[ISN] Linux Security Week - April 17th 2006

From: InfoSec News (isn@private)
Date: Tue Apr 18 2006 - 00:02:32 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  April 17th, 2006                           Volume 7, Number 16n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@private    |
|                   Benjamin D. Thomas      ben@private     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Strengthen
Security with an Effective Security Awareness Program," "Intro Build
your own gateway firewall," and "Technical Foundations of Hacking."

---

EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi

---

EnGarde Secure Community 3.0.5 Released

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.5 (Version 3.0, Release 5). This release includes
several bug fixes and feature enhancements to the Guardian Digital
WebTool and the SELinux policy, and several new packages available
for installation.

http://www.linuxsecurity.com/content/view/121879/65/

---

pgp Key Signing Observations: Overlooked Social and
Technical Considerations

By: Atom Smasher

While there are several sources of technical information on using
pgp in general, and key signing in particular, this article
emphasizes social aspects of key signing that are too often ignored,
misleading or incorrect in the technical literature. There are also
technical issues pointed out where I believe other documentation
to be lacking. It is important to acknowledge and address social
aspects in a system such as pgp, because the weakest link in the
system is the human that is using it. The algorithms, protocols
and applications used as part of a pgp system are relatively
difficult to compromise or 'break', but the human user can often
be easily fooled. Since the human is the weak link in this chain,
attention must be paid to actions and decisions of that human;
users must be aware of the pitfalls and know how to avoid them.

http://www.linuxsecurity.com/content/view/121645/49/

---

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Security News:      | <<-----[ Articles This Week ]----------
+---------------------+

* Strengthen Security with an Effective Security Awareness Program
  12th, April, 2006

Awareness programs shouldn't be confused with training. Training
deals with developing specific skill sets. The objective of awareness
programs is to focus the attention of employees on maintaining the
confidentiality, integrity, and availability of information assets.
It allows them to recognize IT security concerns and respond
appropriately (Wilson and Hash, 2003).

http://www.linuxsecurity.com/content/view/122320


* SearchSecurity.com's Intrusion Defense School
  14th, April, 2006

Your organization's ability to fend off spyware, viruses and
increasingly savvier attacks hinges on the strength and cohesion of
your intrusion defense strategy. Intrusion Defense School puts the
pieces of intrusion defense -- antivirus, antispyware, IDS/IPS, etc.
-- in perspective to help you implement a strategy that meets your
organization's needs.

http://www.linuxsecurity.com/content/view/122339


* The weakest link in the security chain? You
  13th, April, 2006

Human error was responsible for nearly 60 per cent of information
security breaches last year, a new study has found.

According to the fourth annual CompTIA (Computing Technology Industry
Association) study on information security and the workforce,
released on Tuesday, this figure is significantly higher than the
number in 2004, when 47 per cent of security breaches were blamed on
human error alone.

http://www.linuxsecurity.com/content/view/122331


* THC-IPV6 Attack Toolkit
  10th, April, 2006

A complete tool set to attack the inherent protocol weaknesses of IPV6
and ICMP6, and includes an easy to use packet factory library. This
code was inspired when I got into touch with IPv6, learned more and
more about it.

http://www.linuxsecurity.com/content/view/122296


* Security problems in Cisco devices
  11th, April, 2006

Cisco has published two security advisories to warn of problems in
several of its devices. Products affected are Cisco ONS 15000 Series
Common Control Cards, Cisco Transport Controller (CTC) and Cisco
11500 Content Services Switch.

http://www.linuxsecurity.com/content/view/122298


* Intro Build your own gateway firewall
  11th, April, 2006

Learn how to build your own gateway firewall using FreeBSD and old PC
parts.	The firewall will consist of the PF firewall, Snort IDS,
various IPS applications, Squid proxy, and some intuitive web
interfaces for auditing. The cost of this project should be between
free and $200 depending on your resourcefulness.  I built mine for
free using spare parts that were stockpiled in personal storage and
parts that the USMC was throwing away, but you can build one from
used and/or new parts for dirt cheap.

http://www.linuxsecurity.com/content/view/122301


* DNS Cache Poisoning - The Next Generation
  11th, April, 2006

The old problem of DNS cache poisoning has again reared its ugly
head. While some would argue that the domain name system protocol is
inherently vulnerable to this style of attack due to the weakness of
16-bit transaction IDs, we cannot ignore the immediate threat while
waiting for something better to come along. There are new attacks,
which make DNS cache poisoning trivial to execute against a large
number of nameservers running today. The purpose of this article is
to shed light on these new attacks and recommend ways to defend
against them.

http://www.linuxsecurity.com/content/view/122306


* Hacking Network Printers
  11th, April, 2006

Hack a printer you say, what kind of toner have you been smoking,
Irongeek? Well, I'm here to tell you, there's more that can be done
with a printer to compromise network security than one might realize.
In the olden days a printer may not have been much of a concern other
than the threat from folks dumpster diving for hard copies of the
documents that were printed from it, but many modern printers come
network aware with embedded Operating Systems, storage and full IP
stacks. This article will attempt to point out some of the more
interesting things that can be done with a network based printer to
make it reveal information about its users, owners and the network
it's part of.

http://www.linuxsecurity.com/content/view/122307


* The Enemy Inside
  13th, April, 2006

For many years external security threats received more attention than
internal security threats, but the focus has changed. While viruses,
worms, Trojans and DoS are serious, attacks perpetrated by people
with trusted insider status employees, ex-employees, contractors
and business partners pose a far greater threat to organizations in
terms of potential cost per occurrence and total potential cost than
attacks mounted from outside.

The reason insider attacks "hurt" disproportionately is that insiders
can and will take advantage of two important rights: trust and
physical access.

http://www.linuxsecurity.com/content/view/122334


* Build Effective Security Awareness Program
  14th, April, 2006

You've developed a world class security program. Your
technology-based defenses are cutting edge. Your security team is
well trained and ready to handle anything that comes its way. So
you're done, right? Not quite. One of the most important pieces of
an effective information asset defense is missing employee
awareness.

http://www.linuxsecurity.com/content/view/122335


* Disturbing developments in DDoS attacks
  14th, April, 2006

Traditional DDoS of course is when an attacker uses thousands of
centrally controlled zombie machines to direct millions of packets at
a single destination.  Most web servers shrivel up and die when
subjected to that much attention.  According to Barrett even the
upstream infrastructure cannot withstand some of these attacks. The
firewalls, routers, sometimes even the ISP go off line.  A recent new
technique is for the zombies to all perform DNS look-ups causing a
failure of the DNS server for the target to die, effectively taking
down a site without even hitting it directly.

http://www.linuxsecurity.com/content/view/122341


* Case Of The Lucrative Lure
  12th, April, 2006

"Hand me the boot disk." I said as I motioned to Scrap with my right
paw. My left paw was busy making sure that the IDE cables were
securely fastened to the suspect's hard drive and the clone drive.

"Ah, acquiring a drive in DOS with Encase. This is so old school."
Scrap mumbled as he fetched an Encase boot disk from his site bag.

http://www.linuxsecurity.com/content/view/122322


* ISS announces Proventia Server for Linux
  12th, April, 2006

Internet Security Systems announced Linux support for its Proventia
Server Intrusion Prevention System product line. Key features of
Proventia Server for Linux include vulnerability-based intrusion
prevention, Buffer Overflow Exploit Prevention (BOEP) and support for
Red Hat Enterprise Linux and SuSE Linux Enterprise Servers.

http://www.linuxsecurity.com/content/view/122317


* Linux and Viruses Explained
  13th, April, 2006

Attack and shut down Linux or Unix related servers most likely shut
down a virus means of getting to another machine. Windows servers
that makes up under 30 percent of the servers in The Internet. If all
Windows Servers are shut down in The Internet. The Internet will
still be operating. No point writing a virus if it stops itself from
spreading. Common sense. So common sense would say do not attack
Linux.

http://www.linuxsecurity.com/content/view/122333


* When a product is better than the company
  11th, April, 2006

As a product tester, I always tell people: The product speaks for
itself. White papers, customer wins, marketing spin: None of that
counts. I don't have to be convinced by a public relations person
that the product is good, because good products prove themselves in
our lab. In 2004, when I last tested mail security appliances,
CipherTrust's IronMail was on our short list as a top finalist. It's
a good product, and it proved itself in our labs.

http://www.linuxsecurity.com/content/view/122305


* Security 'network' to speed up anti-hacker tools
  13th, April, 2006

A new cyber-security 'network' hopes to speed up the development of
products that could plug dangerous gaps in businesses' IT defences.

http://www.linuxsecurity.com/content/view/122330


* Tips For Creating Strong Passwords You Can Remember
  10th, April, 2006

One of the problem with passwords is that users forget them. In an
effort to not forget them, they use simple things like their dog's
name, their son's first name and birthdate, the name of the current
month- anything that will give them a clue to remember what their
password is.

http://www.linuxsecurity.com/content/view/122292


* Researcher: Web services security risks largely ignored
  10th, April, 2006

During a conference presentation, researcher Alex Stamos outlined how
a number of Web services technologies, including the AJAX
(Asynchronous JavaScript and XML) and the XQuery query language could
be exploited by hackers to dig up secret information and attack
systems.

Web services is a catch-all expression used to describe a form of
distributed computing that uses standards based on XML (Extensible
Markup Language) to simplify the job of programming software. One of
its key tenets is that Web services applications are extremely
portable and can easily interact with different types of software.

http://www.linuxsecurity.com/content/view/122294


* Targeted Phishing Attacks
  11th, April, 2006

Phishers are using a lesson learned from virus and worm writers to
improve their chances of success. Over time virus and worm authors
discovered that is was not necessarily the malicious payload of their
craft that was alerting the internet community that trouble was on
the way. It was the "Internet noise" they created while looking for
vulnerable hosts. This noise resulted from increased traffic to
specific ports or in bandwidth-crippling floods of attempted
connections to every single host within a large subnet or domain.

http://www.linuxsecurity.com/content/view/122297


* RealNetworks rep to Linux: DRM or die!
  11th, April, 2006

A RealNetworks vice president voiced a few inflammatory opinions
during LinuxWorld Boston last Tuesday. The RealNetworks rep in
question, Jeff Ayars, said that Linux as a consumer platform would be
dead unless DRM capabilities are built into the OS itself.

"The consequences of Linux not supporting DRM would be that
fixed-purpose consumer electronics and Windows PCs would be the sole
entertainment platforms available," Ayers said. "Linux would be
further relegated to use in servers and business computers, since it
would not be providing the multimedia technologies demanded by
consumers."

http://www.linuxsecurity.com/content/view/122304


* Miaow to kitten-based authentication
  12th, April, 2006

Web developers have taken the idea of Captchas - challenge-response
systems that are often used to stop the automatic creation of webmail
accounts by spammers - forward in a fun way by using images of
kittens instead of distorted images of letters. KittenAuth features
nine pictures of cute little animals, only three of which are feline.
A user demonstrates that there's a human in front of machine by
selecting the three kittens among these images.

http://www.linuxsecurity.com/content/view/122318


* Pentium computers vulnerable to cyberattack
  12th, April, 2006

The built-in procedure that Intel Pentium-powered computers use to
blow off their digital steam could put users in hot water by making
the machines vulnerable to cyberattacks, computer security
researchers announced at the CanSecWest/core06 conference last week.

When the processor begins to overheat or encounters other conditions
that could threaten the motherboard, the computer interrupts its
normal operation, momentarily freezes and stores its activity, said
Loc Duflot, a computer security specialist for the French
government's Secretary General for National Defense information
technology laboratory.

http://www.linuxsecurity.com/content/view/122319


* Magnetic Data Recovery
  13th, April, 2006

The majority of today's businesses rely in some way upon computer
systems to handle the tasks of everyday commerce. These businesses
are increasingly using computers to work with their internal and
external documents, depending more and more on digital storage every
day. Most attention has been focused on well-known problems such as
viruses, exploits, etc. Attacks by intruders and insiders have led to
billions of dollars in lost revenue and expended effort to fix these
problems.

http://www.linuxsecurity.com/content/view/122328


* Fear sells. Read the report
  13th, April, 2006

Every two years the show serves as forum for the announcement of the
DTI's Information Security Breaches Survey, touted as the UK's most
authoritative look at security breaches. Latterly the lead up to the
report has been accompanied by a string of press releases, sponsored
by security vendors, highlighting a particular facet of security that
(no surprise here) help to illustrate the importance of the
particular firm's technology.

http://www.linuxsecurity.com/content/view/122329


* Design Flaw in Human Brain Prevents Detection of Phishing Websites
  13th, April, 2006

"Why Phishing Works" is a recent study (PDF) that examines phishing
website techniques. The most visually deceptive website spoof in the
study was able to fool 90% of the study's participants. That 90%
figure includes the most technically advanced users among the
participants. It was the look, not the spoofing of security features
that did the job - something that our resident phishing expert found
quite interesting.

http://www.linuxsecurity.com/content/view/122332


* On the Insecurities of the Internet
  14th, April, 2006

Among the most popular stereotypes related to Cyberterrorism, is that
of terrorists shutting down the Internet, or to put it in another
way, denying access to the desperse and decentralized Internet
infrastructure by attacking the Internet's root servers the way it
happened back in 2002 -- knowing Slashdot's IP in such a situation
will come as a handy nerd's habit for sure. Outages like these would
eventually result in a butterfly effect, such as direct monetary
losses and confidence in the today's E-commerce world.

http://www.linuxsecurity.com/content/view/122340


* Social Engineering a Police Officer
  14th, April, 2006

Really nice social engineering example. Note his repeated efforts to
ensure that if he's stopped again, he can rely on the cop to vouch
for him. Woe is Carl Bordelon, a police officer for the town of Ball,
La. His dashboard camera captured (below) his questioning of Richard
Lee McNair, 47, on Wednesday. Earlier that same day, McNair had
escaped from a federal penitentiary at nearby Pollock, La.,
reportedly hiding in a prison warehouse and sneaking out in a mail
van. Bordelon, on the lookout, stopped McNair when he saw him running
along some railroad tracks.

http://www.linuxsecurity.com/content/view/122343


* When 'delete' is not enough
  10th, April, 2006

It was only a single digit in a 20-page Microsoft Word contract
between two partners, but Scott Cooper earned his fee several years
ago when he found it.

Cooper, a computer forensics expert, learned that the numeral "1" had
been scrubbed in some later versions of this digital document. This
gave his client, a partner in a software company that had recently
been sold, just a 5 percent rather than a 15 percent share in the
company. If the change had gone undetected, the partner would have
received $32 million rather than his rightful $96 million payout.

http://www.linuxsecurity.com/content/view/122293


* RFDump
  10th, April, 2006

RFDump is a backend GPL tool to directly interoperate with any RFID
ISO-Reader to make the contents stored on RFID tags accessible. This
makes the following types of audits possible: Test robustness of
data-structures on the reader and the backend-application;
Proof-of-concept manipulations of RFID tag contents;	Clone / copy
& paste User-Data stored on RFID tags; Audit tag-security features.

http://www.linuxsecurity.com/content/view/122295


* Enterprises struggling with privacy management
  12th, April, 2006

Enterprises are under increasing pressure to safeguard the privacy
and security of personal data, but the complexity of the task is
making it difficult to meet higher expectations, a Hewlett-Packard
Co. (HP) project manager said Tuesday. The pressure is coming from
consumers and governments, who want greater control over how data is
retained and managed, said Pete Bramhall, project manager at HP's lab
in Bristol, England. Internally, enterprises are grappling with the
cost and complexity in dealing with distributed networks.

http://www.linuxsecurity.com/content/view/122323


* US security agency scrutinises secure storage device
  12th, April, 2006

The US National Security Agency (NSA) and Treasure Department have
expressed interest in a secure storage device that hard drive
manufacturer Seagate is developing.

Seagate spokesperson Michael Hall told vnunet.com that the company
has met with the two US government agencies over its Momentus 5400
FDE technology. He said that the agencies are investigating the
device's implications on their ability to fight organised crime, but
stressed that so far they are only gathering information.

http://www.linuxsecurity.com/content/view/122321


* Can UK law stop criminal hackers?
  14th, April, 2006

MPs are preparing to get tough on hackers as the law on computer
misuse and hacking is up for a revamp.

For some years now, critics of the Computer Misuse Act (CMA) 1990
have said that gaps in the legislation have made it very hard to
prosecute anyone.

http://www.linuxsecurity.com/content/view/122342


* Kernel Mode Ircbot
  8th, April, 2006

The world of malware and rootkits has evolved a lot over the last two
years, the most significant developments have been in the
sophistication of rootkits.

In case the term "rootkit" doesn't mean much, a rootkit is basically
a program that subverts the operating system, and allows the attacked
to hide certain files and programs from the user. It usually will
also provide a hidden backdoor into the system, and will hide network
connections made through the backdoor from the user.

http://www.linuxsecurity.com/content/view/122278


* Technical Foundations of Hacking
  10th, April, 2006

The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is
so dominant and important to ethical hacking that it is given wide
coverage in this chapter. Many tools, attacks, and techniques that
will be seen throughout this book are based on the use and misuse of
TCP/IP protocol suite. Understanding its basic functions will advance
your security skills. This chapter also spends time reviewing the
attacker's process and some of the better known methodologies used by
ethical hackers.

http://www.linuxsecurity.com/content/view/122291

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------




_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Tue Apr 18 2006 - 00:15:26 PDT