Information Security News mailing list archives
Linux Security Week, September 25th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 25 Sep 2000 11:02:23 -0400
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 25, 2000 Volume 1, Number 21n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Privacy continues to be a hot issue. This week, the senate released a 31 page guide to privacy protection. It includes strategies and references to tools that can help protect privacy while online. Also, Network Ice released an open source clone of Carnivore, and the paper, "Circumventing Carnivore" was released. This week, Dave Wreski conducted an interesting interview with Avi Fogel, CEO of Network-1. Some of the topics include, "the state of Internet security," his experience with Windows and security, and the advantages and disadvantages of Open Source security. http://www.linuxsecurity.com/feature_stories/interview-avi-2.html Our feature this week, "Building a secure web server using Apache and OpenSSL," by Nick DeClario, outlines methods of using apache and OpenSSL to create a web server that can keep authentication and other information away from prying eyes. This is a "must-read" for server administrators. http://www.linuxsecurity.com/feature_stories/feature_story-67.html Webmasters, our advisory and news feed is now available in RDF format. We invite you to use and customize our feed to provide up-to-date security content on your website. http://www.linuxsecurity.com/linuxsecurity_articles.rdf http://www.linuxsecurity.com/linuxsecurity_advisories.rdf ------- WebTrends Sponsor ---------------------------------- Our sponsor this week is WebTrends. Their Security Analyzer has the most vulnerability tests available for Red Hat & VA Linux. It uses advanced agent-based technology, enabling you to scan your Linux servers from your Windows NT/2000 console and protect them against potential threats. Now with over 1,000 tests available. http://www.webtrends.com/redirect/linuxsecurity1.htm HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Virtual Private Networks September 19th, 2000 This is a general introduction to VPNs, including information on why they're used, architecture decisions, and more. A Virtual Private Network is a secured network connection between an individual and a private network (client-to-server) or a remote LAN and a private network (server-to-server), built over a public network infrastructure. http://www.linuxsecurity.com/articles/network_security_article-1600.html * When security fails: Forensics September 18th, 2000 You've got a sound security setup, with firewalls, intrusion detection, authentication and authorization -- the gamut. Still, one day you find that valuable data is missing from a corporate server. You have no idea whether it's in the hands of an external hacker or a malicious insider. Now what do you do? http://www.linuxsecurity.com/articles/network_security_article-1582.html * Securing a RedHat Linux 6.2 machine (Basics) September 18th, 2000 This article will cover the basics of making a virgin redhat install more or less secure before putting it on the internet. Remember all of this work should be done before the box is put online, as machines can be rooted in minutes of being on the net. http://www.linuxsecurity.com/articles/host_security_article-1585.html * High Performance Web Caching With Squid September 18th, 2000 Squid is an excellent open source web caching proxy package, but it requires quite a lot of tuning to achieve the kind of performance seen in commercial proxies. This article presents several independently useful ideas for tuning a web caching system. http://www.linuxsecurity.com/articles/server_security_article-1589.html * Red Hat plans automated security updates September 18th, 2000 Linux vendor Red Hat has revealed that it plans to include a service with its distribution of Linux that will automatically update systems with the latest security patches. The move comes after a warning from security advisory group Cert last weekend of widespread attacks on internet servers that target security vulnerabilities for which fixes are readily available. http://www.linuxsecurity.com/articles/vendors_products_article-1588.html +------------------------+ | Network Security News: | +------------------------+ * Massive Denial-of-Service Attack Looming September 20th, 2000 CERT warned that over the past two months it has received reports that computer vandals are scouring the Internet for computers containing a type of vulnerability that allows for the installation of automated "toolkits" that permit the intruder to control the affected computer for use in an attack against another computer or network. http://www.linuxsecurity.com/articles/hackscracks_article-1602.html * Why E-Security Is Hard to Tame September 20th, 2000 The computer security industry, governments, patent and regulatory bodies, and consumers have moral and social obligations to work together to tackle the issues that are preventing a streamlined environment for electronic commerce. That's the opinion Fran Rooney, chief executive of Irish security software firm Baltimore Technologies, voiced during his keynote at his company's second annual conference on Tuesday. http://www.linuxsecurity.com/articles/network_security_article-1601.html * Reflections on the Future of Security September 19th, 2000 Every season yields a bumper crop of computer security stories: break-ins, new vulnerabilities, new products. But this season has also given us a crop of stories about computer security philosophy. There has been a resurgence in opposition to the full disclosure movement: the theory that states that publishing vulnerabilities is the best way to fix them. http://www.linuxsecurity.com/articles/network_security_article-1596.html +------------------------+ | Cryptography News: | +------------------------+ * Discussing SSL and Certificates September 22nd, 2000 This document is a bit dated, but a good discussion of SSL. The Secure Sockets Layer protocol provides one means for achieving these goals and is the subject of this article. This document introduces SSL by reviewing cryptographic techniques and by discussing certificates. It also describes SSL and packages for implementing SSL http://www.linuxsecurity.com/articles/cryptography_article-1622.html * GnuPG 1.0.3 Now Available September 21st, 2000 GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. This version comes with RSA support and the new MDC encryption scheme. http://www.linuxsecurity.com/articles/cryptography_article-1618.html * Introduction to Encryption September 18th, 2000 Encryption is the process of converting data from one form (what would be considered to be readable either through plaintext or through some specific viewer like MS Word) into ciphertext. The actual process that takes place during this conversion widely varies, but the end result is the same: after conversion to ciphertext, the data is in a form that is not easily readable to prying eyes. http://www.linuxsecurity.com/articles/cryptography_article-1580.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * New software 'shreds' e-mail September 21st, 2000 Law-enforcement authorities are troubled by a new kind of software being released Wednesday that sounds like something out of Mission: Impossible. It can make e-mail messages self-destruct in 10 seconds. http://www.linuxsecurity.com/articles/network_security_article-1617.html * Cylink secures Bluetooth wireless net technology September 21st, 2000 Secure e-business pioneer Cylink Corporation today announced that its SAFER+ encryption algorithm is being used for user authentication within Bluetooth, a protocol that is rapidly growing in use for wireless communications More than 1,700 companies support the Bluetooth protocol. http://www.linuxsecurity.com/articles/vendors_products_article-1613.html * SmartGuard released by V-ONE September 20th, 2000 "V-ONE Corporation, a leading provider of Virtual Private Networks (VPN), today released the latest version of its award-winning SmartGuard Security Appliance, which now includes Secure Multiple Unit Management over the Internet and IPSec for Site-to-Site using IKE." http://www.linuxsecurity.com/articles/vendors_products_article-1604.html * IPchains Firewalling Module for Webmin 0.80.6 September 18th, 2000 The IPchains Firewalling Module, part of the RockSolid Linux Distribution, allows you to easily maintain a firewall based on ipchains with the Webmin look and feel. It has three modes: Newbie (select one of five security levels), Template (define from a table with protocols and directions what should be allowed to pass your firewall), and Expert (have the real ipchains experience by having every parameter under control by editing a script file which has all ipchains rules). http://www.linuxsecurity.com/articles/vendors_products_article-1579.html +------------------------+ | General News: | +------------------------+ * Senate Posts Guide to Privacy Protection September 22nd, 2000 Senate Judiciary Committee Chair Orrin Hatch on Wednesday touted identity scrubbers, self-destructing e-mail and other online privacy protection tools, as an alternative to stepped-up policing of the Web. Releasing a consumer guide to state-of-the-art methods of curbing personal data giveaways, the Utah republican said protecting online privacy was a "very hot issue, and it's going to get hotter." http://www.linuxsecurity.com/articles/privacy_article-1621.html * Open-source Carnivore clone released September 21st, 2000 Internet service providers looking to sidestep the controversy surrounding the FBI's Carnivore system for sniffing Internet communications will soon be able to use an open-source program that also conforms to the needs of law enforcement http://www.linuxsecurity.com/articles/privacy_article-1616.html * Carnivore FAQ September 21st, 2000 This is great document that serves to clarify some of the rhetoric and misunderstandings regarding Carnivore. "Carnivore is a computer-based system that is designed to allow the FBI, in cooperation with an Internet Service Provider (ISP), to comply with court orders requiring the collection of certain information about emails or other electronic communications to or from a specific user targeted in an investigation. http://www.linuxsecurity.com/articles/privacy_article-1609.html * Circumventing Carnivore September 20th, 2000 Jesus Oquendo writes: "While this may be no new news to anyone here are some thoughts on circumventing security modules such as Carnivore. All this was written on a flight from New York to California (how thrilling.)" http://www.linuxsecurity.com/articles/security_sources_article-1608.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, September 25th 2000 newsletter-admins (Sep 27)