Information Security News mailing list archives
Linux Security Week - February 5th 2001
From: newsletter-admins () linuxsecurity com
Date: Mon, 5 Feb 2001 00:24:07 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 5th, 2001 Volume 2, Number 6n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. A few good papers were released this week. Some of the best include "Intrusion Detection Systems: Part II - Installing Tripwire," "System Fingerprinting," and "Intrusion Detection Systems for your network: Part I. These articles may prove to be helpful. Real World Linux Security: Bob Toxen's Perspective In this interview, Bob introduces his new book, discusses the "seven deadly sins" of Linux security, and outlines the benefits of the open source software model. He also points out the pitfalls that many system administrators fall into and how to avoid them. http://www.linuxsecurity.com/feature_stories/feature_story-76.html This week, advisories were released for MySQL, bind, kdesu, glibc, openssh, ident, periodic, sort, micq, tinyproxy, exmh2, xemacs, inetd, and LPRng. The vendors include Conectiva, Caldera, Debian, Immunix, FreeBSD, Mandrake, Red Hat, SuSE, Slackware, and Trustix. http://www.linuxsecurity.com/articles/forums_article-2430.html ** OpenDoc Publishing ** Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Former System Admin. Sentenced February 2nd, 2001 A former network administrator for the US District Court in Alaska has been sentenced for launching a series of denial-of-service attacks against a New York District Court Web site. According to information released today by the FBI, Anchorage resident Scott Dennis was sentenced Jan. 19 to three months in jail for launching three denial-of-service attacks against the US District Court for the Eastern District of New York. http://www.linuxsecurity.com/articles/hackscracks_article-2431.html * Intrusion Detection Systems: Part II - Installing Tripwire January 31st, 2001 In the first part of this series we had a laid the ground work that took us a step further towards understanding the necessity of a full fledged Intrusion Detection system (IDS). A good policy is to mix and match the best to form a security grid that should be difficult enough even for the expert cracker to penetrate. The various IDS systems of interest to us throughout this series will be purely Tripwire and Snort. http://www.linuxsecurity.com/articles/network_security_article-2412.html * System Fingerprinting January 29th, 2001 When someone with half a clue decides to attack your system, they will first try to identify the operating system. Not every attack proceeds this way -- script kiddies will probe huge address spaces looking for any system with a particular port open, indicating that just maybe that system will be vulnerable. http://www.linuxsecurity.com/articles/network_security_article-2399.html * SSL is not a magic bullet January 28th, 2001 Unfortunately, SSL has a checkered past and present. Like other security problems involving encryption packages, the issues lie not so much in SSL as in the software used to implement and support it. Instead of guaranteeing security, SSL may provide a false sense of security through its occasional failings. http://www.linuxsecurity.com/articles/cryptography_article-2386.html * Linux security basics January 26th, 2001 Here is a defensive driving course for the information superhighway. Learn to develop a threat model, to implement security measures, and to find out what the newest threats may be. There seem to be two kinds of people in the world: those who think computer security is fun and exciting, and those who think it is arcane and scary. http://www.linuxsecurity.com/articles/host_security_article-2382.html +------------------------+ | Network Security News: | +------------------------+ * Extreme Security For Web Servers February 2nd, 2001 To enter the vaults inside the windowless bunker-like compound requires punching in key codes and slipping your fingers into a series of scanners similar to those used at the U.S. Navy's nuclear facilities. The scanners leave little to chance. Their sensitive glass touch pads read thumbprints and detect body heat and pulse. http://www.linuxsecurity.com/articles/host_security_article-2432.html * Net Present Value of Information Security: Part I January 30th, 2001 Ebusiness offers tremendous opportunities for reducing costs and improving revenues. However, along with the advantages it also brings new threats and liabilities that leave businesses highly vulnerable to cyber attack and fraud. Business today must be concerned with the impact of ebusiness on core business purpose, service availability, customer confidence and privacy. http://www.linuxsecurity.com/articles/network_security_article-2405.html * Intrusion Detection Systems for your network: Part I January 30th, 2001 As a System administrator of a *NIX network it is your responsibility to ensure that your *NIX machines are running in perfect condition and to see to it that valuable customers and transactions are not lost, by minimizing the down time. This responsibility becomes even more pressurizing when we talk about today's scenario wherein smooth flow of high volume traffic is the need of the hour in most environments. It is a known fact that most big names in the business of E-Commerce hardware / software solutions, expect 99.99999 %(that's the five 9 concept) uptime. http://www.linuxsecurity.com/articles/network_security_article-2402.html * Firewalls remain best bet for security, although none can be completely safe January 29th, 2001 Lately, hackers have discovered they can sneak into your computer by sending look-alike imposters to the firewall's gate. The hackers simply rename a snooping program or a virus so that it has the same file name as your browser or e-mail program, and your firewall program will wave it right through the gate. http://www.linuxsecurity.com/articles/firewalls_article-2396.html * Top Ten Secure Shell FAQs January 28th, 2001 SSH, the Secure Shell, is a set of protocols and software that provide secure, remote terminal sessions between networked computers. In addition to a simple remote command prompt, most SSH implementations also provide secure forwarding of X Window traffic as well as forwarding of connections to arbitrary TCP ports. http://www.linuxsecurity.com/articles/cryptography_article-2387.html * Internet Exploits Defined January 26th, 2001 Start with the basics. "No longer does a hacker have to huddle in front of a glowing monitor. Today's hacker has at his disposal a literal arsenal of fully automated tools, through which he can gain access to your system without lifting so much as a finger. These are known as "exploits." http://www.linuxsecurity.com/articles/hackscracks_article-2380.html +------------------------+ | Cryptography News: | +------------------------+ * Pinoy math enthusiast finds fast way to decode RSA encryption February 4th, 2001 "Filipino mathematics enthusiast has developed a new method of decoding RSA (RivestShamir-Adleman) encryption using three simple formulas. Leo de Velez has discovered these three formulas are simple forward equations that allow fast decoding of RSA encryption. " http://www.linuxsecurity.com/articles/cryptography_article-2440.html * Crypto regs still tricky February 1st, 2001 Over a year after the US government first announced the liberalization of encryption export rules, a tangle of vestigial regulations might still trip up unwary developers, experts say. "Never work under the belief that encryption is not controlled," said Susan Kotila, project manager with Apple's export license department. http://www.linuxsecurity.com/articles/cryptography_article-2416.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Internet Software Consortium's in a BIND with users February 2nd, 2001 In response to the revelation of several holes in its BIND domain name server software this week, the Internet Software Consortium is starting a fee-based, members-only forum, a move that many observers feel will only worsen the software's security problems. http://www.linuxsecurity.com/articles/security_sources_article-2390.html * IBM Reveals New "Signcryption" Algorithm February 1st, 2001 A new algorithm developed by IBM could double the speed of secure online communications. IBM says the combination encryption/authentication technique is particularly suited to securing Internet protocols, storage area network protocols, fiber-optic networks and e-business transactions. But analysts say the new technique needs further study. http://www.linuxsecurity.com/articles/cryptography_article-2428.html * An Introduction to the OCTAVE Method February 1st, 2001 Information systems are essential to most organizations today. The confidentiality, integrity, and availability of information are critical to organizations' missions. However, many organizations form protection strategies for their information systems by focusing solely on infrastructure weaknesses; they fail to establish the effect on their most important information assets. http://www.linuxsecurity.com/articles/documentation_article-2420.html * NSA attempting to design crack-proof computer February 1st, 2001 Software emulation firm VMware announced it has teamed up with researchers at the National Security Agency to create a nearly crack-proof computer that can place sensitive data in virtual vaults inside the PC. The concept, assuming it works, would streamline the methods intelligence agencies use to manage data. At present, the NSA--the military surveillance arm of the United States intelligence community--physically separates networks carrying data of a particular classification. http://www.linuxsecurity.com/articles/government_article-2427.html * Call For Testers: New Secure ftpd January 29th, 2001 Chris Evans has announced a beta release of "vsftpd". "vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously this is not a guarantee, but a reflection that I have written the entire codebase with security in mind, and carefully designed the program to be resilient to attack" http://www.linuxsecurity.com/articles/server_security_article-2385.html * Some Thoughts on the Occasion of the NSA Linux Release January 27th, 2001 There are two things I am sure of after all these years: there is a growing societal need for high assurance software, and market forces are never going to provide it. Superficially, I'm going to offer a few comments on the technology underlying the NSA release. http://www.linuxsecurity.com/articles/vendors_products_article-2434.html +------------------------+ | General News: | +------------------------+ * Tech industry calls for privacy self-regulation January 31st, 2001 The Bush administration and Congress should focus on better science and math education to boost high technology and leave privacy concerns to the companies involved, a technology trade group said in a report released Tuesday. The American Electronics Association, the largest trade group of its kind, noted that recent U.S. economic growth has been due largely to the high-tech explosion. http://www.linuxsecurity.com/articles/government_article-2407.html * Spotlight On Privacy January 31st, 2001 A showdown is brewing between the technology industry and consumer advocates over what kind of online privacy legislation the 107th Congress should adopt. Consumer advocates and many legislators want a federal law that limits what e-commerce firms can do with information they collect about Web users. Most industry groups, on the other hand, say that no Net privacy laws are necessary and that the industry can effectively regulate itself. http://www.linuxsecurity.com/articles/privacy_article-2409.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week - February 5th 2001 newsletter-admins (Feb 05)