[ISN] Linux Security Week - June 6th 2005

From: InfoSec News (isn@private)
Date: Wed Jun 08 2005 - 02:05:34 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  June 6th, 2005                             Volume 6, Number 24n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@private    |
|                   Benjamin D. Thomas      ben@private     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "An
Introduction to Securing Linux with Apache, ProFTPd and Samba,"
"Employee Training & Education Can Mitigate Threats," and
"Lack of Confidence in IT Security Industry."

---

## Internet Productivity Suite: Open Source Security ##
Trust Internet Productivity Suite's open source architecture to
give you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced
ideas and methods into their design.

Click to find out more!
http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml

---

LINUX ADVISORY WATCH

This week, advisories were released for qpopper, openssl, php4,
bzip2, ImageMagick, bind, netpbm, gxine, imap4d, elfutils, gnutls,
and postgresql. The distributors include Debian, Fedora, Gentoo,
and Red Hat.

http://www.linuxsecurity.com/content/view/119246/150/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/

---

Introduction: Buffer Overflow Vulnerabilities

Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.

http://www.linuxsecurity.com/content/view/118881/49/

---

Getting to Know Linux Security: File Permissions

Welcome to the first tutorial in the 'Getting to Know Linux Security'
series.  The topic explored is Linux file permissions.  It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod.  This guide is intended for users new to Linux
security, therefore very simple.

http://www.linuxsecurity.com/content/view/118181/49/

--------

>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Security News:      | <<-----[ Articles This Week ]----------
+---------------------+

* What is the point of encryption if you don.t know who for?
  30th, May, 2005

Dr. Walter, Head of Cryptography for Comodo Inc. and chair of the
Trusted Computing Group (TCG) Peripheral Working Group, has clarified
the relationship between encryption and authentication. The blurred
definition to date has split the Certificate Authority industry into
two groups. Authorities such as Comodo and VeriSign compete head to
head, to deliver high assurance digital certificates whilst other
groups concentrate on the low assurance
market.

http://www.linuxsecurity.com/content/view/119220


* Sentry CD - A different firewall approach
  30th, May, 2005

If you want to set up a Linux-based firewall, there's no need to run
a bloated distribution that installs everything but the kitchen sink.
If you are not afraid to get your hands dirty, and like having total
control over your system, then Sentry Firewall CD (SFCD) is just what
you need. It is a highly configurable, bootable CD that takes a
minimalist approach to firewalling.

http://www.linuxsecurity.com/content/view/119221


* Many unaware of browser-security link
  1st, June, 2005

Many American online computer users are unaware that choice of
browser affects Internet security, and few switch browsers even when
they know the risk, a Norwegian study said Monday.

http://www.linuxsecurity.com/content/view/119226


* Network Security to Take Top Spot
  1st, June, 2005

Criminals aren't the only ones benefiting from the onslaught of
threats that bombard corporate networks. Security vendors are also
reaping the benefits.

http://www.linuxsecurity.com/content/view/119234


* Zombie machines used in 'brutal' SSH attacks
  2nd, June, 2005

It's a tedious activity that can put the best of IT administrators to
sleep. But as security and compliance manager for a large U.S.
healthcare organization, Adam Nunn has learned to study his network
activity logs religiously. He knows that when the bad guys work
overtime to break his defenses, those logs can be the first sign of
trouble.

http://www.linuxsecurity.com/content/view/119238


* An Introduction to Securing Linux with Apache, ProFTPd and Samba
  2nd, June, 2005

While the vast majority of Linux users are hard-core techies, some
may be using Linux because they want to try something new, are
interested in the technology, or simply cannot afford or do not want
to use Microsoft Windows.

http://www.linuxsecurity.com/content/view/119236


* Review: FreeBSD 5.4
  1st, June, 2005

One of the oldest Unix-like operating systems, FreeBSD, continues its
advancement with the sixth release in the FreeBSD-5 series. Its
developers have added nothing major, but have made many
modifications, fixing a number of problems introduced in previous
releases. FreeBSD 5.4 is the best release since 5.1, but it still may
not be ready for prime time.

http://www.linuxsecurity.com/content/view/119225


* A good morning with: Theo de Raadt
  2nd, June, 2005

Everybody know that you're the OpenBSD and OpenSSH GURU and creator,
one of most famous and used secure operating system nowaday. Why you
created them? What did you need many years ago from os world when you
created OpenBSD? What inspired you to write from scratch OpenBSD and
OpenSSH?

http://www.linuxsecurity.com/content/view/119235


* Employee Training & Education Can Mitigate Threats
  31st, May, 2005

Many Internet threats are easily avoidable and just executed by
employees who are simply unaware of their presence. Once briefed on
basic Internet security, it is equally important to keep your
employees educated as well. When new threats arise, send out memos
alerting each employee of the threat, how to identify it, and what to
do if and when they have it,. says security expert and Guardian
Digital CEO Dave Wreski.

http://www.linuxsecurity.com/content/view/119223


* Security Action Plans
  1st, June, 2005

Centralization, automation, problem prioritization--many IT-security
professionals are embracing those concepts as they fight off the
never-ending onslaught of threats. Security products can help
businesses stem the flood of vulnerabilities, but IT teams also have
to put in place processes to ensure that they're responding
appropriately and being proactive in warding off potential dangers.
Fact is, some companies spend too much on some parts of their
organization and not enough on more-vulnerable areas.

http://www.linuxsecurity.com/content/view/119227


* Fedora Directory Server Now Available To The Open Source Community
  1st, June, 2005

The Fedora Project, a Red Hat-sponsored and community-supported, open
source collaboration project, today announced at the Red Hat Summit
the availability of Fedora Directory Server. By making Fedora
Directory Server freely available to the open source development
community, Red Hat is enabling and encouraging the development of
secure, enterprise technologies and providing customers and partners
with increased choice. The availability of Fedora Directory Server
licensed under the GPL underscores Red Hat's true commitment to open
source innovation.

http://www.linuxsecurity.com/content/view/119229


* How to crack passwords, and why you should
  2nd, June, 2005

Auditing passwords is a worthwhile venture, particularly in an
environment that deals with sensitive information. Because systems
encrypt passwords when they store them, you really can't properly
judge the strength of a password unless you try to crack it.

http://www.linuxsecurity.com/content/view/119237


* Hackers target voice over IP
  2nd, June, 2005

Service providers need to focus more resources on voice over IP
(VoIP) security if they are to provide the level of reliability and
trust that subscribers have come to expect with traditional telephone
services, analysts have warned.

http://www.linuxsecurity.com/content/view/119239


* Yahoo!, Cisco Combine Antispam Efforts
  2nd, June, 2005

Network equipment maker Cisco Systems Inc. and Internet portal Yahoo
Inc. are combining their efforts to combat e-mail spam and forgery in
a step that's expected to help expand adoption of the technology.

http://www.linuxsecurity.com/content/view/119240


* Lack of Confidence in IT Security Industry
  3rd, June, 2005

IT Security industry needs to convince citizens of its
trustworthiness and the robustness of their products if it works to
win a slice of the project associated with the introduction of ID
cards.

http://www.linuxsecurity.com/content/view/119247


* US biometric ID request raises ID concern in UK
  30th, May, 2005

The UK government plans to issue its ID card as a passport with
biometric identifiers stored in a chip . and the US wants those chips
to be compatible with its own scanners, raising the possibility that
US agencies could have access to the ID Card database.

http://www.linuxsecurity.com/content/view/119219


* Cybersecurity czar will have hard road ahead
  2nd, June, 2005

A spending bill likely to be passed this month will give the
Department of Homeland Security's chief cybersecurity officer more
clout but will not solve major issues in how the agency handles its
job of protecting the nation's critical infrastructure, security
experts said this week.

http://www.linuxsecurity.com/content/view/119245


* On the track of script-kid terrorists
  31st, May, 2005

CYBER terrorism is almost a dirty word among elite computer security
professionals, and there's a high risk of being ridiculed if you use
it in their midst.

http://www.linuxsecurity.com/content/view/119222


* Israeli Police Charge 18 With Industrial Espionage
  31st, May, 2005

Eighteen people have been arrested in one of Israel's largest
industrial espionage schemes, police said Sunday, charging that
business executives and private investigators used sophisticated
software to infiltrate competitors' computers. The investigation
implicated a car importer, two cell phone providers, and the nation's
main satellite television company. Police said they were still
sifting through documents and computer files to figure out the extent
of the damage, but maintained that victims lost competitive bids and
thousands of customers because of the spying.

http://www.linuxsecurity.com/content/view/119224


* Hackers, Spammers Partner Up To Wreak Havoc
  3rd, June, 2005

A one-two-three assault of disparate spammer and hacker groups in the
last 24 hours bodes nothing but ill for users, a security expert said
Thursday.

http://www.linuxsecurity.com/content/view/119248


* New hack cracks 'secure' Bluetooth devices
  3rd, June, 2005

Cryptographers have discovered a way to hack Bluetooth-enabled
devices even when security features are switched on. The discovery
may make it even easier for hackers to eavesdrop on conversations and
charge their own calls to someone else.s cellphone.

http://www.linuxsecurity.com/content/view/119250
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------




_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Wed Jun 08 2005 - 10:04:32 PDT