Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - June 3rd 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 4 Jun 2002 03:39:19 -0500 (CDT)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  June 3rd, 2002                               Volume 3, Number 22n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "SQL Injection
Walkthrough," "Intrusion Detection: Running a Hacker Simulation," "SANS
Security Policy Project," and "Desperately Seeking the Security ROI."

This week, advisories were released for k5su, bzip2, kernel, rc, imap,
perl-Digest-MD5, fetchmail, dhcp, mailman, mozilla, nss_ldap, and tcpdump. =
=20
The vendors include Conectiva, FreeBSD, Mandrake, Red Hat, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-5067.html


FEATURE: Flying Pigs: SnortingNext GenerationSecure Remote Log Servers
over TCP - A Comprehensive Guide to Building Encrypted, Secure Remote
Syslog-ng Servers with the Snort Intrusion Detection System.

  http://www.linuxsecurity.com/feature_stories/snortlog-part1.html


** Build Complete Internet Presence Quickly and Securely! **

EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use!

 --> http://www.guardiandigital.com/promo/ls230502.html


Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Linux.Simile: Windows Virus that affects Linux Too?
May 31st, 2002

{Win32,Linux}/Simile.D is a very complex virus that uses entry-point
obscuring, metamorphism, and polymorphic decryption. It is the first known
polymorphic metamorphic virus to infect under both Windows and Linux. The
virus contains no destructive payload, but infected files may display
messages on certain dates. It is the fourth variant of the Simile family.

http://www.linuxsecurity.com/articles/server_security_article-5066.html


* SQL Injection Walkthrough
May 28th, 2002

When a machine has only port 80 opened, your most trusted vulnerability
scanner cannot return anything useful, and you know that the admin always
patch his server, we have to turn to web hacking. SQL injection is one of
type of web hacking that require nothing but port 80 and it might just
work even if the admin is patch-happy.

http://www.linuxsecurity.com/articles/server_security_article-5049.html



+------------------------+
| Network Security News: |
+------------------------+

* Beyond intrusion detection
May 30th, 2002

Making sense of security software event logs, whether it's from your
firewall or an expensive intrusion detection system, can be like trying to
drink from a fire hose. Even when you find a real problem, what do you do? =
=20
But intrusion detection is definitely not a bad idea.


http://www.linuxsecurity.com/articles/intrusion_detection_article-5060.html


* Intrusion Detection: Running a Hacker Simulation
May 30th, 2002

The most common type of hacker simulation is a remote scan of a company's
network, which gives the target company an idea of what its networks look
like to a hacker on the Internet.

http://www.linuxsecurity.com/articles/intrusion_detection_article-5065.html


* Intrusion-detection net revived
May 28th, 2002

The General Services Administration and Carnegie Mellon University this
fall will start testing a new technology to analyze and report on patterns
in the cyber intrusion information gathered across government, an idea
that was first floated and eventually sunk two years ago

http://www.linuxsecurity.com/articles/intrusion_detection_article-5053.html




+------------------------+
|  Cryptography:         |
+------------------------+

* COMU Privacy Guard
May 30th, 2002

CPG stands for COMU Privacy Guard. It is a security tool. In essence, it
is a web based shell of Gnu Privacy Guard. It ables users to perform main
functions of GnuPG on the web.

http://www.linuxsecurity.com/articles/cryptography_article-5063.html



+------------------------+
|  Vendors/Products:     |
+------------------------+

* Study: Open source poses security risks
May 31st, 2002

A conservative U.S. think tank suggests in an upcoming report that
open-source software is inherently less secure than proprietary software,
and warns governments against relying on it for national security.

http://www.linuxsecurity.com/articles/projects_article-5072.html




+------------------------+
|  General:              |
+------------------------+

* When hacking competitions go wrong
May 31st, 2002

A hacking contest that promised $100,000 as first prize appears to have
been weighted so heavily against competitors that some decided to hack the
competition rather than the target server.

http://www.linuxsecurity.com/articles/hackscracks_article-5070.html


* Hackers V. Colleges: Security Bolstered for University Computer
Systems
May 31st, 2002

College officials said the threats are not just from smart and
sophisticated pranksters and criminals, but also from mischievous teens
who have figured ways to capture computers. Colleges and universities
battle hackers and viruses every day as a matter of course, not unlike the
way hospitals try to eradicate health-threatening germs and killer viruses
to save lives.

http://www.linuxsecurity.com/articles/hackscracks_article-5068.html


* CERT Summary CS-2002-02
May 29th, 2002

Each quarter, the CERT=AE Coordination Center (CERT/CC) issues the CERT
summary to draw attention to the types of attacks reported to our incident
response team, as well as other noteworthy incident and vulnerability
information. The summary includes pointers to sources of information for
dealing with the problems.

http://www.linuxsecurity.com/articles/security_sources_article-5055.html


* SANS Security Policy Project
May 27th, 2002

Welcome to the SANS Security Policy Resource page, a consensus research
project of the SANS community. The ultimate goal of the project is to
offer everything you need for rapid development and implementation of
information security policies.

http://www.linuxsecurity.com/articles/security_sources_article-5046.html


* Desperately Seeking the Security ROI
May 27th, 2002

Talk may be cheap, but the infosec price tag is not. It shouldn't come as
a surprise that the infamous TCO (total cost of ownership) and ROI (return
on investment) justifications have descended upon the unsuspecting
troopers in the infosec trenches. Apparently, it's time for us security
geeks to learn some new tricks.

http://www.linuxsecurity.com/articles/organizations_events_article-5047.htm=
l


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: