Information Security News mailing list archives
Linux Security Week - February 10th 2003
From: InfoSec News <isn () c4i org>
Date: Tue, 11 Feb 2003 09:07:50 -0600 (CST)
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 10th, 2003 Volume 4, Number 6n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "How to Build, Install, Secure & Optimize Apache," "Secure your DNS - replace BIND," "The Great IDS Debate : Signature Analysis Versus Protocol Analysis," and "Know Your Enemy: Learning with VMware." FREE GUIDE - 128-bit Encryption Thawte is one of the few companies that offers 128 bit supercerts. A supercert will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Download a guide to learn more: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte9 LINUX ADVISORY WATCH: This week, advisories were released for cvs, mcrypt, slocate, qt-dcgui, bladeenc, cim, mysql, kernel, kerberos, php, OpenLDAP, windowmaker, xpdf. The distributors include Caldera, Conectiva, FreeBSD, Gentoo, Mandrake, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-6691.html Review: Absolute PC Security and Privacy - Miller never knew much about viruses, or took them seriously, until a friend got infected and it turned out to be more of a nuisance than he thought. So he decided to write a book about them. And also about spam, since he was annoyed by that, too. http://www.linuxsecurity.com/feature_stories/feature_story-136.html --------------------------------------------------------------------- CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 --------------------------------------------------------------------- Review: Mastering Network Security, Second Edition - The introduction states that this book is aimed at systems administrators who are not security experts, but have some responsibility for ensuring the integrity of their systems. That would seem to cover most sysadmins. http://www.linuxsecurity.com/feature_stories/feature_story-137.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * How to Build, Install, Secure & Optimize PHP February 6th, 2003 NOC submits When you need to add some popular web service to your web server, you will inevitably find that PHP is required and that you need to install it with Apache. In this tutorial we discuss about the way to integrate, secure, and optimize it with Apache 2.x. http://www.linuxsecurity.com/articles/documentation_article-6685.html * How to Build, Install, Secure & Optimize Apache 2.x February 6th, 2003 Apache is the most widely used HTTP-server in the world today. It surpasses all free and commercial competitors on the market, and provides a myriad of features; more than the nearest opponent could give you on a UNIX variant. It is also the most used web server for a Linux system. http://www.linuxsecurity.com/articles/documentation_article-6686.html * Securing & Optimizing Linux: The Ultimate Solution v2.0 February 6th, 2003 Mastering security with Linux and getting the maximum out of your system have never been easier. Securing & Optimizing Linux: The Ultimate Solution (v2.0) has been written and achieved with tightening security to an incomparable level in mind. http://www.linuxsecurity.com/articles/documentation_article-6687.html * Secure your DNS - replace BIND February 5th, 2003 BIND has become the most popular DNS server on the Internet. It is also a favorite hacker target. For organisations that require a more secure DNS infrastructure, the djbdns package may be the answer. http://www.linuxsecurity.com/articles/server_security_article-6680.html * Securing Systems with chroot February 4th, 2003 One popular technique crackers use to compromise machines is exploiting buffer overflows. Buffer overflows are programming bugs which often plague software written with the C language, which makes such mistakes easy to make. Once you are in the chrooted shell, you only have access to the chrooted area. There is no way to escape it; you are in the jail. http://www.linuxsecurity.com/articles/host_security_article-6662.html +------------------------+ | Network Security News: | +------------------------+ * How To Build a Secure WLAN February 9th, 2003 Wireless LANs have experienced tremendous growth since the introduction of the 802.11b wireless networking standard spurred the development of a wide range of "Wi-Fi" solutions developed by network equipment vendors. http://www.linuxsecurity.com/articles/network_security_article-6698.html * Through The Fog... Public Key Infrastructure February 6th, 2003 Security is a strange phenomenon in IT. Like a Will O' The Wisp, it's elusive. And so we are faced with the promise and the reality of Public Key Infrastructures (PKIs) - such a useful, powerful technology, coupled with near total apathy on the part of the user community to implement it. http://www.linuxsecurity.com/articles/cryptography_article-6689.html * IM A Rampant Security Risk February 6th, 2003 Instant messaging (IM) is taking off in companies but self-installed consumer versions of software that allows this type of communication are posing a "rampant security risk" on networks. Already some companies see IM as a time wasting technology - as was the case when email, web access and even the telephone were first put on workers' desks - but the latest warning, levelled by Blue Coat Systems, is based on three key factors. http://www.linuxsecurity.com/articles/network_security_article-6690.html * The Great IDS Debate : Signature Analysis Versus Protocol Analysis February 6th, 2003 Intrusion detection systems (IDS) have rapidly become a crucial component of any network defense strategy. Over the past few years, their popularity has soared as vendors have refined their results and increased performance capabilities. At the heart of intrusion detection systems lies the analysis engine. http://www.linuxsecurity.com/articles/intrusion_detection_article-6682.html * The Crypto Gardening Guide and Planting Tips February 5th, 2003 There has been a great deal of difficulty experienced in getting research performed by cryptographers in the last decade or so (beyond basic algorithms such as SHA and AES) applied in practice. The reason for this is that cryptographers don't work on things that implementors need because it's not cool, and implementors don't use what cryptographers design because it's not useful or sufficiently aligned with real-world considerations to be practical. http://www.linuxsecurity.com/articles/cryptography_article-6679.html * Safety: Open Networks Pose Dilemma February 5th, 2003 If you want to know how insecure today's wireless networks are, just ask the people who make it their mission to locate the access points designated by companies and consumers around the world. http://www.linuxsecurity.com/articles/network_security_article-6675.html * Know Your Enemy: Learning with VMware February 4th, 2003 Virtual Honeynets are a solution that allow you to run a complete Honeynet with multiple operating systems on the same physical computer. First discussed in the paper Know Your Enemy: Virtual Honeynets, these solutions have the advantage of being easier to deploy and simpler to manage. http://www.linuxsecurity.com/articles/intrusion_detection_article-6669.html * SANS Webcast: Top 10 Unix Vulnerabilities February 3rd, 2003 Worried about the state of Unix security at your site but unsure where to begin? The top 10 Unix vulnerabilities from the SANS "Top 20" list make an excellent starting point. Listen as Hal Pomeranz, the author of SANS' Unix Security Track, explains the vulnerabilities and provides valuable pointers on how to correct or mitigate these vulnerabilities on your systems. http://www.linuxsecurity.com/articles/security_sources_article-6660.html +------------------------+ | General News: | +------------------------+ * Mitnick freedom welcomed by his website defacement. February 8th, 2003 "Dear Kevin, welcome to the free world. In order to let you feel more comfortable, we defaced your website www.defensivethinking.com. PS: your security skills are a little rusty, arent' they?" This was the meaning of the message posted by hacker BugBear on Mitnick's website as you can see by the mirror taken by zone-h. http://www.linuxsecurity.com/articles/hackscracks_article-6697.html * Slammer: Why Security Benefits From Proof Of Concept Code February 7th, 2003 The UK security expert who discovered the flaw which was exploited by the Slammer worm has concluded it does more good than harm to publish proof of concept code.In a posting to BugTraq, David Litchfield of NGSSoftware expressed concerns that his proof of concept code was used as a template by unknown vandals in creating the destructive Slammer worm. http://www.linuxsecurity.com/articles/security_sources_article-6692.html * Assessing The Threat: Symantec's 2003 Security Report February 5th, 2003 The latest Symantec threat assessment seems to suggest that businesses are more vulnerable, but better protected than ever before. It also reveals that businesses are in more danger of being attacked from sources within the US than any other country, and that the use of wireless and instant messaging technologies has rendered companies especially vulnerable. http://www.linuxsecurity.com/articles/forums_article-6678.html * Prelude IDS Yoann Vandoorselaere Interview February 4th, 2003 My name is Yoann Vandoorselaere, I live in France and I'm the founder and main developer of the Prelude Intrusion Detection System. I've worked on many free software project, such as libsafe, libpcap (a library for packet capture), the Nautilus file manager, OMS (Open Media System), libvo, the Linux kernel and others. http://www.linuxsecurity.com/articles/general_article-6672.html * Openwall GNU/Linux Solar Designer Interview February 4th, 2003 I generally prefer to speak about things I do rather than about myself. For the past 6 years I've been spending much of my time on computer and network security. In particular, I've been developing free Unix security tools and other (non-security) software designed to be safe to use, as well as making existing software and technologies safer to use (discovering, dealing with, and sometimes publicizing vulnerabilities whenever that seemed appropriate). http://www.linuxsecurity.com/articles/general_article-6671.html * February Honeynet Scan of the Month February 4th, 2003 We are excited to announce the SotM challenge for the Month of February 2003. Sponsored by the Digital Forensic Research Workshop, this month's challenge is a continuation of the October 2002 challenge (Scan 24). It is not necessary for you to have attempted and or completed the October 2002 challenge. Based on the police report and recovered evidence, your mission is to answer a series of questions pertaining to the case. This month's challenge is rated Intermediate to Advance. http://www.linuxsecurity.com/articles/intrusion_detection_article-6668.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Linux Security Week - February 10th 2003 InfoSec News (Feb 11)