+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 25th, 2005 Volume 6, Number 18n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin D. Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Five Linux Security Myths You Can Live Without," "Configurations that keep your Linux System safe from attack," and "Linux Distribution Tames Chaos." --- DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more! http://www.roaringpenguin.com/promo/spambuzzwhitepaper.php?id=linuxsecuritywnbuzz0305 --- LINUX ADVISORY WATCH This week, advisories were released for MySQL, PHP, libexif, gtkhtml, info2www, geneweb, f2c, XFCE, vixie-cron, at, nasm, aspell, urw-fonts, htdig, alsa-lib, curl, HelixPlayer, cvs, foomatic, monkeyd, mplayer, xloadimage, logwatch, kernel, OpenOffice, and PostgreSQL. The distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE. http://www.linuxsecurity.com/content/view/118951/150/ --- Introduction: Buffer Overflow Vulnerabilities Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities. http://www.linuxsecurity.com/content/view/118881/49/ --- Getting to Know Linux Security: File Permissions Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. http://www.linuxsecurity.com/content/view/118181/49/ --- The Tao of Network Security Monitoring: Beyond Intrusion Detection The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff. http://www.linuxsecurity.com/content/view/118106/49/ -------- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Quantum cryptography: Your security holy grail? 19th, April, 2005 Quantum cryptography . using a private communication channel to lock down the exchange of sensitive data between two points . has to date created much more discussion than it has practical applications. http://www.linuxsecurity.com/content/view/118909 * Five Linux Security Myths You Can Live Without 20th, April, 2005 All distributions are not created equal: Some distros, by default, are very secure; others install with virtually no default security. A good source of independent information on the quality of distro security is www.distrowatch.com, a site that supports the idea that some distros offer better security than others. http://www.linuxsecurity.com/content/view/118929 * Network Scanner Includes Linux Security Checks 21st, April, 2005 GFI Software Ltd., recently announced the release of a new version of its network security scanner, GFI LANguard Network Security Scanner (N.S.S.) 6 that can detect all machines and devices connected to the network via a wireless link. It also alerts administrators when suspicious USB devices are connected to the network. http://www.linuxsecurity.com/content/view/118942 * Can this man save the Net? 22nd, April, 2005 VeriSign is the world's largest digital certificate authority and is steward of the A and J root servers (two of the 13 computers representing the top of the Internet's hierarchy). With 40 percent of North American e-commerce payments going through its gateways, 100 percent of .com registrars running 15 billion queries a day through its system, and 50 percent of North American cellular roamings going through its servers, VeriSign has a significant role in seeing that the Internet infrastructure runs securely. http://www.linuxsecurity.com/content/view/118956 * Cybercrime Wars 20th, April, 2005 In the ethereal world of the Internet, an underground crime war is being silently waged between the cyber-criminals and those trying to stop them. A war that is undermining the interests of corporations and governments worldwide and one that bears no regard for innocent victims. In fact, the victims are purposely targeted, unwittingly press-ganged into becoming foot-soldiers helping to spread spam, attack large companies and unknowingly distribute illegal porn and copyrighted materials. Nowadays, cyber-attacks and automated hacking tools work so fast and efficiently that the enemy is winning. Something needs to be done, as Nick Ray, CEO of Prevx explains. http://www.linuxsecurity.com/content/view/118928 * Cyber attack early warning center begins pilot project 21st, April, 2005 A fledgling nonprofit group working to develop an automated cyber-attack early warning system, the Cyber Incident Detection Data Analysis Center (CIDDAC), is about to begin a pilot project to collect data on network intrusions from a group of companies in national-infrastructure industries. http://www.linuxsecurity.com/content/view/118950 * Configurations that keep your Linux System safe from attack 20th, April, 2005 In this series of articles, learn how to plan, design, install, configure, and maintain systems running Linux in a secure way. In addition to a theoretical overview of security concepts, installation issues, and potential threats and their exploits, you'll also get practical advice on how to secure and http://www.linuxsecurity.com/content/view/118918 * US Government helps Bastille Linux gain assessment functionality 20th, April, 2005 We've just finished adding a major new mission to Bastille Linux -- it now does hardening assessment! The US Government's TSWG helped us add this functionality. http://www.linuxsecurity.com/content/view/118923 * The Five Ps of Patch Management 20th, April, 2005 Security and vulnerability patching has become one of the top concerns for IT managers, but has also left many IT teams fighting a losing battle as the job of patching competes with day-to-day system maintenance and security tasks. http://www.linuxsecurity.com/content/view/118930 * Microsoft to support Linux 21st, April, 2005 Microsoft head Steve Ballmer has promised to add Linux support for the first time in one of its products because, he explained, users need to manage heterogeneous networks. http://www.linuxsecurity.com/content/view/118943 * Mozilla flaws could allow attacks, data access 18th, April, 2005 Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser. http://www.linuxsecurity.com/content/view/118903 * PHP falls down security hole 20th, April, 2005 Servers running PHP are vulnerable to a number of serious security exploits, including some which could allow an attacker to execute malicious code, and denial-of-service exploits, according to the PHP Group. http://www.linuxsecurity.com/content/view/118939 * Linux Distribution Tames Chaos 19th, April, 2005 Chaos, a Linux distribution developed by Australian Ian Latter, harnesses the unused processing power of networked PCs, creating a distributed supercomputer that can crack passwords at lightning speed. http://www.linuxsecurity.com/content/view/118908 * Linux receives pat on the back for security 18th, April, 2005 A recent survey carried out by Evans Data Corporation has revealed that development managers have more faith in Linux as an operating system to guard them against internal attacks than they have in Windows. Over 6,000 development managers were interviewed in the Evans Data Corporation's new Spring 2005 Linux and Development survey. They considered open source software to be more secure with client operating systems; web servers; server operating systems and components and libraries. http://www.linuxsecurity.com/content/view/118896 * Guidelines for Choosing to Outsource Security Management 21st, April, 2005 Outsourcing security is not appropriate for every organization. Some organizations will be better served by deploying and running security management and monitoring solutions. Your organization should use Gartner's Decision Framework to determine whether it is a candidate for MSSP services. It is important to be clear about your organization's expectation of a security outsourcing engagement, and to structure a service-level agreement that reflects those expectations. http://www.linuxsecurity.com/content/view/118949 * Ameritrade Shows Peril of Backup Tapes 22nd, April, 2005 For the second time this year, a high-profile financial company has lost a backup tape containing customer data while shipping the tape to an off-site storage facility. http://www.linuxsecurity.com/content/view/118960 * Retailers feel security heat 22nd, April, 2005 Following several high-profile incidents of data theft, retailers are under increased pressure to clean up their computer security act. http://www.linuxsecurity.com/content/view/118962 * Tackling identity theft 18th, April, 2005 The only way to control today's identity theft epidemic is for consumers, Congress and corporate America to team up. Jim Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C., today told a panel of security experts from eBay, eTrade, RSA Security, Forrester Research and BITS that protecting data is a shared responsibility. "Consumers have to become more perceptive about risks, but companies that use and hold data have a greater responsibility to put procedures and safeguards in place," he said. "Government's responsibility is to make sure this happens and to prosecute the criminals." http://www.linuxsecurity.com/content/view/118902 * Flash Player Worries Privacy Advocates 21st, April, 2005 Macromedia's Flash media player is raising concerns among privacy advocates for its little-known ability to store computer users' personal information and assign a unique identifier to their machines. http://www.linuxsecurity.com/content/view/118947 * Teenagers struggle with privacy, security issues 22nd, April, 2005 High-schools students have a message for their parents: Trust us with technology. Security and privacy? We have it covered. http://www.linuxsecurity.com/content/view/118952 * U.S. Military's Elite Hacker Crew 18th, April, 2005 The U.S. military has assembled the world's most formidable hacker posse: a super-secret, multimillion-dollar weapons program that may be ready to launch bloodless cyberwar against enemy networks -- from electric grids to telephone nets. http://www.linuxsecurity.com/content/view/118904 * NY AG Spitzer Targets Hackers 19th, April, 2005 New York Attorney General Eliot Spitzer has called for tougher penalties on computer criminals. He wants to prosecute people who gain access to computers surreptitiously, but who do not do any harm. The proposed legislation would also make encrypting information a crime if it concealed some other crime. http://www.linuxsecurity.com/content/view/118922 * DSW data theft much larger than estimated 19th, April, 2005 Thieves who accessed a DSW Shoe Warehouse database obtained 1.4 million credit card numbers and the names on those accounts - 10 times more than investigators estimated last month. http://www.linuxsecurity.com/content/view/118913 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Apr 26 2005 - 04:01:52 PDT