Information Security News mailing list archives
Linux Security Week, October 16th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 16 Oct 2000 08:26:47 -0400
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 16, 2000 Volume 1, Number 24n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, a few interesting firewall articles were released. "A Problem with Firewalls & Firewall Technology," "Installing a firewall," and "Linux firewall survey, Part 1: Open source product roundup." If you haven't yet built a firewall for your network, or looking to harden your existing setup, these articles may prove to be helpful. The documentation for LIDS (Linux Intrusion Detection System) has been updated. If you are unfamiliar with LIDS, it is a patch and set of administration tools used to enhance a systems security. The new documentation is available: http://www.lids.org/document/build_lids-0.2.html This week, advisories were released for mod_rewrite, mod_php3, tmpwatch, traceroute, boa, esound, usermode, gnorpm, openssh, apache, and cfengine. The vendors include Caldera, Conectiva, Debian, FreeBSD, Immunix, LinuxPPC, Mandrake, SuSE, and Trustix. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Vulnerability List: http://www.linuxsecurity.com/vuln-newsletter.html Webmasters, our advisory and news feed is now available in RDF format. We invite you to use and customize our feed to provide up-to-date security content on your website. http://www.linuxsecurity.com/linuxsecurity_articles.rdf http://www.linuxsecurity.com/linuxsecurity_advisories.rdf ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://ads.linuxsecurity.com/cgi-bin/thawte.pl HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Build a Secure Linux System with LIDS October 10th, 2000 The documentation of LIDS -- "Build a secure Linux system with LIDS" is updated to version 0.2. This document talks about what LIDS is, what the benifit of LIDS is, and how to build a secure linux system step by step with LIDS. This updated vesion cooresponds to LIDS version 0.9.2 and later. http://www.linuxsecurity.com/articles/projects_article-1722.html +------------------------+ | Network Security News: | +------------------------+ * Unverified Fields - A Problem with Firewalls & Firewall Technology October 15th, 2000 The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields, within the packet they are processing. The risk is exposure of information. http://www.linuxsecurity.com/articles/firewalls_article-1754.html * Format Strings: An Interview with Chris Evans October 11th, 2000 "In a previous article I covered the basics of format string attacks. This time I've interviewed Chris Evans, whom I quoted in the last article. Without further ado, here is the interview. "It appears to me that these format strings have been present a very long time. http://www.linuxsecurity.com/articles/forums_article-1730.html * Installing a firewall, Part 1 October 10th, 2000 In this three-part series, you will learn to install and configure a Linux server and firewall. Part 1 covers the selection and installation of a secure Linux distribution. Part 2 will cover the reassignment of services provided by the old firewall that the authors replaced. And Part 3 covers the actual process of installing the firewall itself. http://www.linuxsecurity.com/articles/firewalls_article-1727.html * Linux firewall survey, Part 1: Open source product roundup October 9th, 2000 The standard firewalling support in the Linux kernel is built upon two components -- ipchains and IP Masquerading. Both features are included in standard kernel distributions. Ipchains is a mechanism for filtering IP packets; its inclusion means that any flavor of Linux can be configured to run as a filtering gateway/firewall almost right out of the box. http://www.linuxsecurity.com/articles/firewalls_article-1719.html +------------------------+ | Cryptography News: | +------------------------+ * Crypto Expert Warns That Cryptography Not Secure Enough October 13th, 2000 One of the world's leading experts on computer security said that because of recent developments in the online world, cryptography on its own is now not enough to protect systems in the digital world. In his new book, Bruce Schneier, an internationally acclaimed security expert, said that protecting information has become increasingly difficult in the digital world. http://www.linuxsecurity.com/articles/cryptography_article-1752.html * LCI-SMARTpen AES Compliance October 12th, 2000 The new model of LCI-SMARTpen is the first in the world to comply with new encryption standard. "The National Institute for Standards and Technology (NIST) has selected Rijndael as the proposed Advanced Encryption Standard (AES) algorithm. The AES will be a new Federal Information Processing Standard. The newly selected Rijndael algorithm is already implemented in the latest release of the LCI SMARTpen, which is now in the market." http://www.linuxsecurity.com/articles/cryptography_article-1744.html * Cracked! 'World's toughest' code broken October 12th, 2000 A team of Swedish computer buffs has fought off thousands of rivals from around the world to crack what was billed as the toughest code challenge ever set. It took the Swedes the equivalent of 70 years of computer time to decipher 10 increasingly difficult codes set by author Simon Singh in his international bestseller "The Code Book." http://www.linuxsecurity.com/articles/cryptography_article-1745.html * Special Report: Unlocking PKI October 9th, 2000 PKI isn't a drop-in proposition. Someone's got to design an infrastructure for it, based on both the requirements of the technology and the structure of the organization's existing security systems. Key pairs and digital certificates must be generated, distributed, and tracked. http://www.linuxsecurity.com/articles/network_security_article-1717.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Bank Offers Web-Based Safe Deposit Boxes for Electronic Documents October 12th, 2000 Metal safe deposit boxes have been a longtime staple of the banking industry. But that was last century. With a new federal law that took effect Oct. 1 making digitally signed documents legally binding, valuable electronic documents are now as sure to pile up on computer hard drives as their paper predecessors did in metal file cabinets. http://www.linuxsecurity.com/articles/vendors_products_article-1741.html * International Kernel Patch 2.2.17.7 October 11th, 2000 The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches. http://www.linuxsecurity.com/articles/cryptography_article-1732.html * Sendmail Offers Secure Business E-Mail October 10th, 2000 E-mail is becoming so important to business that e-mail systems must be upgraded for security and reliability. Sendmail is offering Sendmail Switch 2.1 and Sendmail Advanced Message Server as a step toward those goals in the enterprise, said Sendmail Chairman Greg Olsen. http://www.linuxsecurity.com/articles/vendors_products_article-1720.html +------------------------+ | General News: | +------------------------+ * Privacy expert monitors issue with a keen eye October 13th, 2000 Richard Smith has dedicated himself to demanding high security and privacy standards of Internet companies. A veteran computer programmer, Smith knows how information collected through technology can be manipulated in ways the developer never intended. Currently the chief technology officer at the Privacy Foundation, Smith has gained prominence for revealing tracking technologies within software programs, operating systems and Internet services, including high-profile privacy flaws at RealNetworks and Microsoft. http://www.linuxsecurity.com/articles/privacy_article-1753.html * Congress Sets Net Privacy Standards October 12th, 2000 Lawmakers supportive of Internet privacy laws said Wednesday they would take an issue-by-issue approach next year rather than push for sweeping legislation. They also said the government should set higher standards of privacy for its Web sites. Lawmakers testifying at a House hearing said they favor ``baseline standards'' of privacy rather than the strict guarantees common in Europe - or ``micromanaging,'' as they were called by Rep. Bob Goodlatte, co-chairman of the Congressional Internet Caucus. http://www.linuxsecurity.com/articles/privacy_article-1743.html * Less secrecy, more security October 11th, 2000 There's been controversy over revelations of security flaws in software products. Some believe all should be public. Others claim nothing should be revealed. On this issue, taking a middle course seems best and is gaining support. Going for maximum publicity has merits. Those that want to disclose the exact techniques used to exploit security weaknesses cite vendor intransigence. http://www.linuxsecurity.com/articles/general_article-1729.html * SANS Federal CIOs List: Top Worries About Security October 11th, 2000 The respondents each allocated a hypothetical $100,000 budget among seven threats faced by federal agencies. Respondents could choose to allocate all the money to stopping a single threat or to spread it in any manner. http://www.linuxsecurity.com/articles/general_article-1728.html * Small Biz Vulnerable to Net Attacks October 11th, 2000 Half of small and midsize businesses that implement and supervise their own network security will fall prey to a successful cybercrime by 2003, according to new research released Tuesday by Gartner Group. More than 60 percent of those firms will not even detect that their systems have been compromised, Gartner said. http://www.linuxsecurity.com/articles/general_article-1731.html * Forget your password? Picture this. October 10th, 2000 Imagine never forgetting your password or PIN. Better still, imagine never having to wait in the queue watching impatiently as the fellow in front of you forgets his PIN for the third time. Does this sound like an impossible dream? It's not. http://www.linuxsecurity.com/articles/general_article-1723.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, October 16th 2000 newsletter-admins (Oct 17)