Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week, Oct 30th 2000

From: newsletter-admins () linuxsecurity com
Date: Mon, 30 Oct 2000 00:44:31 -0500
+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  October 30, 2000                          Volume 1, Number 26n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.

Security is once again a hot topic in the mainstream media.  As
you probably already know, Microsoft's internal networks were
compromised.  This raises many questions.  Who did it?  What was
their intent?  A few open source developers have urged "anyone
involved with free software" to stay away from any of Microsoft's
source released without license.  This is to prevent "trafficing in
misappropriated trade secrets."  Much is expected to be uncovered
in the next few weeks.

In our feature this week, Dave Wreski interviews the AES winner,
Vincent Rijmen.  The NIST algorithm, thoughts on Linux/security,
and the future of internet security is discussed.

http://www.linuxsecurity.com/feature_stories/interview-aes.html

This week, advisories were released for apache, gnupg, ping, ypbind,
ypserve, mysql, cyrus-sal, curl, ppp-off, and xlockmore.  The vendors
include Immunix, Mandrake, Red Hat, and Slackware.  It is critical
that you update all vulnerable packages to reduce the risk of being
compromised.

Vulnerability List: http://www.linuxsecurity.com/vuln-newsletter.html


** FREE Apache SSL Guide from Thawte **
Planning Web Server Security? Find out how to implement SSL! Get the
free Thawte Apache SSL Guide and find the answers to all your Apache
SSL security issues and more at:

http://ads.linuxsecurity.com/cgi-bin/thawte.pl


HTML Version available:
http://www.linuxsecurity.com/newsletter.html

See http://www.linuxsecurity.com/general/newsletter.html for subscription
information.


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+


* Setting up Squid as your caching proxy
October 24th, 2000

Squid is a proxy caching server for HTTP/FTP requests. It caches data
off  the net on your local network. So the next time the same data is
being accessed, whether it is html or a gif, it gets served up from
the local server rather than over the Internet -- saving you
significant bandwidth.

http://www.linuxsecurity.com/articles/firewalls_article-1814.html


* Installing a firewall, Part 3
October 24th, 2000

In this three-part series, you'll learn to install and configure a
Linux  server and firewall. Part 1 covered selecting a secure Linux
distribution and installing it. Part 2 covered the reassignment of
services provided by the old firewall which the authors replaced.  .

http://www.linuxsecurity.com/articles/firewalls_article-1820.html


* Security basics, Part 1: Understanding file attribute bits and
modes
October 23rd, 2000

End-user security training could be the next IT budget blower, as
e-commerce catapults sloppy end-user security practices beyond the
corporate firewall. However the stakes are higher than ever before,
with not just confidential corporate information at risk but
ecommerce  contracts and money transfers.

http://www.linuxsecurity.com/articles/host_security_article-1812.html



+------------------------+
| Network Security News: |
+------------------------+

* Bug Watch: Can you trust mobile workers?
October 27th, 2000

Bug Watch: Each week vnunet.com asks a different expert from the IT
security world to give their views on recent virus and security
issues, with ad, European antivirus product manager at Network
Associates, discusses the risks posed by remote workers. vice,
warnings and information on the latest threats. This week Jack Clark

http://www.linuxsecurity.com/articles/network_security_article-1841.html

* Security through obscurity
October 25th, 2000

Is security through obscurity ever a useful way to protect your
network, or does it just make things easier for corporate spies and
hackers? This week in Unix Security, Carole Fennelly investigates
who's benefiting from this security tactic.


http://www.linuxsecurity.com/articles/network_security_article-1824.html


* Firewalls and Security, Are They Important to YOUR Company?
October 23rd, 2000

I have encountered several companies with big web businesses who
failed to install a single firewall in their premises. After several
days and weeks or persuasion, some heeded my advice to install
firewalls, while some remained complacent about their 'armoured
servers from ABC vendor'.

http://www.linuxsecurity.com/articles/firewalls_article-1802.html



+------------------------+
|   Cryptography News:   |
+------------------------+

* Bad signs
October 25th, 2000

"Digital signatures are not signatures, and they will never fulfill
their promise" - Bruce Schneier's opinion on The Standard. When first
invented in the 1970s, digital signatures held amazing promise:
better than a handwritten signature, unforgeable and uncopyable.

http://www.linuxsecurity.com/articles/general_article-1823.html


* U.S. crypto winners -- Belgian heroes
October 25th, 2000

The U.S. government likes that number. Earlier this  month, it
selected Rijmen and Daemen's brainchild as  the new Advanced
Encryption Standard. That means  Rijndael will soon become the shield
of choice to protect  sensitive U.S. government information,
financial  transactions and Internet traffic. AES will replace Data
Encryption Standard, or DES, invented by IBM Corp.  (NYSE: IBM) in
the 1970s, which has become  vulnerable to breaches from powerful
supercomputers.

http://www.linuxsecurity.com/articles/cryptography_article-1830.html


* World's Toughest Code Cracked
October 23rd, 2000

This Wired story describes the recent contest created to decipher 10
increasingly difficult codes set by author Simon Singh in his
international bestseller The Code Book. Quite interesting.

http://www.linuxsecurity.com/articles/cryptography_article-1808.html



+-------------------------+
| Vendors/Tools/Products: |
+-------------------------+

* VPN IPsec: Progress Slow But Steady
October 24th, 2000

This is a pretty article that discusses why IPSec is slow going, and
how now vendors are starting to work together to make sure their
products interoperate when building a VPN.

http://www.linuxsecurity.com/articles/cryptography_article-1822.html


* Cache on Demand
October 23rd, 2000

SET and a relative newcomer-IOTP-offer robust security frameworks for
online transactions. So why haven't they threatened SSL's dominance
as a payment protocol? When it comes to transaction security, Secure
Sockets Layer (SSL) has been the de facto protocol for a half-dozen
years.

http://www.linuxsecurity.com/articles/cryptography_article-1807.html



+------------------------+
|    General News:       |
+------------------------+

* The week in review: Hacking Microsoft
October 28th, 2000

Calling it an act of "industrial espionage," Microsoft said malicious
hackers gained access to its internal networks, where they were able
to see some of the company's upcoming software code.

http://www.linuxsecurity.com/articles/hackscracks_article-1846.html


* Privacy Commissioner worried by Internet snooping
October 27th, 2000

Federal Privacy Commissioner Malcolm Crompton said today he was
concerned at revelations that up to three quarters of top web sites
were being used to collect personal information on users.

http://www.linuxsecurity.com/articles/general_article-1843.html


* The Pros and Cons of Posting Vulnerabilities
October 26th, 2000

Once upon a time, only the black hats (often called  hackers) and a
few self-described white hats (often  called security experts) had
easy access to security  vulnerability information. The black hats
could use their  knowledge to break into computers at will. Systems
were rarely patched to fix these problems because  most system
administrators remained unaware of the issues, and the good-guy
insiders were unwilling to  share this information. Things have
changed, however.

http://www.linuxsecurity.com/articles/hackscracks_article-1835.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: