Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - November 4th 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 5 Nov 2002 06:07:36 -0600 (CST)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  November 4th, 2002                           Volume 3, Number 43n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "The Very Basics
Of TCP/IP - Layers And What They Do," "IP Smartspoofing," "Smart Security:
Network Scanners," and "Security Fueling Open-Source Adoption."

LINUX ADVISORY WATCH:
This week, advisories were released for chrn, bzip2, pam_ldap,
uudecode, inn, kdegraphics, krb5, heimdal, mozilla, ypserv, mod_ssl,
syslog-ng, and lprng.  The vendors include Caldera, Debian, EnGarde,
Gentoo, Mandrake, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-6059.html


Concerned about the next threat? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2

FEATURE:  Remote Syslogging: A Primer - The syslog daemon is a very
versatile tool that should never be overlooked under any circumstances.
The facility itself provides a wealth of information regarding the local
system that it monitors.

http://www.linuxsecurity.com/feature_stories/feature_story-123.html

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+


* Latest Linux Kernel To Control Access
November 1st, 2002

The Linux 2.6 kernel contains many features found in commercial Unixes,
although some significant issues remain to be fixed.  Companies using or
considering Linux should start planning for the next version, following
news that developers last week stopped adding new features to the newest
operating system kernel in preparation for the next upgrade

http://www.linuxsecurity.com/articles/host_security_article-6068.html


* Data warehouses: A Security Disaster
October 31st, 2002

Through 2005, 80 percent of enterprises will not have adequately planned,
defined or incorporated data warehouse security into their overall
enterprise security plans, increasing by 75 percent the chance that a
security breach will occur (0.7 probability?

http://www.linuxsecurity.com/articles/documentation_article-6057.html



+------------------------+
| Network Security News: |
+------------------------+

* Proxim's Harmony 802.11a WLAN Card: Burning Up The Airwaves
November 1st, 2002

As standards wars rage on in 802.11 wireless local-area networks, the
Proxim Harmony 802.11a card shows the promise of a cost-effective wireless
bandwidth adequate for video and data by cranking up wireless data rates
to a theoretical 54 Mbits/second and beyond, although actual throughput is
lower.

http://www.linuxsecurity.com/articles/vendors_products_article-6067.html


* Tougher Security In The Offing For Wireless LANs
November 1st, 2002

The Wi-Fi Alliance unveiled new security specifications for 802.11b
networks, replacing the easy-to-circumvent Wired Equivalent Privacy (WEP)
that's now standard.

http://www.linuxsecurity.com/articles/network_security_article-6065.html


* Wi-Fi Group Lays Out Better Wireless Security
October 31st, 2002

A task group within the IEEE (Institute of Electrical and Electronic
Engineers) 802.11 working group, which is in charge of the IEEE 802.11b
and 802.11a standards on which Wi-Fi products are based, is now working on
a tough new security standard called 802.11i.

http://www.linuxsecurity.com/articles/security_sources_article-6055.html


* Book Review: Network Security with OpenSSL
October 30th, 2002

Joe "Zonker" Brockmeier writes, "The latest addition to O'Reilly's
"must-have" references is Network Security with OpenSSL. The book covers
pretty much all you'd ever need to know about using OpenSSL in your
programs.  The introduction covers some of the basics of cryptography,
types of encryption, and so forth for about ten pages before settling down
to discuss OpenSSL specifically.

http://www.linuxsecurity.com/articles/documentation_article-6042.html


* The Very Basics Of TCP/IP - Layers And What They Do
October 30th, 2002

What is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet
Protocol and is the system of standard protocols that runs the web. That
is to say, any computer that wants to send WWW information to another via
the internet will almost certainly want to use TCP/IP as the transmission
protocol, and understanding it is the key to understand the `lower levels'
of how the internet works.

http://www.linuxsecurity.com/articles/documentation_article-6044.html


* IP Smartspoofing
October 29th, 2002

This paper describes a new technique for IP Spoofing with any network
application. IP Spoofing is not new and various hacking tools have been
developed to exploit it.  IP Smart Spoofing uses a combination of ARP
Cache Poisoning, network address translation and routing.

http://www.linuxsecurity.com/articles/documentation_article-6033.html


* Sniffer Library Version 1.0
October 29th, 2002

"This Sniffer package allows a high level programmer to sniff IP packets
arriving at, and leaving their computer. A queue of IP packets is sent to
the Java or C++ program and the programmer can analyse each packet in
sequence. The programmer can optionally filter the queue of IP packets by
specifying the IP addresses, protocols and port numbers for which packets
are queued."

http://www.linuxsecurity.com/articles/network_security_article-6041.html


* Smart Security: Network Scanners
October 28th, 2002

Don't wait for a hacker to show you where your network's vulnerabilities
lie. Be smart, and use a network scanner with intelligence--artificial
intelligence (AI), to be precise.

http://www.linuxsecurity.com/articles/network_security_article-6023.html



+------------------------+
| Cryptography News:     |
+------------------------+

* Introducing Network Attached Encryption
October 31st, 2002

Application security specialist Ingrian Networks has developed a
technology to offload encryption functions from application or database
servers onto appliances with the aim of providing more robust security for
data in storage.

http://www.linuxsecurity.com/articles/cryptography_article-6049.html


* Kerberos Bug Bites
October 28th, 2002

A flaw has been identified in certain implementations of the widely used
Kerberos authentication protocol. The flaw could be exploited by crackers
to gain root access to authentication servers.


http://www.linuxsecurity.com/articles/security_sources_article-6024.html



+------------------------+
|  General News:         |
+------------------------+

* Root-Server Attack Traced to South Korea, U.S.
November 1st, 2002

Last week's attacks on the Internet's backbone likely emanated from
computers in the United States and South Korea, FBI Director Robert
Mueller today said.  "The investigation is ongoing," Mueller said at an
Internet security conference in Falls Church, Va.

http://www.linuxsecurity.com/articles/hackscracks_article-6064.html


* Do Bug-Hunting Security Firms Put Users at Risk?
October 31st, 2002

When researchers at GreyMagic Software discovered a batch of security
vulnerabilities in Microsoft's Internet Explorer earlier this month, their
first response was to test the vulnerabilities and make sure they were for
real. What they did next, however, raised the ire of Microsoft and others
within the software industry.

http://www.linuxsecurity.com/articles/forums_article-6056.html


* NSA and NIST complete profiles for security needs
October 31st, 2002

The National Institute of Standards and Technology and the National
Security Agency have completed profiles for recommended security features
for five of the 10 technology areas the agencies have targeted for profile
development.

http://www.linuxsecurity.com/articles/government_article-6054.html


* Security Fueling Open-Source Adoption
October 30th, 2002

Security is becoming one of the main drivers behind the adoption of
open-source software in the enterprise and government, say security
experts and CIOs gathered here for Red Hat Inc.'s Open Source Security
Summit.

http://www.linuxsecurity.com/articles/general_article-6045.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: