Information Security News mailing list archives
Linux Security Week - September 10th 2001
From: InfoSec News <isn () c4i org>
Date: Tue, 11 Sep 2001 01:09:31 -0500 (CDT)
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 10th, 2001 Volume 2, Number 36n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "OpenSSH key management, Part 2," "An Introduction to OpenSSL, Part Two: Cryptographic Functions Continued," and "Remote Monitoring." Also this week, if you have not read about Echelon, there are two good articles in the general section of this newsletter. NEED A SECURE SERVER OS? EnGarde was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. http://www.engardelinux.org This week, advisories were released for xinet, windowmaker, sendmail, fetchmail, xli, telnetd, rmuser, NetBSD kernel, and fts. The vendors include Conectiva, NetBSD, Mandrake, and SuSE. Mandrake users are especially encouraged to update this week because there is such a great number of advisories. http://www.linuxsecurity.com/articles/forums_article-3633.html HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * An Introduction to OpenSSL, Part Two: Cryptographic Functions Continued September 6th, 2001 This is the second article in a series on OpenSSL, a library written in the C programming language that provides routines for cryptographic primitives utilized in implementing the Secure Sockets Layer (SSL) protocol. In the first article in the series, we discussed some of the basics of cryptography. http://www.linuxsecurity.com/articles/cryptography_article-3627.html * OpenSSH key management, Part 2 September 6th, 2001 Many developers use the excellent OpenSSH as a secure, encrypted replacement for the venerable telnet and rsh commands. One of OpenSSH's more intriguing features is its ability to authenticate users using the RSA and DSA authentication protocols, which are based upon a pair of complementary numerical "keys". http://www.linuxsecurity.com/articles/cryptography_article-3630.html * Inside Jail: FreeBSD September 6th, 2001 On most UNIX systems, root has omnipotent power. This promotes insecurity. If an attacker were to gain root on a system, he would have every function at his fingertips. In FreeBSD there are sysctls which dilute the power of root, in order to minimize the damage caused by an attacker. http://www.linuxsecurity.com/articles/host_security_article-3628.html * The First Step of Exploring a System September 6th, 2001 The first step to exploring a system is not just another point and click. It is the part that suprisingly, no one really talks about; gathering information on the subject. In order to successfully get in a system, one must know enough about the entity to gain access to it. http://www.linuxsecurity.com/articles/network_security_article-3629.html +------------------------+ | Network Security News: | +------------------------+ * Honeynet Project: September Scan Results September 4th, 2001 The purpose of this monthly project is to help the security community develop the forensic and analysis skills to decode blackhat attacks. This is done by taking signatures we have captured in the wild and challenging the security community to decode the signatures. http://www.linuxsecurity.com/articles/server_security_article-3613.html * SC Mag: Remote Monitoring September 4th, 2001 Why Outsource IDS Monitoring, Anyway? The simple answer to that, if there is one, is that organizations are caught between massive security requirements and miniscule security budgets. Outsourcing offers the benefits of economies of scale in that the client does not need to hire staff, spend money for specialized infrastructure, etc. http://www.linuxsecurity.com/articles/intrusion_detection_article-3617.html * A Growing Demand for Security Administrators, Part 2 September 4th, 2001 Demand for security specialists will only continue to grow, enabling security administrators to move in several different directions. Advertisement Within internal IT, they can move up the management chain to security architect, network architect, ecommerce architect, and beyond to director of networking or operations director and up. http://www.linuxsecurity.com/articles/general_article-3620.html * A network setup with FreeBSD and OpenBSD September 3rd, 2001 This article discusses a network setup which might prove useful for people who like to put some extra effort into connecting their machines to the Internet. The goal is to build a secure client and server farm on a single IP address. http://www.linuxsecurity.com/articles/intrusion_detection_article-3616.html +------------------------+ | Cryptography News: | +------------------------+ * PGP opens up complete encryption source code September 7th, 2001 One of the first encryption products is made available to all. PGP Security -- a division of Network Associates that has been criticised in the past for being too proprietary -- has made available the electronic distribution of its complete source code for the PGPsdk, its cryptographic toolkit. PGP, which was one of the world's first encryption products and a de facto standard for encryption, is the foundation of all PGP Desktop, Wireless and Server products. The release of the source code will provide academic researchers and cryptographers the ability to review every detail of PGPsdk's cryptographic features. The move comes a short time after the US government recently relaxed export regulations on cryptographic source code, Santa Clara, California-based PGP Security said. All of article. http://www.linuxsecurity.com/articles/cryptography_article-3637.html * Quantum Crypto to the Rescue September 7th, 2001 This week has been big for cryptography. It's seen both technical and theoretical advances in next-generation quantum crypto systems and technology. It's seen a prototype enter its testing phase that could send secret crypto keys through open air to a satellite or across town. http://www.linuxsecurity.com/articles/cryptography_article-3636.html * In PKI We Trust? September 4th, 2001 When PKIs hit the streets a few years ago, a media frenzy ensued -- remember 1999, the year of the public-key infrastructure? Now it's the morning after, and we've gotten a dose of reality when it comes to the cost and complexity of rolling out a PKI. http://www.linuxsecurity.com/articles/cryptography_article-3621.html +------------------------+ | Vendors/Products: | +------------------------+ * Prioritizing patches: A precipitous pandemonium September 8th, 2001 Is the patching of mission critical systems and related software a priority for your business? May I suggest that patching such software become an imperative task incorporated into an IT position ASAP. http://www.linuxsecurity.com/articles/server_security_article-3611.html * Rule Set Based Access Control version 1.1.2 Now Available September 3rd, 2001 After project leaders pan vulnerability assessment, a Back Orifice demonstration quells the skeptics. My company is about to deploy a virtual private network (VPN). During a recent project meeting, the project manager asked each department representative to identify six tasks related to our areas of responsibility. http://www.linuxsecurity.com/articles/network_security_article-3638.html +------------------------+ | General Security News: | +------------------------+ * Echelon spying network exists, EU committee says September 6th, 2001 Echelon exists, the European Union (EU) Parliament was told Wednesday. Echelon, allegedly a vast information collection system capable of monitoring all the electronic communications in the world, has been talked about in security circles for several years. But no government agency in the world has ever confirmed or denied its existence. An EU committee has been investigating the system for almost a year. Just because the surveillance network exists, however, doesn't mean that government agencies can access all the information Echelon collects, Gerhard Schmid, the German Member of the European Parliament (MEP), told Parliament members in Strasbourg. The European Parliament accepted Schmid and his team's 130-page-plus report and its 44 recommendations in a 367-159 vote. There were 34 abstentions, though these were not explained. http://www.linuxsecurity.com/articles/privacy_article-3626.html * Information Security Certification: A Rule Of Thumb September 4th, 2001 Take a wander through the landscape of infosec certification and you will encounter a morass of acronyms, training and exam fees, claims and counterclaims. Pete Thomas, Editor of SecurityWatch, and Tony Rich, Account Director of UK IT security recruitment specialists Acumin, help you find your way. http://www.linuxsecurity.com/articles/general_article-3614.html * What is Echelon? September 4th, 2001 The following information consists entirely of excerpts from the European Parliament's "Temporary Committee on the ECHELON Interception System" report. After reading the entire lengthy, and often technical, report I decided to sift through and find the information that most people would find informative and applicable to their own lives and use of the Internet and electronic communications in general. http://www.linuxsecurity.com/articles/privacy_article-3615.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Linux Security Week - September 10th 2001 InfoSec News (Sep 11)