+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 18th, 2005 Volume 6, Number 16n |
| |
| Editorial Team: Dave Wreski dave@private |
| Benjamin D. Thomas ben@private |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Diffie:
Infrastructure a disaster in the making," "From SATAN to OVAL: The
Evolution of Vulnerability Assessment," and "Taking a swipe at
two-factor authentication."
---
DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software
Understanding the anti-spam solution market and its various choices and
buzzwords can be daunting task. This free whitepaper from Roaring
Penguin Software helps you cut through the hype and focus on the basics:
determining what anti-spam features you need, whether a solution you are
considering includes them, and to what degree.
Find out more!
http://www.roaringpenguin.com/promo/spambuzzwhitepaper.php?id=linuxsecuritywnbuzz0305
---
LINUX ADVISORY WATCH
This week packages were released for axel, gftp, wireless-tools, glibc,
selinux-policy-targeted, kernel, autofs, GnomeVFS, phpMyAdmin,
shorewall, gtk, shareutils, gdk-buf, kdegraphics, dhcp, and gaim. The
distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and
SuSE.
http://www.linuxsecurity.com/content/view/118882/150/
---
Introduction: Buffer Overflow Vulnerabilities
Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.
http://www.linuxsecurity.com/content/view/118881/49/
---
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security'
series. The topic explored is Linux file permissions. It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod. This guide is intended for users new to Linux
security, therefore very simple.
http://www.linuxsecurity.com/content/view/118181/49/
---
The Tao of Network Security Monitoring: Beyond Intrusion Detection
The Tao of Network Security Monitoring is one of the most
comprehensive and up-to-date sources available on the subject. It
gives an excellent introduction to information security and the
importance of network security monitoring, offers hands-on examples
of almost 30 open source network security tools, and includes
information relevant to security managers through case studies,
best practices, and recommendations on how to establish training
programs for network security staff.
http://www.linuxsecurity.com/content/view/118106/49/
--------
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* A federated crypto guy
14th, April, 2005
WHEN budgets get tight, R&D is often one of the first departments to
feel the squeeze.
But at RSA Security, vice-president of research Burt Kaliski and his
team are considered the heart and soul of the business. RSA puts
about 18-20 per cent of its revenue into applied research and
standards development at its research centre, RSA
Laboratories.
http://www.linuxsecurity.com/content/view/118876
* TuxJournal is online!
11th, April, 2005
The first on-line Italian Magazine is on-line. All the Italian
readers can find here a very good source of news and articles about
the OpenSource and Technology World.
http://www.linuxsecurity.com/content/view/118848
* And here's a key to combat hacking
11th, April, 2005
As we rely more on computers, the potential for hackers to hurt us
and destroy our personal records has grown. Corporates and public
networks, instead of individuals face the brunt of hackers.
ingenuity. However, there are ways to build unhackable network.
http://www.linuxsecurity.com/content/view/118845
* Using a Linux failover router
13th, April, 2005
Today, it's hard to imagine an organization operating without taking
advantage of the vast resources and opportunities that the Internet
provides. The Internet's role has become so significant that no
organization can afford to have its Net connection going down for
too long.
http://www.linuxsecurity.com/content/view/118867
* Diffie: Infrastructure a disaster in the making
13th, April, 2005
In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe
for one of today's most widely used security algorithms in a paper
called "New Directions in Cryptography. The paper mapped out the
Diffie-Hellman key exchange, a major advancement in Public Key
Infrastructure (PKI) technology that allows for secure online
transactions and is used in such popular protocols as the Secure
Sockets Layer (SSL) and Secure Shell (SSH). In 2000, they received
the prestigious Marconi Foundation award for their contributions.
http://www.linuxsecurity.com/content/view/118868
* Network monitoring with Nagios
14th, April, 2005
How can a system administrator monitor a large number of machines
and services to proactively address problems before anyone
else suffers from them?
http://www.linuxsecurity.com/content/view/118877
* From SATAN to OVAL: The Evolution of Vulnerability Assessment
15th, April, 2005
With the growing reliance and dependence on our inter-connected
world, security vulnerabilities are a real world issue requiring
focus and attention. Security vulnerabilities are the path to
security breaches and originate from many different areas -
incorrectly configured systems, unchanged default passwords, product
flaws, or missing security patches to name a few. The comprehensive
and accurate identification and remediation of security
vulnerabilities is a key requirement to mitigate security risk for
enterprises.
http://www.linuxsecurity.com/content/view/118886
* Developers Rate Linux More Secure Than Windows In Survey
14th, April, 2005
A new study addressing security issues finds that
software-development managers generally rate Linux as a more secure
operating system than Windows. The study, which will be released by
the end of the month, was conducted by BZ Research, the research
subsidiary of publisher BZ Media LLC. It was not funded by any
vendors.
http://www.linuxsecurity.com/content/view/118875
* Breaking software easier than you think
15th, April, 2005
One reason software security vulnerabilities are so tough to fix is
because they are so hard to find. Unlike other bugs that become
apparent when an application acts up, security holes tend to hide
from normal view. And that's just how the hacker underground likes
it.
http://www.linuxsecurity.com/content/view/118888
* Fortinet in court for hiding Linux in its code
15th, April, 2005
A German court has granted a preliminary injunction against security
firm Fortinet for allegedly violating the general public licence
(GPL) and hiding Linux in its code.
http://www.linuxsecurity.com/content/view/118885
* Cisco: Malicious ICMP messages could cause denial of service
15th, April, 2005
A publicly available document on how to use how the Internet Control
Message Protocol (ICMP) to launch denial-of-service attacks has
prompted Cisco Systems to issue an...
http://www.linuxsecurity.com/content/view/118887
* Taking a swipe at two-factor authentication
11th, April, 2005
An essay in an April trade magazine maintains two-factor
authentication can't counter emerging threats, and that the industry
would be wise to come up with a better solution to the nation's
biggest cyberproblem: identity theft.
http://www.linuxsecurity.com/content/view/118846
* HIPAA Compliance In 30 Days or Less
12th, April, 2005
HIPAA. We are all sick of the acronym by now, and the April 20
compliance deadline for the Health Insurance Portability and
Accountability Act is looming.
http://www.linuxsecurity.com/content/view/118853
* Strategic Security
12th, April, 2005
Christofer Hoff is on a mission. As the director of information
security at Western Corporate Federal Credit Union (WesCorp), Hoff
has launched an initiative to quantify the benefits of information
security spending for business executives at the San Dimas,
Calif.-based company.
http://www.linuxsecurity.com/content/view/118854
* Linux servers praised for security
12th, April, 2005
Software development managers rate Linux significantly higher than
Windows server products for security, according to the latest
research.
http://www.linuxsecurity.com/content/view/118855
* The two-edged sword: Legal computer forensics and open source
12th, April, 2005
Ryan Purita of Totally Connected Security is one of the leading
computer forensic experts in private practice in Canada. He is a
Certified Information Systems Security Professional, holding one of
the most advanced security qualifications in the world.
http://www.linuxsecurity.com/content/view/118860
* First Spam Felony Case Nets 9-Year Jail Term
11th, April, 2005
A Virginia judge sentenced a spammer to nine years in prison Friday
in the nation's first felony prosecution for sending junk e-mail,
though the sentence was postponed while the case is appealed.
http://www.linuxsecurity.com/content/view/118847
* Universities To Aid U.S. Cybersecurity Effort
12th, April, 2005
Experts from a consortium of colleges will lead a far-reaching effort
to keep the nation's computer data safe from cyberattack,
the National Science Foundation announced Monday.
http://www.linuxsecurity.com/content/view/118861
* Linux programmer wins legal victory
14th, April, 2005
A Linux programmer reported a new victory in a German court Thursday
in enforcing the General Public License, which governs countless
projects in the free and open-source software realms.
A Munich district court on Tuesday issued a preliminary injunction
barring Fortinet, a maker of multipurpose security devices, from
distributing products that include a Linux component called "initrd"
that Harald Welte helped write.
http://www.linuxsecurity.com/content/view/118879
* LexisNexis Data on 310,000 People Feared Stolen
12th, April, 2005
Data broker LexisNexis said Tuesday that personal information may
have been stolen on 310,000 U.S. citizens, or nearly 10 times the
number found in a data breach announced last month.
http://www.linuxsecurity.com/content/view/118859
* 180,000 warned credit-card data exposed
14th, April, 2005
Data apparently stolen from the popular clothing retailer Polo Ralph
Lauren Inc. is forcing banks and credit card issuers to notify
thousands of consumers that their credit-card information may have
been exposed.
http://www.linuxsecurity.com/content/view/118880
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Network Security - http://www.auditmypc.com
Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Mon Apr 18 2005 - 05:07:28 PDT