Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - April 1st 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 2 Apr 2002 02:07:10 -0600 (CST)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  April 1st, 2002                              Volume 3, Number 13n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "A Buffer
Overflow Study: Attacks & Defenses," "Connecting SSH Through a Gateway,"
"Experts Debate Risks to Crypto," and "Your Web Server Is Not A Good
Hiding Place."

This week, advisories were released for zlib, php, mtr, squid, analog, and
imlib.  The vendors include Conectiva, Debian, FreeBSD, and Red Hat.

http://www.linuxsecurity.com/articles/forums_article-4700.html


Performance and Stability meet Security - EnGarde has everything necessary
to create thousands of virtual Web sites, manage e-mail, DNS, firewalling
database functions for an entire organization, and supports high-speed
broadband connections all using a Web-based front-end. EnGarde Secure
Professional provides those features and more!
 
  --> http://store.guardiandigital.com/html/eng/promo.shtml
 

FEATURE: Dsniff 'n the Mirror - This is a practical step by step guide
showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep,
and others. It also provides a discussion of how and why we should monitor
network traffic.
 
http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html
 

Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
 
 
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
 
* A Buffer Overflow Study: Attacks & Defenses
March 27th, 2002

A technical overview of heap and buffer overflows, Linux tools that can be
used to reduce their risk, the kinds of exploits these tools can prevent,
and more. "This study deals with the various kinds of overflows (heap,
stack) to understand how they work and how they may be used to execute
malicious code

http://www.linuxsecurity.com/articles/projects_article-4688.html





+------------------------+
| Network Security News: |
+------------------------+

* Case Studies: Connecting SSH Through a Gateway
March 29th, 2002

In the corporate world, companies commonly require all outgoing
connections to pass through a proxy server or gateway host : a machine
connected to both the company network and the outside. Although connected
to both networks, a gateway host doesn't act as a router, and the networks
remain separated.

http://www.linuxsecurity.com/articles/cryptography_article-4705.html


* Wireless LANs Security
March 29th, 2002

A nice resource of links to articles on wireless networking security. "LAN
802.11 benefits and applications have recently gained enthusiastic
acceptance in workplaces where mobility is essential.

http://www.linuxsecurity.com/articles/network_security_article-4704.html


* Come on, own up: IT managers leave firewalls open for hackers
March 28th, 2002

The number of flaws reported in firewalls have rocketed by nearly 50 per
cent over the past four years because IT pros don't know how to configure
them. A report by security testing specialist NTA Monitor found that flaws
in firewalls have increased by 45 per cent since 1998.

http://www.linuxsecurity.com/articles/hackscracks_article-4693.html





+------------------------+
|  Cryptography:         |
+------------------------+

* Experts Debate Risks to Crypto
March 28th, 2002

There is a growing debate in the cryptography community over whether the
cryptographic keys used in dozens of applications should be considered
compromised in light of a recent paper detailing a more efficient way of
factoring large numbers.

http://www.linuxsecurity.com/articles/cryptography_article-4691.html


* Pretty Geeky Privacy
March 28th, 2002

More and more people want powerful, easy-to-use encryption software, but
the commercial world isn't providing it. Can open source deliver? But
online security, just like everything else, is subject to the ebb and flow
of capitalism -- and the relentless releases of new software products with
which one must be compatible.

http://www.linuxsecurity.com/articles/privacy_article-4692.html


* Public encryption keys are no longer secure
March 27th, 2002

Keys used for the vast majority of encryption systems - including
ecommerce - are no longer secure. A paper by Daniel Bernstein, an
associate professor at the University of Illinois at Chicago, has shown
that it is possible to build a computer that could break the vast majority
of encryption keys in minutes.

http://www.linuxsecurity.com/articles/cryptography_article-4684.html


* Secrecy Is an Illusion
March 25th, 2002

Phil Zimmermann says he doesn't regret creating the Pretty Good Privacy
(PGP) strong encryption program, even though terrorists may use it. But
while encryption may protect our Internet transactions and routine
communications, it would be naive to think that governments or even
wealthy companies and individuals can't get around it.

http://www.linuxsecurity.com/articles/cryptography_article-4675.html




+------------------------+
|  Vendors/Products:     |
+------------------------+

* Sentry Firewall CD HOWTO
March 31st, 2002

This document is designed as an introduction on how the Sentry Firewall
CDROM works and how to get started using the system.  The Sentry Firewall
CD is a Linux-based bootable CDROM suitable for use in a variety of
different operating environments.

http://www.linuxsecurity.com/articles/firewalls_article-4707.html




+------------------------+
|  General News:         |
+------------------------+
 
* XML Security Library
March 31st, 2002

XMLSec is a C library based on XibXML2 and OpenSSL.  XMLSec Library
supports all MUST/SHOULD/MAY features and algorithms described in the W3C
standard and provides API to sign prepared document templates, add
signature(s) to a document "on-the-fly" or verify the signature(s) in the
document.

http://www.linuxsecurity.com/articles/cryptography_article-4708.html


* How to Plan for the Inevitable
March 29th, 2002

A great story about how Fleet developed an incident response plan.
"Wondering how Fleet kept track of transaction history, he entered a
random number. To his shock, he pulled up someone else's transaction. "The
hole allowed you to see people's personal information," says Bryce, who
works for Rackspace Managed Hosting in San Antonio.

http://www.linuxsecurity.com/articles/intrusion_detection_article-4703.html



* Your Web Server Is Not A Good Hiding Place
March 29th, 2002

The sad truth is that if you keep sensitive files on any Web server, you
are inviting people to view or copy those files. And not just Web servers,
either. FTP servers can also be indexed by automated scanning tools,
similar to Web indexing robots.

http://www.linuxsecurity.com/articles/network_security_article-4702.html


* Understanding Cross-Site Scripting
March 28th, 2002

For a few years now, a security vulnerability called "cross-site
scripting" has been receiving widespread attention. This problem is
particularly insidious because it arises from a simple and very common
oversight.  Tens of thousands of server-side programs have this problem,
and no programming language or development tool is exempt.

http://www.linuxsecurity.com/articles/hackscracks_article-4695.html


* Top Web Sites Scale Back Consumer Data Mining
March 27th, 2002

The most popular sites on the Internet now collect less personal
information and offer consumers a broader range of privacy options than
ever before, according to a report released by a conservative think-tank
today.

http://www.linuxsecurity.com/articles/privacy_article-4687.html


* MS vs. open source: Security's the same
March 27th, 2002

The fact is, both sides have their share of problems--but neither side has
the edge when it comes to fixing security holes. You're just as likely to
encounter a security problem with open source code as you are with
Microsoft Windows, and the fix is just as likely to appear quickly and be
done properly.

http://www.linuxsecurity.com/articles/vendors_products_article-4680.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: