Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - January 14th 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 15 Jan 2002 10:06:09 -0600 (CST)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  January 14th, 2002                           Volume 3, Number 2n   |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
 
This week, perhaps the most interesting articles include "Comparing Secure
shell (SSH) and Virtual Network Computing (VNC)," "Play with the Lovely
Netcat," "MailScanner Mail Gateway Filter," and "Securing Air: Wireless
Security."  Also, you crypto lovers should read "New Data Encryption
Method Throws Away the Keys," and "Prof renews free speech fight against
US encryption law."
 
Get 10% Off & FREE Shipping for all Guardian Digital secure servers! Visit
Guardian Digital's online store for details:
 
 http://store.guardiandigital.com
 
This week, advisories were released for exim, libgtop, mutt, pkg_install,
pw, pine, mod_auth_pgsql, bind, proftpd, LIDS, stunnel, and namazu.  The
vendors include Conectiva, Debian, FreeBSD, Mandrake, Red Hat, SuSE, and
Trustix.

http://www.linuxsecurity.com/articles/forums_article-4261.html


** FREE Apache SSL Guide from Thawte Certification - Do your online
customers demand the best available protection of their personal
information? Thawte's guide explains how to give this to your customers by
implementing SSL on your Apache Web Server.

 Click here to get our FREE Thawte Apache Guide:
  http://www.gothawte.com/rd176.html


Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
  
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Comparing Secure shell (SSH) and Virtual Network Computing (VNC)
January 8th, 2002

In the first of this pair of articles, David compares and contrasts Secure
shell (SSH) and Virtual Network Computing (VNC), two technologies that
allow a user at one workstation to run an application that lives on
another computer.

http://www.linuxsecurity.com/articles/network_security_article-4250.html


* Avoiding Buffer Overflows
January 8th, 2002

Chrooted system services improve security by limiting damage that someone
who broke into the system can possibly do. What is chroot? Chroot
basically redefines the universe for a program. More accurately, it
redefines the "ROOT" directory or "/"  for a program or login session.

http://www.linuxsecurity.com/articles/server_security_article-4247.html


* Play with the Lovely Netcat
January 8th, 2002

The first but secondary purpose of this article is to introduce you this
nifty networking tool: /usr/bin/netcat which is well available from the
Debian GNU/Linux under the package name netcat. (The drill: apt-get
install netcat and you're done.)

http://www.linuxsecurity.com/articles/host_security_article-4248.html




+------------------------+
| Network Security News: |
+------------------------+

* Smurf attacks - don't be a victim
January 10th, 2002

Smurf attacks can be devastating, both to the victim network and to the
network(s) used to amplify the attack. An Internet Control Message
Protocol (ICMP) Smurf attack is a brute-force attack on the direct
broadcast feature that is built in to the IP protocol.

http://www.linuxsecurity.com/articles/network_security_article-4258.html


* Social Engineering Fundamentals, Part II: Combat Strategies
January 10th, 2002

This is the second part of a two-part series devoted to social
engineering. In Part One, we defined social engineering as a hacker's
clever manipulation of the natural human tendency to trust, with the goal
of obtaining information that will allow him/her to gain unauthorized
access to a valued system and the information that resides on that system.

http://www.linuxsecurity.com/articles/general_article-4257.html


* Special Report: Know your enemy
January 10th, 2002

John Taylor sent in this article that discusses a number of types of
attacks. "The serious attacks to which we refer are those insidious
intrusions that reach deep into your system, bypassing your expensive
firewalls and stealing or damaging your data slowly, over long periods of
time.

http://www.linuxsecurity.com/articles/general_article-4260.html


* MailScanner Mail Gateway Filter
January 9th, 2002

MailScanner is a virus scanner for e-mail designed for use on e-mail
gateways. It can also detect a large proportion of unsolicited commercial
e-mail (spam) passing through it.  Not only can it scan for known viruses,
but it can also protect against unknown viruses hidden inside e-mail
attachments by refusing entry to attachments whose filenames match any
given pattern.

http://www.linuxsecurity.com/articles/network_security_article-4255.html


* Securing Air (Wireless Security)
January 7th, 2002

He brought along a laptop loaded with a wireless Ethernet card and
NetStumbler, a shareware sniffer for wireless networks. Once NetStumbler
detects an 802.11 connection, it logs the MAC address of the access point
along with the network name, SSID, manufacturer and various data about the
signal.

http://www.linuxsecurity.com/articles/network_security_article-4244.html




+------------------------+
|   Cryptography News:   |
+------------------------+

* Source Code As Free Speech in Encryption Case
January 13th, 2002

The U.S. Court of Appeals for the Sixth Circuit has ruled that computer
source code is protected by the First Amendment.  The ruling could have
significant implications on the United States' encryption policies. This
article discusses the case and the lessons it teaches about encryption.

http://www.linuxsecurity.com/articles/cryptography_article-4269.html


* Prof renews free speech fight against US encryption law
January 10th, 2002

A computer science professor is renewing a constitutional challenge to
U.S. encryption laws, arguing that the government's policy on restricting
the export of domestic cryptographic research violates the First
Amendment.  Daniel Bernstein, the University of Illinois computer science
professor who resurrected the lawsuit in a San Francisco district court on
Monday, said he is only trying to help protect computer systems against
terrorists and other criminals.

http://www.linuxsecurity.com/articles/cryptography_article-4259.html


* New Data Encryption Method Throws Away the Keys
January 8th, 2002

The key generation idea is likely to see opposition from law enforcement
and government, especially during the current war on terrorism. Last week,
a U.S. District Court told the Justice Department that it could keep its
keystroke-logging technology under wraps, even as the Feds used
information gathered by the snoopware as evidence in the trial of alleged
Mafia defendant Nicodemo Scarfo, Jr.

http://www.linuxsecurity.com/articles/cryptography_article-4251.html




+------------------------+
|  Vendors/Products:     |
+------------------------+
 
* Tools take on new Linux Trojan
January 13th, 2002

Utilities for detecting and removing a new Trojan horse that targets Linux
systems have been posted on the Internet for free download.  The tools,
created by managed security provider Qualys, battle a new variant of the
Remote Shell Trojan, dubbed "RST.b," which creates a backdoor on infected
Linux computers, giving a remote attacker full control.

http://www.linuxsecurity.com/articles/network_security_article-4268.html


* akpop3d - small and secure POP3 daemon
January 13th, 2002

Andreas Krennmair writes, "Because I found the design of Solar Designer's
POP3 daemon popa3d somewhat obscure, I started writing my own POP3 daemon,
called akpop3d. Now I want to ask the LinuxSecurity.com community to
peer-review this program.

http://www.linuxsecurity.com/articles/projects_article-4267.html




+------------------------+
|  General News:         |
+------------------------+

* CERT/CC Statistics 1988-2001
January 11th, 2002

The latest raw statistical information published by CERT. The year 2001
recorded 52,658 reported incidents versus 21,756 for 2000. It also
includes the number of mail messages received concerning security
incidents, number of security alerts, and more.

http://www.linuxsecurity.com/articles/security_sources_article-4266.html


* U.S. Cyber Security Weakening
January 11th, 2002

U.S. computer systems are increasingly vulnerable to cyber attacks, partly
because companies are not implementing security measures already
available, according to a new report released Tuesday.

http://www.linuxsecurity.com/articles/government_article-4265.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: