Information Security News mailing list archives
Linux Security Week, October 2nd 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 2 Oct 2000 09:58:47 -0400
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 2, 2000 Volume 1, Number 22n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, warnings of DoS attacks, Carnivore, and the RSA algorithm continue to be in the news. Recently, top security executives met to discuss the latest requirements and technologies to provide early warnings and better preparation for DoS attacks. A Chicago-based R&D group has been asked to execute a technical evaluation of the Carnivore surveillance system. Following CERT's warnings of widespread attacks on servers, Red Hat has now chosen to release automatic package update software. The goal of this action is to provide an easier and more efficient way for administrators to maintain the security of a Linux system. Webmasters, our advisory and news feed is now available in RDF format. We invite you to use and customize our feed to provide up-to-date security content on your website. http://www.linuxsecurity.com/linuxsecurity_articles.rdf http://www.linuxsecurity.com/linuxsecurity_advisories.rdf Our sponsor this week is WebTrends. Their Security Analyzer has the most vulnerability tests available for Red Hat & VA Linux. It uses advanced agent-based technology, enabling you to scan your Linux servers from your Windows NT/2000 console and protect them against potential threats. Now with over 1,000 tests available. http://www.webtrends.com/redirect/linuxsecurity1.htm HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * SSH Techniques September 27th, 2000 We've already seen one of the primary uses of ssh: it allows you to open up a terminal session to a remote system. By using "ssh" instead of telnet or rsh, you get the same ability to type commands on remote systems, but your sessions are encrypted to protect them from prying eyes. What else does ssh offer? Let's start with the security features in the program and move on to some of the practical uses of the tool. http://www.linuxsecurity.com/articles/cryptography_article-1647.html +------------------------+ | Network Security News: | +------------------------+ * Another Linux vulnerability appears September 29th, 2000 Linux firms have plugged flaws from last week, but new 'GLIBC' hole has manifested itself. The flaws in some Linux programs that have let crackers infiltrate hundreds of servers in past weeks have been plugged in updated Linux distributions, but another vulnerability appears to have made it into at least one of the latest versions. http://www.linuxsecurity.com/articles/hackscracks_article-1663.html * Surfing Between the Flags: Security on the Web September 28th, 2000 This paper examines internet security with respect to the WWW. A number of WWW security issues are presented in three areas: server, client and communication between server and client. Practical precautions and solutions are suggested regarding these issues. Guidelines for protecting host systems are discussed. http://www.linuxsecurity.com/articles/server_security_article-1658.html * Linux Viruses: Scanner Placement September 27th, 2000 A virus scanner doesn't do you any good if it's not somewhere along the path the virus takes to get into your network, onto your machine, and then executed. When deploying antivirus software, there are a number of factors to consider. http://www.linuxsecurity.com/articles/host_security_article-1646.html +------------------------+ | Cryptography News: | +------------------------+ * AES ANNOUNCEMENT: Monday, October 2, 2000 September 29th, 2000 It appears the winner of the new encryption standard to replace DES will be announced on Monday. "The National Institute of Standards and Technology (NIST) has been working with industry and the cryptographic community to develop an Advanced Encryption Standard (AES). The overall goal is to develop a Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive government information well into the next century. http://www.linuxsecurity.com/articles/cryptography_article-1665.html * New Linux-Crypto Mailing List September 27th, 2000 A new mailing list, dedicated to all Linux Crypto topics has just opened. It is linux-crypto () nl linux org. Thanks go to all at nl.linux.org for allowing me to host this mailing list using their majordomo, esp. to Rik van Riel. http://www.linuxsecurity.com/articles/cryptography_article-1644.html * Quantum crypto secrets from Japan September 27th, 2000 Mitsubishi and Hokkaido University have completed a latest round of experiments in quantum cryptography over optical fibres. The two organisations say that their quantum cryptographic system is a success, and could have important implications for optical fibre networks already in use. http://www.linuxsecurity.com/articles/cryptography_article-1653.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Red Hat Plans Automated Security Updates September 30th, 2000 Linux vendor Red Hat is to automatically update its Linux systems with the latest security patches. The move follows a warning by security advisory firm Cert of widespread attacks on Internet servers which exploit security vulnerabilities for which fixes are readily available. A large number of hosts, many of them running Red Hat Linux, have been affected, according to Cert. http://www.linuxsecurity.com/articles/vendors_products_article-1668.html * PentaSafe Security Technologies Ships Security Software With Red Hat Linux Application CD Version 7 September 29th, 2000 PentaSafe Security Technologies, Inc., a leading developer of enterprise IT auditing and security software today announced that it is shipping its 10 Point Security Check Up Report for Linux on Red Hat's Linux Application CD which ships with Red Hat Professional Server Version 7. http://www.linuxsecurity.com/articles/vendors_products_article-1666.html * FreeBSD 4.1.1-RELEASE September 28th, 2000 Since 4.1-RELEASE was produced in August 2000, RSA released their code into the public domain and a number of other security enhancements were made possible through the FreeBSD project's permission to export cryptographic code from the United States. http://www.linuxsecurity.com/articles/vendors_products_article-1657.html * Cool Tool of the Week -- cryptcat September 27th, 2000 Cryptcat is the standard netcat enhanced with twofish encryption. Cryptcat allows you to pipe data from one host to another using encryption. "Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. http://www.linuxsecurity.com/articles/cryptography_article-1649.html * SmoothWall Linux 0.9.4 September 26th, 2000 SmoothWall Linux 0.9.4 is a recent addition to the family of Linux distributions and one with an interesting lineage. The base system files are a stripped-down version of those found in VA-Linux 6.2.1, which in turn was derived from Red Hat Linux 6.2. What is more interesting than its lineage is this distro's purpose in life: to function as, and only as, a firewall to the Internet. http://www.linuxsecurity.com/articles/vendors_products_article-1639.html +------------------------+ | General News: | +------------------------+ * Mitnick to IT managers: 'Everybody is suspect' September 29th, 2000 Infamous hacker Kevin Mitnick warned IT managers Wednesday that unless they educate every employee -- from the CEO to the receptionist -- about how hackers work and how to bolster security, corporate networks and Web sites will never be safe from attack. http://www.linuxsecurity.com/articles/hackscracks_article-1662.html * Industry retaliates against DoS attacks September 28th, 2000 Last night, top computer security executives discussed the latest requirements and technologies to provide early warnings of, mitigate the impact of, reduce production outages and system breakdowns from, and promote industry-wide communications regarding Denial of Service attacks through the Internet. http://www.linuxsecurity.com/articles/network_security_article-1659.html * Research team to review FBI's Carnivore September 27th, 2000 The Justice Department on Tuesday tapped IIT Research Institute, a Chicago-based nonprofit contract research and development group, to carry out a technical review of its controversial "Carnivore" e-mail surveillance system. http://www.linuxsecurity.com/articles/privacy_article-1650.html * Security: The neverending story September 25th, 2000 It's been said time and again, that if you're doing business online, then you're competing internationally - in effect, you have become a global company. Companies are realising that e-business security is a global issue, and they have to think global as well. The next person to probe your company's network might well be a hacker in Russia or the competitor down the road -- but they both want the same thing: to get in. http://www.linuxsecurity.com/articles/general_article-1629.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, October 2nd 2000 newsletter-admins (Oct 02)