Information Security News mailing list archives
Linux Security Week - December 25th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 25 Dec 2000 15:18:15 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 25, 2000 Volume 1, Number 34n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. We at LinuxSecurity.com would like to wish everyone a happy and safe holiday season. Although many of you are probably on vacation, you may want to check out a few of this weeks articles. "System Security" (by our own Dave Wreski), "Making Red Hat Secure," and "Building blocks of Linux packet filtering in the 2.2 kernel" are among the best. Unfortunately, a large number of advisories were released this week. Many of you are taking time off for the holiday. We advise that you spend a little extra time ensuring that your systems are ready for a long stable weekend. This week,advisories were released for ed, stunnel, bitchx, zope, nano, slocate, procps, oops, halflifeserver, ethereal, netscape, pam, jpilot, rp-pppoe, kerberised telnetd, ftpd, gnupg, mysql, and tcsh. The vendors include Conectiva, Debian, FreeBSD, Mandrake, NetBSD, OpenBSD, Red Hat, and Trustix. http://www.linuxsecurity.com/articles/forums_article-2169.html ================================================================= FREE Apache SSL Guide from Thawte Are you planning your Web Server Security? Click here to get a FREE Thawte Apache SSL guide and find the answers to all your Apache SSL security issues: <http://www.thawte.com/ucgi/gothawte.cgi?a=n074917540018000> ================================================================= HTML Version available: <http://www.linuxsecurity.com/newsletter.html> +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * System Security December 22nd, 2000 Back in the old days security was a pretty straight-forward affair. If you wanted to secure something, you just kept buying locks and alarm systems until you felt secure. Back then, it actually took a good deal of planning and physical effort for someone to break into your business, your home, or anything else that had been "secured." http://www.linuxsecurity.com/articles/network_security_article-2177.html * Making Red Hat Secure December 21st, 2000 In this article I will explain how to make your Linux box secure by taking basic security measures. This article will enable anybody to tighten the security of a redhat Linux box. Always set a password on BIOS to disallow booting from floppy by changing the BIOS settings. http://www.linuxsecurity.com/articles/host_security_article-2166.html * Building blocks of Linux packet filtering in the 2.2 kernel December 19th, 2000 Scott Thomason writes: "In this article, I discuss the origin and basic structure of IP in enough detail to continue on with an exploration of the fundamentals of packet filtering firewalls. An extensive sample firewall showing the use of the Linux kernel 2.2 sysctl interface, anti-spoofing techniques, chains, and selective ICMP filtering is included." http://www.linuxsecurity.com/articles/firewalls_article-2149.html * Securing the Linux Environment Part One: Installation Issues December 19th, 2000 Nearly two years ago, I walked into a computer store and asked a salesperson if they had any Linux distributions in stock. I was looking for the latest Red Hat or Caldera distribution. The salesperson paused and looked at me with a blank stare. "Do you mean a Lenox heating/refrigeration unit?" he asked. http://www.linuxsecurity.com/articles/host_security_article-2150.html +------------------------+ | Network Security News: | +------------------------+ * Firewalls Becoming Ineffective, Experts Say December 23rd, 2000 While firewall vendors espouse the virtues or their security solutions, others believe that even the most technologically advanced firewall can't offer companies all of the protection they need to ensure that data is safe from both external and internal threats. http://www.linuxsecurity.com/articles/firewalls_article-2178.html * Social engineering simulations December 22nd, 2000 A question that often arises when planning vulnerability analysis is whether "social engineering" techniques should be used. My consistent answer is no - not unless you are prepared to do an awful lot of work before trying it. Vulnerability analysis is a useful approach to measuring the success of information security policies. http://www.linuxsecurity.com/articles/network_security_article-2173.html * Security patch distribution - it's trojan time December 21st, 2000 The way operating system vendors issue security patches is insecure, in many cases, and could let crackers exploit this to trick users into loading trojan horses onto their systems. Security firm BindView, whose Razor team of security researchers completed the research, questioned 27 different vendors of commonly used products on whether patches are accompanied by digital signatures or other forms of cryptographic authentication. http://www.linuxsecurity.com/articles/network_security_article-2164.html * Vulnerabilities in Operating-System Patch Distribution December 20th, 2000 In this research project, BindView Corporation has studied the processes by which 27 operating-system vendors distribute security patches. The report focuses on vulnerabilities in these processes, with the hope that customers can use the information to assess the adequacy of the processes used by their own vendors, in both an absolute and comparative sense. http://www.linuxsecurity.com/articles/general_article-2160.html * Net Security, Flawed December 20th, 2000 SSL and SSH have emerged, with other protocols, to provide authentication methods using a public key infrastructure. These protocols were developed to protect large amounts of network traffic from online shopping to financial transactions with online banks. But are the fundamental flaws of these protocols open to abuse, now that products exist to exploit these cracks in security? http://www.linuxsecurity.com/articles/cryptography_article-2159.html * Hackers caught in security 'honeypot' December 19th, 2000 Security pros use HoneyNet Project to learn tricks of the hacking trade --and raise corporate awareness. When a group of suspected Pakistani hackers broke into a U.S.-based computer system in June, they thought they had found a vulnerable network to use as an anonymous launching pad to attack Web sites across India. http://www.linuxsecurity.com/articles/hackscracks_article-2151.html +------------------------+ | Cryptography News: | +------------------------+ * Laptop encryption and international travel December 21st, 2000 The restrictions on using PC encryption products are far more lenient than those on importing software or hardware encryption for distribution or resale. In France, for example, the law states that upon entry to the country, travelers must register their decryption keys with "authorities." . http://www.linuxsecurity.com/articles/cryptography_article-2165.html * Crypto-Gram December December 18th, 2000 Crypto-Gram is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. This month Bruce provides his thoughts on the problems with voting and technology, IBMs new crypto algorithm, Digital Safe-Deposit Boxes, and the latest news summary. Excellent read, as always. http://www.linuxsecurity.com/articles/cryptography_article-2137.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * NSA Releases High Security Version Of Linux December 22nd, 2000 "The NSA folks just recently got permission to make their stuff available on the Web. It's just a proof of concept, and no doubt a lot of changes will need to made before people will accept integrating it into the kernel, but they have released a working system based on Linux 2.2 and RedHat 6.1. So it's definitely worth a look, and in fact some folks with specialized needs might find it useful, even though it's a prototype." http://www.linuxsecurity.com/articles/vendors_products_article-2170.html * 25 Ways to make your webserver more secure December 18th, 2000 25 Ways to make your webserver more secure is a simple and short text that contains some principles to get a real world secure server. http://www.linuxsecurity.com/articles/server_security_article-2136.html +------------------------+ | General News: | +------------------------+ * Learn to think like your attacker December 19th, 2000 Paring down your network services isn't the only way to protect your systems against attacks: port scanning can also be an effective tool. In this month's Building Blocks of Security, Sandra Henry-Stocker shows you how to stay one step ahead of your enemy. Minimizing services is just the beginning of adopting a defensive posture, however. http://www.linuxsecurity.com/articles/hackscracks_article-2148.html * Bush Seen Likely to Overhaul E-Security December 19th, 2000 As George W. Bush strides toward the White House, national security experts are preparing for what could be a major change in the way the government and the private sector organize to defend against cyber-attacks. http://www.linuxsecurity.com/articles/government_article-2155.html * Port scans are legal December 18th, 2000 A tiff between two IT contractors that spiralled into federal court ended last month with a US district court ruling in Georgia that port scans of a network do not damage it, in reference to a section of the anti-hacking laws that allows victims of cyber attack to sue an attacker. http://www.linuxsecurity.com/articles/government_article-2138.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week - December 25th 2000 newsletter-admins (Dec 26)