Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - September 23rd 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 24 Sep 2002 01:25:03 -0500 (CDT)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 23rd, 2002                         Volume 3, Number 37n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Stamp out spam
with SpamAssassin," "Who Goes There? An Introduction to On-Access Virus
Scanning," "Remote End-Point Security Services," and "Idle Scanning and
related IPID games."

FEATURE: What is the Slapper worm? - The question of the week: What
Slapper? Let me begin by telling you I am not only describing the Slapper
worm, but I am also describing the Apache/mod_ssl worm, the bugtraq.c
worm, and the Modap worm. In effect, this is just 4 different names for
the same nasty worm.
 
http://www.linuxsecurity.com/feature_stories/feature_story-119.html 


Concerned about the next threat? EnGarde is the undisputed winner!

 EnGarde Secure Linux is a complete solution that provides all
 the tools necessary to build a complete secure Internet presence.  
 Winner of the Network Computing Editor's Choice Award, EnGarde "walked
 away with our Editor's Choice award thanks to the depth of its security
 strategy..." Find out what the other Linux vendors are not telling you.

  -> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2


This week, advisories were released for purity, openssl, konqueror, php,
libkvm, libresolv, NetBSD kernel, libc, shutdown, pppd, kdf, ioctl, dns,
nfs, setlocale, postgresql, and libx11.  The vendors include Conectiva,
Debian, FreeBSD, NetBSD, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-5737.html

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Stamp out spam with SpamAssassin
September 21st, 2002

This article takes a look at the evolution of the spam cycle (for as Sun
Tzu and every general who ever came after him said, "Know thine enemy and
victory will be forthcoming"). It also takes a look at SpamAssassin, the
latest in a long and venerable line of weapons in the fight against spam,
as well as a look ahead.

http://www.linuxsecurity.com/articles/server_security_article-5747.html


* Putting The Kernel On Your Side
September 20th, 2002

Intro The Linux enables (as most of you know) run-time module loading,
that is : you can had features to your linux kernel without having to
re-compile the whole kernel again. You can write and load modules that
will be linked to the kernel. This paper is about how to use modules in
order to help you in administrating your system.

http://www.linuxsecurity.com/articles/documentation_article-5740.html


* Who Goes There? An Introduction to On-Access Virus Scanning
September 17th, 2002

By now, most savvy computer users have anti-virus software (AV) installed
on their machines and use it as part of their regular computing routine.
However, most average users do not know how anti-virus software works.
This article is the second in a two-part series that will offer a brief
overview of a particular type of anti-virus technique known as on-access
scanning.

http://www.linuxsecurity.com/articles/host_security_article-5716.html



+------------------------+
| Network Security News: |
+------------------------+

* Internal Network Security
September 19th, 2002

When organizations first begin to assess network security, the tendency is
to focus almost exclusively on external facing assets to defend against
unauthorized "hacker" attacks. However, to establish an effective security
program, organizations must examine both internet facing, publicly
accessible resources, as well as private internal networks.

http://www.linuxsecurity.com/articles/security_sources_article-5732.html


* Remote End-Point Security Services: Defining a New Market
September 18th, 2002

Teleworkers, mobile employees, and broadband access are all driving
corporations to extend their networks securely through the implementation
of IP VPNs over the Internet. While these networks are being extended, the
malicious activities of hackers and their ability to compromise networks
and remote PCs are only increasing.

http://www.linuxsecurity.com/articles/general_article-5720.html


* Idle Scanning and related IPID games
September 18th, 2002

Almost four years ago, security researcher Antirez posted an innovative
new TCP port scanning technique. Idlescan, as it has become known, allows
for completely blind port scanning. Attackers can actually scan a target
without sending a single packet to the target from their own IP address!
Instead, a clever side-channel attack allows for the scan to be bounced
off a dumb "zombie" host.

http://www.linuxsecurity.com/articles/documentation_article-5723.html



+------------------------+
|  Cryptography:         |
+------------------------+

* Open-Source Group Gets Sun Security Gift
September 20th, 2002

Sun's "elliptic curve" technology is involved in the process of using keys
to encrypt and decrypt information for electronic transactions. Such
encryption lets people buy products online, for example, while shielding
their credit card number from prying eyes.

http://www.linuxsecurity.com/articles/cryptography_article-5738.html


* Crypto-Chip Boosts ID Security
September 20th, 2002

When you send your credit card number over the Internet to pay for a new
book or a pair of pants, the number is mathematically disguised --
encrypted -- so that the original string of digits can be decoded only by
the merchant at the other end of your shopping spree.

http://www.linuxsecurity.com/articles/cryptography_article-5743.html


* A Gathering of Big Crypto Brains
September 19th, 2002

In a lush country hotel 20 miles south of Dublin, the barroom conversation
turns to steganography and database vulnerabilities, encryption algorithms
and biometric scanners, SWAP files and cookie poisoning.  Not your average
pub denizens, the speakers are some of the best-known names in
cryptography and security, gathered for one of the industry's best-kept
secrets: the annual COSAC conference, held every fall in Ireland.

http://www.linuxsecurity.com/articles/cryptography_article-5728.html


* New AES crypto standard broken already
September 17th, 2002

Theoretical attacks against AES (Advanced Encryption Standard) winner
Rijndael and runner-up Serpent have been published. They might work in the
practical world; they might not. That's about all we can say from the
latest edition of Bruce Schneier's CryptoGram newsletter, which seeks to
simplify the issues discovered by researchers Nicolas Courtois and Josef
Pieprzyk, and elaborated in a paper entitled "Cryptanalysis of Block
Ciphers with Overdefined Systems of Equations".

http://www.linuxsecurity.com/articles/cryptography_article-5705.html



+------------------------+
|  General:              |
+------------------------+

* Offical: Cybersecurity Not Watered Down
September 20th, 2002

A White House official is standing behind the administration's draft
recommendations on cybersecurity, asserting that they have not been
weakened by lobbying from technology companies.

http://www.linuxsecurity.com/articles/government_article-5741.html


* Finding the Security Budget Sweet Spot
September 19th, 2002

Companies must first determine which threats they are vulnerable to, then
figure out how much damage a breach could inflict, and finally sift
through the abundance of security products on the market.

http://www.linuxsecurity.com/articles/forums_article-5734.html


* Greasing the Squeaky Wheels
September 19th, 2002

Being paranoid about security is a good thing. For example, requiring
strong passwords, locking down the services on your machines, removing all
shared accounts, and disabling cleartext protocols make it more difficult
for a cracker to gain access to your machines and data. Unfortunately, it
also makes working on the systems less convenient for you and your users.


http://www.linuxsecurity.com/articles/security_sources_article-5729.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: