Linux Security Week - June 9th 2003

[InfoSec News <isn () c4i org>]

+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  June 9th, 2003                               Volume 4, Number 23n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "OpenBSD Gets
Harder to Crack," "Quantum Cryptography Stretches 100 Kilometres," "Fear
Drives Irrational Security Decisions," and "Building Firewalls with
iptables."


LINUX ADVISORY WATCH:
This week, advisories were released for maelstrom, apache, tomcat, kernel,
wget, file, lprng, cups, ghostscript, kon2, gnupg, squirrelmail,
xinetd,lprng, lv, and httpd. The distributors include Gentoo, Immunix,
Mandrake, OpenPKG, Red Hat, Turbolinux, and Yellow Dog.

http://www.linuxsecurity.com/articles/forums_article-7394.html


> > FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security?  Click here to get
a FREE Thawte Apache SSL Guide and find the answers to all your Apache
SSL security needs.

 Click here to download our Free guide:
 http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte21


FEATURE: Real-Time Alerting with Snort
Real-time alerting is a feature of an IDS or any other monitoring
application that notifies a person of an event in an acceptably short
amount of time. The amount of time that is acceptable is different
for every person.

http://www.linuxsecurity.com/feature_stories/feature_story-144.html


--------------------------------------------------------------------

* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail
Suite is unparalleled in security, ease of management, and features.
Open source technology constantly adapts to new threats. Email
firewall, simplified administration, automatically updated.

 --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2

--------------------------------------------------------------------

LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez

Intrusion Detection is the process and methodology of inspecting
data for malicious, inaccurate or anomalous activity. At the most
basic levels there are two forms of Intrusion Detection Systems that
you will encounter: Host and Network based.

http://www.linuxsecurity.com/feature_stories/feature_story-143.html



 #### Concerned about the next threat?  ####
 #### EnGarde is the undisputed winner! ####

 Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
 Editor's Choice Award, EnGarde "walked away with our Editor's Choice
 award thanks to the depth of its security strategy..." Find out what
 the other Linux vendors are not telling you.

 http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=newsletter


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+


* Cutting Spam Down To Size
June 6th, 2003

How many clever or not-too-clever phrases have been written about people's
feelings concerning spam, that is, unwanted commercial e-mail? We'd like
to can it, kill it, squash it, fry it and shred it. Yet it still keeps
popping up in the in-box, mocking us to do something about it.

http://www.linuxsecurity.com/articles/privacy_article-7404.html


* Flexible OS Support and Applications for Trusted Computing
June 6th, 2003

Trusted computing (e.g. TCPA and Microsoft's Next-Generation Secure
Computing Base) has been one of the most talked about and least understood
technologies in the computing community over the past year. The
capabilities trusted computing provides have the potential to radically
improve the security and robustness of distributed systems.

http://www.linuxsecurity.com/articles/security_sources_article-7395.html


* OpenBSD Gets Harder to Crack
June 4th, 2003

On the security field, nothing is quite as revealing--or as taxing--as the
passage of time.  By that measure in particular, the OpenBSD development
team's OpenBSD operating system stands out.

http://www.linuxsecurity.com/articles/vendors_products_article-7387.html




+------------------------+
| Network Security News: |
+------------------------+

* Quantum Cryptography Stretches 100 Kilometres
June 5th, 2003

Communications protected with the complete security of quantum
cryptography are now possible over an ordinary 100-kilometre fibre optic
cable, thanks to sophisticated photon detection equipment developed by UK
researchers.

http://www.linuxsecurity.com/articles/cryptography_article-7392.html


* Security Standards Could Bolster File-sharing Networks
June 5th, 2003

Plans to build security features into personal computers to make
unauthorised digital copying more difficult could backfire by
strengthening controversial peer-to-peer file-sharing networks, say US
researchers.

http://www.linuxsecurity.com/articles/security_sources_article-7390.html


* Langa Letter: Easy Encryption
June 4th, 2003

A recent change in federal privacy laws is causing huge numbers of IT
departments to examine the steps they take to keep data secure.

http://www.linuxsecurity.com/articles/cryptography_article-7381.html


* Honeynets are Trapping Hackers
June 3rd, 2003

The Honeynet Project began in 1999 as an informal mailing list of a small
group of individuals, but the group soon realized that no single person
had all the experience necessary to analyze the information collected from
attacks.

http://www.linuxsecurity.com/articles/intrusion_detection_article-7375.html


* Building Firewalls with iptables, Part 1
June 3rd, 2003

Exposing any system, no matter how briefly, to an untrusted network is
suicidal. A firewall, while not a 100% secure solution, is absolutely
vital. The Linux world gives us an excellent firewall utility in
netfilter/iptables.

http://www.linuxsecurity.com/articles/network_security_article-7379.html




+------------------------+
| General Security News: |
+------------------------+

* Fear Drives Irrational Security Decisions
June 6th, 2003

It was bad enough that, before 2001, security companies that had products
and services to sell generated most of the fear of being hacked on the
Internet. But after the 9/11 terrorist attacks, things got wonky. Prophets
of doom appeared at every corner, issuing dire warnings of enormous
financial losses.

http://www.linuxsecurity.com/articles/forums_article-7403.html


* DOD to Re-emphasize Security
June 6th, 2003

The secretary of Defense will soon issue a directive placing a renewed
emphasis on operational security (OPSEC) throughout the department.  Tom
Mauriello, director of the interagency OPSEC support staff, said a
document has been awaiting DOD Secretary Donald Rumsfeld's signature since
before Operation Iraqi Freedom began that would infuse more funding and
guidance in the realm of operational security.

http://www.linuxsecurity.com/articles/government_article-7401.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.