Information Security News mailing list archives
Linux Security Week, Nov 6th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 6 Nov 2000 06:49:14 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 06, 2000 Volume 1, Number 27n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. As the Microsoft story begins to cool down, various articles on general network security were written. The article, "Hactivist threats on the rise," states that "computer hackers with political agendas have become a fast-growing threat to big companies worldwide." Companies are not the only organizations effected, the United States government has started a program to provide cyber attack guidance to other agencies. This week, advisories were released for gnupg, ypbind, getnameinfo, top, tcpdump, boa, pine, chpass, cfengine, libutil, nis, dump, nss_ldap, and incurses. The vendors include, Conectiva, Caldera, FreeBSD, NetBDS, Red Hat, SuSE, and Trustix. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Vulnerability List: http://www.linuxsecurity.com/vuln-newsletter.html Webmasters, our advisory and news feed is now available in RDF format. We invite you to use and customize our feed to provide up-to-date security content on your website. http://www.linuxsecurity.com/linuxsecurity_articles.rdf http://www.linuxsecurity.com/linuxsecurity_advisories.rdf ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://ads.linuxsecurity.com/cgi-bin/thawte.pl HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Securing the Linux Environment Part One: Installation Issues November 1st, 2000 This series of articles is designed to help users secure their Linux systems. I will describe methods that attackers use to gain information and access systems. I will then discuss countermeasures for defeating these attacks. http://www.linuxsecurity.com/articles/host_security_article-1867.html +------------------------+ | Network Security News: | +------------------------+ * Risk-Assessment Strategies November 2nd, 2000 Here's a pretty good article that explains the reason and purpose for conducting risk management. "All business decisions, in IT or otherwise, are an exercise in the evaluation of the risk of inaction versus the cost of action to reduce risks (real or perceived)." http://www.linuxsecurity.com/articles/general_article-1875.html * U.S. Lists Top Ten 'Dot Cons' November 1st, 2000 Auction fraud has the dubious honor of being the No. 1 online scam, the U.S. Federal Trade Commission (FTC) said Tuesday. Rounding out the "Top Ten Dot Cons" are: Internet service provider (ISP) scams, Web site design scams, Net porn credit card fraud, multi-level marketing schemes, business opportunities and work-at-home cons, fraudulent investment and get-rich-quick scams, travel and vacation fraud, telephone/pay-per-call frauds, and Net health care frauds. http://www.linuxsecurity.com/articles/government_article-1866.html * Fingerprint Security Gets Handier October 31st, 2000 When Qualcomm CEO Irwin Jacobs got his laptop stolen last month at a conference, the technology to protect his information may already have been at his fingertips. By using a biometric fingerprint scanner, Jacobs could have added a layer of security to his laptop, which he said contained proprietary information that was possibly valuable to foreign governments. http://www.linuxsecurity.com/articles/vendors_products_article-1857.html * Know Thine Enemy October 30th, 2000 Kevin Mitnick used to make life miserable for corporate IT managers by breaking into computer systems. Now he's making it his business to help them secure their networks against hackers. Last month Mitnick, who was released from prison earlier this year after nearly five years there, offered tips on information security to IT professionals at the Giga Information Group Infrastructures for E-Business conference, held here. http://www.linuxsecurity.com/articles/hackscracks_article-1854.html +------------------------+ | Cryptography News: | +------------------------+ * Bush Blasts Clinton Administration Encryption Stance November 2nd, 2000 Responding to a question about encryption technology in an ongoing Internet debate, Texas Gov. George W. Bush today castigated President Clinton and Vice President Gore for what he called "outdated" technology policy. "The Clinton administration has repeatedly been slow to recognize the realities of the international market for encryption products regulated by our nations export laws," Bush said in a written response posted on the Web White & Blue Web page. http://www.linuxsecurity.com/articles/cryptography_article-1872.html * The encryption algorithm demolition derby November 2nd, 2000 In the early seventies the US government put out a call for an encryption algorithm. It had no response. A year later in 1973 they tried again and got one response, from IBM. Then followed a bit of politicking, but by 1975 DES was born. DES was initially a FIPS (Federal Information Procurement Standard), but was quickly adopted around the world as the de facto standard for encryption. http://www.linuxsecurity.com/articles/cryptography_article-1877.html * Encrypting Data in Web Forms November 1st, 2000 This month's Linux Gazette has an article on, well, encrypting data in web forms. Linux Gazette is a great online magazine, and this month is no exception. "There may be times when you want to send encrypted data to a user on your web server. For example, if you want to hide the numeric id of an account." http://www.linuxsecurity.com/articles/cryptography_article-1870.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Saint 3.1 Released November 1st, 2000 The Security Administrator's Integrated Network Tool (SAINT), an updated and enhanced version of SATAN, is designed to assess the security of computer networks. More information about SAINT can be found in the on-line documentation. This version features a new custom scan level, giving you complete control over which probes SAINT will run, all from the graphical user interface. http://www.linuxsecurity.com/articles/network_security_article-1869.html * Installing Snort 1.6.3 on SuSE 6.x-7.x October 30th, 2000 Here's a quick startup guide for using snort. You might also be interested in the LinuxSecurity.com Using Snort" guide. "Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. http://www.linuxsecurity.com/articles/intrusion_detection_article-1851.html * Open Souce Tripwire Released October 30th, 2000 Tripwire, the leading provider of data and network integrity solutions, today announced the availability of its Open Source product for the Linux operating system. "Tripwire Open Source, Linux Edition is a significant contribution of commercial-quality data and network integrity software to the Linux community. http://www.linuxsecurity.com/articles/intrusion_detection_article-1855.html +------------------------+ | General News: | +------------------------+ * 'Hactivist' threats on the rise November 3rd, 2000 Computer hackers with political agendas have become a fast-growing threat to big companies worldwide, a corporate intelligence company said on Thursday. "The methods they are using are in their infancy," said Kent Anderson of Control Risks Group, an international business risk consultancy. http://www.linuxsecurity.com/articles/hackscracks_article-1879.html * Agencies get cyberattack guidance November 2nd, 2000 The CIO Council and the Office of Management and Budget issued guidelines this week directing agencies to coordinate cyberattack reports and warnings with the Federal Computer Incident Response Center. The memorandum details the processes that agencies should follow to improve coordination and interaction with FedCIRC at the General Services Administration. http://www.linuxsecurity.com/articles/government_article-1871.html * Experts fear cyber warfare November 1st, 2000 The growing electronic war between Israeli and pro-Palestinian hackers threatens to shut down large portions of the Internet, government and industry, experts warned last night. http://www.linuxsecurity.com/articles/network_security_article-1862.html * Security dominates agenda at federal Linux conference October 31st, 2000 Security was a hot topic at Monday's first-ever federal Linux user's conference. The news that Microsoft Corp.'s network had been breached and that hackers had gained access to source code underscores the need for effective security systems to protect large institutions -- like the government -- from such attacks, said speakers and delegates alike at the conference here. http://www.linuxsecurity.com/articles/organizations_events_article-1860.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, Nov 6th 2000 newsletter-admins (Nov 08)