Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - October 6th 2003

From: InfoSec News <isn () c4i org>
Date: Tue, 7 Oct 2003 01:09:05 -0500 (CDT)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  October 6th, 2003                             Volume 4, Number 40n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Integer Array
Overflows Tutorial," "Wireless Network Policy Development," "Traffic
Control HOWTO," and "Blind SQL Injection: Are Your Vulnerable."

---- >> FREE Apache SSL Guide from Thawte << ----
Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

 Click Command:
 http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache

---

LINUX ADVISORY WATCH:
This week, advisories were released for proftpd, openssl, marbles,
freesweep, webfs, OpenSSL, mpg123, teapop, and proftpd. The distributors
include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo,
Immunix, Red Hat, Trustix, and Turbolinux.

http://www.linuxsecurity.com/articles/forums_article-8057.html


FEATURE: R00ting The Hacker
Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
Hackers is a former intelligence officer in the U.S. Marine Corps who
currently writes for Computerworld and CNN.com, covering national
cyber-security issues and critical infrastructure protection.

http://www.linuxsecurity.com/feature_stories/feature_story-150.html

---

FEATURE: A Practical Approach of Stealthy Remote Administration

This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your
enterprise firewall console or IDS).

http://www.linuxsecurity.com/feature_stories/feature_story-149.html



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Linux--The Most Secure OS of All
October 3rd, 2003

Some may claim otherwise, but many insist that Linux is the most secure
operating system (OS) of them all. Linux security advocates point to a
plethora of hardened distributions and hardened kernels, for one thing.
Linux administrators can also take also take many steps to make any distro
even more secure, starting with installation procedures.

http://www.linuxsecurity.com/articles/forums_article-8063.html


* Spam: This Time It's Personal
October 2nd, 2003

Andy Markley was really looking forward to a work-free Labor Day weekend
far away from his computer. But he made the mistake of checking his inbox
before he left for his planned holiday.  Hundreds of e-mails greeted
Markley that Saturday morning, most of them reporting an undeliverable
message sent from his e-mail account.

http://www.linuxsecurity.com/articles/privacy_article-8052.html


* Blind SQL Injection: Are Your Vulnerable
October 1st, 2003

SQL Injection can deliver total control of your server to an attacker
giving them the ability to read, write and manipulate all data stored in
your backend systems.

http://www.linuxsecurity.com/articles/server_security_article-8045.html


* Web Exploits Explained
October 1st, 2003

The most common attacks that we all know of are discussed in this chapter.
Hackers exploit web vulnerabilities that most have little or no control
over.  The most common web server vulnerabilities exist within Microsoft
Internet Information Server (IIS), Sun ONE Java web server, Apache and a
few other web servers.

http://www.linuxsecurity.com/articles/documentation_article-8046.html


* Integer Array Overflows Tutorial
October 1st, 2003

This paper discusses the exploitation of integer arrays due to lack of
calculations to limit the amount of elements added to them. This is a
fairly common occurrence in programming today, while somewhat known and
understood in character array form, I've never seen it mentioned on the
integer level. Expectations for this paper are that you have knowledge of
stack based overflows, heap based overflows, memory workings, some
knowledge of character array overflows wouldn't hurt, and of course good
ANSI C programming experience.

http://www.linuxsecurity.com/articles/documentation_article-8042.html


* Review: Linux Security Cookbook
September 29th, 2003

If you work with Linux you certainly know of many resources where you can
get your questions answered when running into a problem. When it comes to
securing your Linux box, there's a myriad of things you have to think
about and this is where this cookbook comes into the picture.

http://www.linuxsecurity.com/articles/documentation_article-8022.html


+------------------------+
| Network Security News: |
+------------------------+

* Stopping Spam at the Gateway
October 3rd, 2003

I hate spam. You hate spam. We all hate spam. But none of us hate spam as
much as ISPs and business network administrators do. Alexis Rosen,
president and co-owner of Public Access Networks, which runs Panix, one of
the oldest ISPs, concedes that while spam may "not be as bad as Adolph
Hitler, it is morally evil."

http://www.linuxsecurity.com/articles/privacy_article-8058.html


* Wireless Network Policy Development (Part Two)
October 3rd, 2003

Part One of this article explained the need for wireless policy, some of
the inherent threats of wireless networks, and covered some of the
essential components of a wireless policy. This second and final article
will continue to discuss essential components for policy development, as
well as address other considerations that one should be aware of.

http://www.linuxsecurity.com/articles/security_sources_article-8060.html


* Traffic Control HOWTO
October 2nd, 2003

Traffic control encompasses the sets of mechanisms and operations by which
packets are queued for transmission/reception on a network interface. The
operations include enqueuing, policing, classifying, scheduling, shaping
and dropping. This HOWTO provides an introduction and overview of the
capabilities and implementation of traffic control under Linux.

http://www.linuxsecurity.com/articles/documentation_article-8054.html


* VoIP: The New Telephone Security Risk
October 2nd, 2003

They have their networks locked tight, their data hidden behind firewalls
and their e-mail scanned by virus protection software. But too many IT
managers and security officers overlook a crucial security risk: the
telephone system. As voice over IP (VoIP) setups become more common within
enterprises, the risk of compromise of phone services is on the rise.

http://www.linuxsecurity.com/articles/network_security_article-8049.html


+------------------------+
| General Security News: |
+------------------------+

* The Bottom Line: Software and copyright
October 4th, 2003

Still, on the whole, no cost up-front is hard to beat. The software giants
already concede their products have no advantages over open source
products in terms of security and reliability. They hope to maintain sales
based on superior service and customer service, but then again, none of
the companies mentioned have a reputation for much other than arrogance
when it comes to dealing with customers.

http://www.linuxsecurity.com/articles/projects_article-8065.html


* Study: Regulations driving security spending
September 30th, 2003

A poll of corporate executives published Monday found that companies are
increasing spending on security to satisfy legislation--not necessarily
because their CEOs have seen the light.

http://www.linuxsecurity.com/articles/government_article-8031.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: