Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - March 25th 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 26 Mar 2002 02:33:06 -0600 (CST)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  March 25th, 2002                             Volume 3, Number 12n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
 
This week, perhaps the most interesting articles include "Getting Started
with Gnu Privacy Guard," "Introduction to logging," "User Authentication
with PHP and Apache," and "Introduction to Intrusion Protection and
Network Security."

This week, the advisories were released for cups, zlib, listar, kdm,
imlib. The vendors include Debian, Mandrake, Red Hat, and Trustix.

http://www.linuxsecurity.com/articles/forums_article-4660.html


FEATURE: Dsniff 'n the Mirror - This is a practical step by step guide
showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep,
and others. It also provides a discussion of how and why we should monitor
network traffic.

http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html


Security & Simplicity, Finally! - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
 
  --> http://store.guardiandigital.com 
 
 
Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
 
 
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
 

* Getting Started with Gnu Privacy Guard
March 22nd, 2002

With increasingly important communications taking place using e-mail, the
ability to verify the authenticity, and also protect the contents, of such
correspondence has become something that everyone should know. However,
the tools created to provide PGP security are generally cryptic and
difficult to work with.

http://www.linuxsecurity.com/articles/cryptography_article-4666.html


* Securing Debian HOWTO Updated
March 22nd, 2002

This has to now be one of the most comprehensive and complete Linux
security documents on the Web. Nice job, guys. "This document describes
the process of securing and hardening the default Debian installation.

http://www.linuxsecurity.com/articles/documentation_article-4664.html


* Introduction to logging
March 20th, 2002

"Welcome to yet another article in the series of articles dedicated to
basic system maintenace and security. This time, I plan to cover the topic
of logging, and why is logging a must for every serious admin, or for any
system that plans to be exposed to any kind of multi user enviroment.

http://www.linuxsecurity.com/articles/server_security_article-4639.html



* User Authentication with PHP and Apache
March 20th, 2002

There are a number of reasons why you might want to add user
authentication to your Web site.  You might want to restrict access to
certain pages only to a specific group of privileged users. You might want
to customize the content on your site as per user preferences.


http://www.linuxsecurity.com/articles/server_security_article-4642.html



* Using PGP to Verify Digital Signatures
March 20th, 2002

This paper (pdf) provides some background information about PGP and
explains how to check signatures for validity.  "PGP stands for Pretty
Good Privacy. It is a computer program that uses mathematical algorithms
to encrypt files and protect them from unauthorized access. It is also
used to digitally sign and verify documents.

http://www.linuxsecurity.com/articles/cryptography_article-4637.html


* Using SSH
March 19th, 2002

SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols
which handle sensitive information in an unsecure manner. Telnet
broadcasts sensitive information such as usernames and passwords
unencrpyted whereas.

http://www.linuxsecurity.com/articles/server_security_article-4633.html


* Privilege Separated OpenSSH
March 18th, 2002

The goal of this work is complete privilege separation within in OpenSSH.
Privilege separation uses two processes: The privileged parent process
that monitors the progress of the unprivileged child process.

http://www.linuxsecurity.com/articles/cryptography_article-4622.html




+------------------------+
| Network Security News: |
+------------------------+

* Introduction to Intrusion Protection and Network Security
March 23rd, 2002

In this introduction to protecting your computers from intrusion, the
author discusses concepts of computer security. Selecting good passwords,
using firewalls, and other security concepts are introduced.


http://www.linuxsecurity.com/articles/network_security_article-4668.html




+------------------------+
|  Cryptography:         |
+------------------------+

* Crypto guru debates efficiency discovery
March 19th, 2002

Encryption expert Bruce Schneier downplayed this week the importance of a
University of Illinois professor's newest method of breaking the digital
codes that secure information.

http://www.linuxsecurity.com/articles/cryptography_article-4635.html




+------------------------+
|  Vendors/Products:     |
+------------------------+
 
* Warriors to demo DDoS defence
March 24th, 2002

The New Zealand Defence Force is to use an international conference to put
a product created by Auckland company Esphion against distributed denial
of service attacks through its paces.  The event, known as the Joint
Warrior Interoperability Demonstration (Jwid), will involve defence
personnel from New Zealand, Australia, the UK the US and Canada.

http://www.linuxsecurity.com/articles/organizations_events_article-4670.html



* Lcrzoex, Network Testing Toolbox
March 21st, 2002

Laurent Constantin let us know that the Lcrzoex Project now contains more
than 300 GPLd network testing tools. "We are proud to announce that
lcrzoex now contains over 300 network testing tools. Tool which passed
this mark allows to spoof an IP/UDP packet.

http://www.linuxsecurity.com/articles/projects_article-4652.html





+------------------------+
|  General News:         |
+------------------------+
 
* A Tangled World Wide Web of Security Issues
March 23rd, 2002

The World Wide Web (WWW) was initially intended as a means to share
distributed information amongst individuals. Now the WWW has become the
preferred environment for a multitude of e-services: e-commerce,
e-banking, e-voting, e-government, etc. Security for these applications is
an important enabler.

http://www.linuxsecurity.com/articles/server_security_article-4669.html


* Spam: It's completely out of control
March 21st, 2002

[Chris Lewis] is the guardian of roughly 45,000 employees' e-mail
in-boxes, protecting against unsolicited commercial messages that are
nearly doubling in number every five months--and costing an estimated $1
per piece in lost productivity.

http://www.linuxsecurity.com/articles/general_article-4654.html


* Building trust into open source
March 21st, 2002

In the past three months, the open-source community has been given a
wake-up call.  While Microsoft has concentrated on reviewing its flagship
Windows source code as part of a new focus on security, Internet watchdogs
have released the details of three widespread flaws in open-source
applications usually shipped with the Linux operating system.

http://www.linuxsecurity.com/articles/projects_article-4655.html


* U.S. pulls 'sensitive' info off the Web
March 21st, 2002

Government agencies have been ordered to clear their Web sites of
sensitive information about weapons of mass destruction that could be
exploited by would-be terrorists, according to memos released on Thursday.

http://www.linuxsecurity.com/articles/government_article-4657.html


* Web Security, Privacy & Commerce, 2nd Edition
March 20th, 2002

"There are two basic reasons why a book comes out in a second edition:
either the author needs the cash or the book needs to be updated.  When
the first edition of Web Security, Privacy & Commerce came out in 1997, it
was titled Web Security & Commerce.

http://www.linuxsecurity.com/articles/documentation_article-4640.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: