Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - September 9th 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 10 Sep 2002 02:11:02 -0500 (CDT)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 9th, 2002                          Volume 3, Number 35n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
 
This week, perhaps the most interesting articles include "Open Source
Software: Is it Really Secure," "Who Goes There: An Introduction to
On-Access Virus Scanning," "Adaptive Linux Firewalls," and "Airwave
camouflage to stop drive-by hacking."
 
Concerned about the next threat? EnGarde is the undisputed winner! 
 
 Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing 
 Editor's Choice Award, EnGarde "walked away with our Editor's Choice 
 award thanks to the depth of its security strategy..." Find out what 
 the other Linux vendors are not telling you. 
 
  -> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
 

FEATURE: NFS Security - NFS (Network File System) is a widely used and 
primitive protocol that allows computers to share files over a network. 
The main problems with NFS are that it relies on the inherently insecure 
UDP protocol, transactions are not encrypted and hosts and users cannot 
be easily authenticated. Below we will show a number of issues that one 
can follow to heal those security problems.
 
http://www.linuxsecurity.com/feature_stories/feature_story-118.html
 
This week, advisories were released for pxe, ethereal, scrollkeeper,
mailman, mantis, amavis, and glibc.  The vendors include Conectiva,
Debian, Gentoo, Red Hat, and SuSE.
 
http://www.linuxsecurity.com/articles/forums_article-5650.html
 
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request () linuxsecurity com with "subscribe"
as the subject.
 
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
 
* Open Source Software: Is it Really Secure?
September 5th, 2002
 
People often ask me if they should trust Open Source Software (OSS). This
question predates the emergence of Linux and the various Berkeley Software
Distribution (BSD) OSs, as popular security software for Unix systems,
such as COPS and Tripwire (www.tripwire.com), began showing up in the
early 1990s.
 
http://www.linuxsecurity.com/articles/forums_article-5643.html
 

* Password guessing games with Check Point firewall
September 4th, 2002
 
Security researchers have discovered two potentially serious flaws with
Check Point's flagship FireWall-1 firewall which give rise to both
username guessing and sniffing issues.  First, affected versions permit
attackers to determine if a firewall username is valid without having to
know the associated password.
 
http://www.linuxsecurity.com/articles/vendors_products_article-5631.html
 

* Apache Flaw Leaves Server Wide Open
September 3rd, 2002
 
Although this problem doesn't affect UNIX and Linux variants, it does
apply to more than just Microsoft Windows platforms. You should check it
out even if you are running NetWare or OS/2 (both of which are definitely
vulnerable) or any other non-UNIX platform.
 
http://www.linuxsecurity.com/articles/vendors_products_article-5628.html
 

* Who Goes There: An Introduction to On-Access Virus Scanning, Part One
September 3rd, 2002
 
By now, most savvy computer users have anti-virus software (AV) installed
on their machines and use it as part of their regular computing routine.
However, most average users do not know how anti-virus software works.
This two-part series will offer a brief overview of a particular type of
anti-virus mechanism know as on-access virus scanners.
 
http://www.linuxsecurity.com/articles/network_security_article-5623.html
 
 
 

+------------------------+
| Network Security News: |
+------------------------+
 
* Control the Keys to the Kingdom
September 6th, 2002
 
We've said it before and we'll say it again: You will never have a totally
secure network. The best you can hope for is that your security strategies
will minimize exposure to attack, and if you are hit, the damage can be
contained. Plenty of point products are available to help eliminate
avenues of attack
 
http://www.linuxsecurity.com/articles/network_security_article-5658.html
 

* Wireless Security Blackpaper
September 6th, 2002
 
In 1999 the IEEE completed and approved the standard known as 802.11b, and
WLANs were born. Finally, computer networks could achieve connectivity
with a useable amount of bandwidth without being networked via a wall
socket. Suddenly connecting multiple computers in a house to share an
Internet connection or play LAN games no longer required expensive or ugly
cabling.
 
http://www.linuxsecurity.com/articles/security_sources_article-5659.html
 

* Airwave camouflage to stop drive-by hacking
September 5th, 2002
 
Software that generates a blizzard of bogus wireless network access points
could bamboozle hackers trying to access corporate and home computer
networks.  This would stop them stealing wireless surfing time and
exploring corporate wireless networks, say the two US computer programmers
behind the scheme.
 
http://www.linuxsecurity.com/articles/network_security_article-5638.html
 

* Three Fallacies About Remote Access
September 3rd, 2002
 
Security precautions are only as good as the assumptions that underpin
them. Enterprises must be scrupulous in separating myth from fact when it
comes to how, why, and by whom the enterprise's network and information
might be illicitly accessed--with potentially disastrous consequences.
 
http://www.linuxsecurity.com/articles/security_sources_article-5622.html
 

* Adaptive Linux Firewalls
September 2nd, 2002
 
Automatic firewall hardening is a technique used by many commercial
firewalls to prevent invalid packets from reaching protected networks. The
objective of this document is to demonstrate how to harden iptables in
real-time.
 
http://www.linuxsecurity.com/articles/firewalls_article-5619.html
 
 
 

+------------------------+
|  Cryptography:         |
+------------------------+
 
* Encrypted e-mails may be digital bullets
September 6th, 2002
 
For more than a decade, the United States government classified encryption
technology as a weapon. Now that label might actually apply.
Security-consulting firm Foundstone said Thursday that e-mail messages
encrypted with the Pretty Good Privacy program can be used as digital
bullets to attack and take control of a victim's computer.
 
http://www.linuxsecurity.com/articles/cryptography_article-5651.html
 
 
 

+------------------------+
|  General:              |
+------------------------+
 
 
* Profile of the Perfect Security Guru
September 6th, 2002
 
They know how to set up and maintain firewall, antivirus and intrusion
detection systems. They know how to scan the company network for holes.
They are up to speed on the latest vulnerabilities -- and know whether or
not software patches are available.  They know what to do when the
corporate servers get hacked, and they know how to stop the attack in its
tracks. They also have the gumption to tell you when they cannot handle
something, and they can recommend where to go for help.
 
http://www.linuxsecurity.com/articles/forums_article-5657.html
 

* Are Hackers Accessing Your Company Via Your PBX?
September 6th, 2002
 
Although most companies today have improved security on their data
networks, thus cutting down on white-collar crime and hack attacks, too
few have paid enough attention to their PBX system. The PBX remains a
potentially huge back door problem for data network security.
 
http://www.linuxsecurity.com/articles/network_security_article-5654.html
 

* Companies exposed to .social engineers. . Mitnick
September 5th, 2002
 
"A lot of people think they are not gullible, that they can't be
manipulated, but nothing could be further from the truth," says Mitnick.
He claims that using such techniques - combined with substantial technical
know-how - he was able to break into all but one of the systems he
targeted in a 15-year hacking career.
 
http://www.linuxsecurity.com/articles/general_article-5639.html
 

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: