Information Security News mailing list archives
Linux Security Week, Oct 30th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 30 Oct 2000 00:44:31 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 30, 2000 Volume 1, Number 26n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Security is once again a hot topic in the mainstream media. As you probably already know, Microsoft's internal networks were compromised. This raises many questions. Who did it? What was their intent? A few open source developers have urged "anyone involved with free software" to stay away from any of Microsoft's source released without license. This is to prevent "trafficing in misappropriated trade secrets." Much is expected to be uncovered in the next few weeks. In our feature this week, Dave Wreski interviews the AES winner, Vincent Rijmen. The NIST algorithm, thoughts on Linux/security, and the future of internet security is discussed. http://www.linuxsecurity.com/feature_stories/interview-aes.html This week, advisories were released for apache, gnupg, ping, ypbind, ypserve, mysql, cyrus-sal, curl, ppp-off, and xlockmore. The vendors include Immunix, Mandrake, Red Hat, and Slackware. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Vulnerability List: http://www.linuxsecurity.com/vuln-newsletter.html ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://ads.linuxsecurity.com/cgi-bin/thawte.pl HTML Version available: http://www.linuxsecurity.com/newsletter.html See http://www.linuxsecurity.com/general/newsletter.html for subscription information. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Setting up Squid as your caching proxy October 24th, 2000 Squid is a proxy caching server for HTTP/FTP requests. It caches data off the net on your local network. So the next time the same data is being accessed, whether it is html or a gif, it gets served up from the local server rather than over the Internet -- saving you significant bandwidth. http://www.linuxsecurity.com/articles/firewalls_article-1814.html * Installing a firewall, Part 3 October 24th, 2000 In this three-part series, you'll learn to install and configure a Linux server and firewall. Part 1 covered selecting a secure Linux distribution and installing it. Part 2 covered the reassignment of services provided by the old firewall which the authors replaced. . http://www.linuxsecurity.com/articles/firewalls_article-1820.html * Security basics, Part 1: Understanding file attribute bits and modes October 23rd, 2000 End-user security training could be the next IT budget blower, as e-commerce catapults sloppy end-user security practices beyond the corporate firewall. However the stakes are higher than ever before, with not just confidential corporate information at risk but ecommerce contracts and money transfers. http://www.linuxsecurity.com/articles/host_security_article-1812.html +------------------------+ | Network Security News: | +------------------------+ * Bug Watch: Can you trust mobile workers? October 27th, 2000 Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with ad, European antivirus product manager at Network Associates, discusses the risks posed by remote workers. vice, warnings and information on the latest threats. This week Jack Clark http://www.linuxsecurity.com/articles/network_security_article-1841.html * Security through obscurity October 25th, 2000 Is security through obscurity ever a useful way to protect your network, or does it just make things easier for corporate spies and hackers? This week in Unix Security, Carole Fennelly investigates who's benefiting from this security tactic. http://www.linuxsecurity.com/articles/network_security_article-1824.html * Firewalls and Security, Are They Important to YOUR Company? October 23rd, 2000 I have encountered several companies with big web businesses who failed to install a single firewall in their premises. After several days and weeks or persuasion, some heeded my advice to install firewalls, while some remained complacent about their 'armoured servers from ABC vendor'. http://www.linuxsecurity.com/articles/firewalls_article-1802.html +------------------------+ | Cryptography News: | +------------------------+ * Bad signs October 25th, 2000 "Digital signatures are not signatures, and they will never fulfill their promise" - Bruce Schneier's opinion on The Standard. When first invented in the 1970s, digital signatures held amazing promise: better than a handwritten signature, unforgeable and uncopyable. http://www.linuxsecurity.com/articles/general_article-1823.html * U.S. crypto winners -- Belgian heroes October 25th, 2000 The U.S. government likes that number. Earlier this month, it selected Rijmen and Daemen's brainchild as the new Advanced Encryption Standard. That means Rijndael will soon become the shield of choice to protect sensitive U.S. government information, financial transactions and Internet traffic. AES will replace Data Encryption Standard, or DES, invented by IBM Corp. (NYSE: IBM) in the 1970s, which has become vulnerable to breaches from powerful supercomputers. http://www.linuxsecurity.com/articles/cryptography_article-1830.html * World's Toughest Code Cracked October 23rd, 2000 This Wired story describes the recent contest created to decipher 10 increasingly difficult codes set by author Simon Singh in his international bestseller The Code Book. Quite interesting. http://www.linuxsecurity.com/articles/cryptography_article-1808.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * VPN IPsec: Progress Slow But Steady October 24th, 2000 This is a pretty article that discusses why IPSec is slow going, and how now vendors are starting to work together to make sure their products interoperate when building a VPN. http://www.linuxsecurity.com/articles/cryptography_article-1822.html * Cache on Demand October 23rd, 2000 SET and a relative newcomer-IOTP-offer robust security frameworks for online transactions. So why haven't they threatened SSL's dominance as a payment protocol? When it comes to transaction security, Secure Sockets Layer (SSL) has been the de facto protocol for a half-dozen years. http://www.linuxsecurity.com/articles/cryptography_article-1807.html +------------------------+ | General News: | +------------------------+ * The week in review: Hacking Microsoft October 28th, 2000 Calling it an act of "industrial espionage," Microsoft said malicious hackers gained access to its internal networks, where they were able to see some of the company's upcoming software code. http://www.linuxsecurity.com/articles/hackscracks_article-1846.html * Privacy Commissioner worried by Internet snooping October 27th, 2000 Federal Privacy Commissioner Malcolm Crompton said today he was concerned at revelations that up to three quarters of top web sites were being used to collect personal information on users. http://www.linuxsecurity.com/articles/general_article-1843.html * The Pros and Cons of Posting Vulnerabilities October 26th, 2000 Once upon a time, only the black hats (often called hackers) and a few self-described white hats (often called security experts) had easy access to security vulnerability information. The black hats could use their knowledge to break into computers at will. Systems were rarely patched to fix these problems because most system administrators remained unaware of the issues, and the good-guy insiders were unwilling to share this information. Things have changed, however. http://www.linuxsecurity.com/articles/hackscracks_article-1835.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, Oct 30th 2000 newsletter-admins (Oct 30)