Information Security News mailing list archives
Linux Security Week, December 18th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 18 Dec 2000 11:01:51 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 18, 2000 Volume 1, Number 33n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. A few good articles were released this week. Some of them included "Securing Linux: Part 2," "LILO Security Tips," and "Sudo and other ways to avoid root." Also this week, an independent review board issued their final report on Carnivore concluding that "the electronic wiretap system was an effective law-enforcement tool, drawing fire from critics who said it was too invasive." This week, advisories were released for tcsh, ghostscript, joe, rp-pppoe, ed, bitchx, pam, apcupsd, mc, pico/pine, and zope. The vendors include Conectiva, Caldera, Immunix, Mandrake, and Red Hat. It is critical that you update all vulnerable packages to reduce the risk of being compromised. http://www.linuxsecurity.com/articles/forums_article-2126.html ================================================================= FREE Apache SSL Guide from Thawte Are you planning your Web Server Security? Click here to get a FREE Thawte Apache SSL guide and find the answers to all your Apache SSL security issues: <http://www.thawte.com/ucgi/gothawte.cgi?a=n074917540018000> ================================================================= HTML Version available: <http://www.linuxsecurity.com/newsletter.html> +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Securing Linux: Part 2 December 16th, 2000 This second article in the series takes you through TCP wrappers, OpenSSH, disabling unnecessary services and better monitoring of system activity by using unique log files to monitor specific information. Welcome back to an exciting odyssey in making your Linux box more secure. http://www.linuxsecurity.com/articles/host_security_article-2132.html * E-mail security using Mutt and GPG December 15th, 2000 E-mail is the most widely used means of communication on the net. Convenient? yes -- safe? no. Encryption is what you need to keep your communications private. This article shows you how you can use the mail client Mutt and the open source replacement of PGP, GnuPG, to secure your e-mail. http://www.linuxsecurity.com/articles/host_security_article-2130.html * LILO Security Tips December 13th, 2000 There are several techniques to minimize the risk of passing LILO arguments at boot time and booting the system in single user mode to get the root shell. delay=X: this controls how long (in tenths of seconds) LILO waits for user input before booting to the default selection. It should be set to 0 unless the system dual boots something else. http://www.linuxsecurity.com/articles/host_security_article-2110.html * Installing a secure web server December 12th, 2000 With `e-commerce' becoming an important part of many businesses, it's useful to know how to set up your server to run SSL for secure transfer of sensitive information. This article starts with a description of SSL and talks about implementing OpenSSL. http://www.linuxsecurity.com/articles/server_security_article-2106.html * Sudo and other ways to avoid root! December 12th, 2000 This article discusses how to use su and sudo. "When I first had my own Linux system, I learned early that most of the system setup tasks I need to do had to be done as root. Isn't it easier to log in as root and do all my work that way? It certainly was, and for a few months, I did exactly that. http://www.linuxsecurity.com/articles/host_security_article-2101.html +------------------------+ | Network Security News: | +------------------------+ * OS identification December 14th, 2000 When hackers plan to break into Websites, they first try to find out which operating system the site is using. Once they determines that and which services are running, their chances of successfully attacking a system are greatly increased. What can you do to stop them? In this month's Building Blocks of Security, Sandra Henry-Stocker introduces active and passive stack fingerprinting, two ways that hackers profile your systems. http://www.linuxsecurity.com/articles/server_security_article-2120.html * Interview with BSDi on proactive BSD/OS security December 13th, 2000 BSD/OS is often considered a "secure" operating system. I often see ISPs and website hosting companies prominently brag that their servers are secure because they run BSDi's operating system. BSDi itself often promotes itself by saying it continues the BSD tradition of "extremely secure" systems. http://www.linuxsecurity.com/articles/server_security_article-2118.html * The Rise and Fall of Internet Security: A Story in Two Parts December 12th, 2000 This article initially published in the spring, discusses the growing level of security awareness as well as practices that lead to insecurity. "Future generations may know the end of the 1990s, among other things, as the time when computer and network security finally got some respect. http://www.linuxsecurity.com/articles/general_article-2100.html * CERT Advisory CA-2000-22 Input Validation Problems in LPRng December 12th, 2000 This article discusses how to use su and sudo. "When I first had my own Linux system, I learned early that most of the system setup tasks I need to do had to be done as root. Isn't it easier to log in as root and do all my work that way? It certainly was, and for a few months, I did exactly that. http://www.linuxsecurity.com/articles/host_security_article-2107.html * Linux Network Security December 11th, 2000 There are several methods remote attackers can use to break into your machine. Usually they are exploiting problems with existing programs. The Linux community always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out long before the equivalent programs in other operating systems are mended. The issue here though is how to prevent your machine from suffering any sort of problem of this sort. http://www.linuxsecurity.com/articles/network_security_article-2089.html * Defying Denial of Service Attacks December 11th, 2000 In a Distributed DoS (DDoS) attack, a hacker installs an agent or daemon on numerous compromised hosts. The hacker sends a command to the master, which also resides on a compromised host. The master communicates with the agents to commence the attack. http://www.linuxsecurity.com/articles/network_security_article-2092.html +------------------------+ | Cryptography News: | +------------------------+ * DeCSS case runs into Calif. roadblock December 17th, 2000 Hollywood loses a ruling in its fight to outlaw DeCSS, an open-source Linux computer code that allows copying of protected DVD disks. The motion picture industry's effort to ban computer code that subverts its DVD encryption scheme has suffered a setback in California, with the state's high court issuing an order that could see many of the defendants dropped from the closely watched case. http://www.linuxsecurity.com/articles/cryptography_article-2134.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Open Source encryption components and exporting applications December 15th, 2000 I received a phone call today from a lady with the U.S. Bureau of Export Administration (BXA) who'd read my page (the URL of which I'd submitted to them for an export license exemption as required by U.S. export. http://www.linuxsecurity.com/articles/cryptography_article-2129.html * LIDS 0.9.11 for Kernel 2.2.18 Released December 15th, 2000 Huagang Xie writes: "The LIDS project has just released LIDS 0.9.11 for kernel version 2.2.18. It contain a bugfix for lidsadm. For more detail, please visit www.lids.org." I use LIDS on a daily basis and love it. Anybody who is interested in a kernel-level IDS system should definately check it out! http://www.linuxsecurity.com/articles/projects_article-2127.html +------------------------+ | General News: | +------------------------+ * FBI's 'Carnivore' system praised, criticized with final report December 15th, 2000 An independent review board concluded in its final report on Thursday that a controversial FBI electronic wiretap system was an effective law-enforcement tool, drawing fire from critics who said it was too invasive. http://www.linuxsecurity.com/articles/privacy_article-2128.html * Internet Privacy Concerns Due To Explode December 14th, 2000 Existing Internet privacy concerns stemming from online "profiling" and other e-business data mining activities are "trivial" compared to the privacy-related issues that will face the world in the years ahead, IBM Chairman Lou Gerstner has said. http://www.linuxsecurity.com/articles/privacy_article-2123.html * Internet security seen having long way to go December 12th, 2000 Systems designers have a long way to go to protect online privacy but the spread of so-called smart cards holds promise, the new head of a Internet technical coordination body told a government-sponsored conference on Monday. http://www.linuxsecurity.com/articles/privacy_article-2102.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, December 18th 2000 newsletter-admins (Dec 18)