, according to a study by the Honeynet Project, a
nonprofit group of security professionals that researches online
attackers' methods and motives.  Data from 12 honeynets showed that
the average "life expectancy" of an unpatched Linux system has
increased to three months from 72 hours two years
ago.

http://www.linuxsecurity.com/content/view/118420


* Is variable reponse the key to secure systems?
  21st, February, 2005

Intrusion detection software (IDS) first made a serious impression on
the European security market in the late 1990s. As with vulnerability
scanning products, how good it was depended on where it got its
database from and how often it was updated. IDS then languished for a
few years with little variation. Improvements in alerting,
refinements in detecting false positives and more enterprise
scalability were the notable developments.

http://www.linuxsecurity.com/content/view/118394


* Linux For The Future
  22nd, February, 2005

Red Hat spent last week trying to get customers to expect more from
Linux, talking up the release of the first version of its operating
system based on the 2.6 Linux kernel. Red Hat Enterprise Linux 4 adds
a number of security, scalability, desktop, and management features.

http://www.linuxsecurity.com/content/view/118399


* Insecure ISP Support Is No Help at All
  23rd, February, 2005

Hello, this is officer support of the ISP Police Department. You say
you're worried that someone might try to steal your car? OK, I'm
going to try to troubleshoot this problem for you, but I need you to
do two things.	First, I'm going to need you to bring your car down
so we can check it out. But I want you to park your car in a poorly
lighted lot in a shady part of town. Trust me, we handle this kind of
thing all the time.

http://www.linuxsecurity.com/content/view/118413


* Feds square off with organized cyber crime
  24th, February, 2005

Computer intruders are learning to play well with others, and that's
bad news for the Internet, according to a panel of law enforcement
officials and legal experts speaking at the RSA Conference in San
Francisco last week. Christopher Painter, deputy director of the
Justice Department's computer crime section, spoke almost
nostalgically of the days when hackers acted "primarily out of
intellectual curiosity." Today, he says, cyber outlaws and serious
fraud artists are increasingly working in concert, or are one and the
same. "What we've seen recently is a coming together of these two
groups," said Painter.

http://www.linuxsecurity.com/content/view/118421


* Entrepreneur-professor teaches students to stop hackers, viruses,
has lessons for all
  25th, February, 2005

Access the Internet using an unprotected personal computer and a
hacker will be knocking at the door  within about 45 seconds. Do
that with a Web server and in less than 15 minutes, there's a 50-50
chance it's been taken over by someone who can use it to send spam
e-mails all over the world that can be traced back to you.
Hook up that new wireless router you bought at the
consumer-electronics store, use the default settings, and someone can
park outside on the street or sit next door and download porn using
your broadband connection.

http://www.linuxsecurity.com/content/view/118430


* Mesh Networking Soars to New Heights
  19th, February, 2005

Mesh Networking and community  wireless broadband reached new heights
with a world first for Locustworld MeshAP  PRO when a Shadow
microlight aircraft flew over Lincolnshire UK and successfully
tested air to ground mesh networking and voice over broadband. South
Witham	broadband (Lincolnshire UK) joined forces with Make Me
Wireless (Australia) and  using LocustWorld MeshAP PRO and Asterisk
VoIP equipment, seamlessly created air	to ground voice
communications at 2000 feet with the 16 node South Witham community
broadband network.

http://www.linuxsecurity.com/content/view/118387

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Tue Mar 01 2005 - 03:34:38 PST