Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - January 5th 2004

From: InfoSec News <isn () c4i org>
Date: Tue, 6 Jan 2004 04:35:25 -0600 (CST)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  January 5th, 2004                              Volume 5, Number 1n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Secure
Programmer: Keep an Eye on Inputs," "Checklist for Deploying an IDS," and
"Wireless Not Yet the Recommended Answer."

---


Get Thawtes NEW Step-by-Step SSL Guide for Apache <<


In this guide you will find out how to test, purchase, install and use a
Thawte Digital Certificate on you Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.

Get your copy of this new guide now:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte29

---

LINUX ADVISORY WATCH:
This week, advisories were released for xsok, cvs, and proftpd. The
distributors include Debian, Gentoo, and Mandrake.

http://www.linuxsecurity.com/articles/forums_article-8668.html


OSVDB: An Independent and Open Source Vulnerability Database This article
outlines the origins, purpose, and future of the Open Source Vulnerability
Database project. Also, we talk to with Tyler Owen, a major contributor.

http://www.linuxsecurity.com/feature_stories/feature_story-156.html

---

Guardian Digital Customers Protected From Linux Kernel Vulnerability

As a result of the planning and secure design of EnGarde Secure Linux, the
company's flagship product, Guardian Digital customers are securely
protected from a vulnerability that lead to the complete compromise of
several high-profile open source projects, including those belonging to
the Debian Project.

http://www.linuxsecurity.com/feature_stories/feature_story-155.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Secure programmer: Keep an eye on inputs
December 31st, 2003

This article discusses various ways data gets into your program,
emphasizing how to deal appropriately with them; you might not even know
about them all! It first discusses how to design your program to limit the
ways data can get into your program, and how your design influences what
is an input. It then discusses various input channels and what to do about
them, including environment variables, files, file descriptors, the
command line, the graphical user interface (GUI), network data, and
miscellaneous inputs.

http://www.linuxsecurity.com/articles/documentation_article-8662.html


* Ten Security Checks for PHP, Part 1
December 29th, 2003

Web applications have become a popular way to provide global access to
data, services, and products. While this global access is one of the Web's
underlying advantages, any security holes in these applications are also
globally exposed and frequently exploited. It is extremely easy to write
applications that contain unintentional security holes.

http://www.linuxsecurity.com/articles/server_security_article-8627.html


+------------------------+
| Network Security News: |
+------------------------+

* Wireless Not Yet the Recommended Answer
January 2nd, 2004

Despite all the talk of networks going wireless in 2003, it will be some
time before the enterprise enjoys the promise of ubiquitous IP (Internet
protocol) connectivity, according to Meta Group Inc. senior research
analyst Bjarne Munch.

http://www.linuxsecurity.com/articles/network_security_article-8667.html


* Checklist for Deploying an IDS
January 2nd, 2004

Installing a Network IDS (NIDS) onto a network requires a significant
amount of thought and planning. In addition to the technical issues and
product selection there are resource issues, from product cost to manning
the sensor feeds and supporting the infrastructure that must also be
considered.

http://www.linuxsecurity.com/articles/intrusion_detection_article-8675.html


* Snort 2.1.0 Available
December 30th, 2003

A ton of new and updated rules. This release also includes all the fixes
from version 2.0.6. The Snort manual has been updated to reflect v2.1 and
address the many suggestions from users. The manual is still a work in
progress.

http://www.linuxsecurity.com/articles/projects_article-8658.html


* fwall 1.4-2
December 29th, 2003

fwall is a simple user-friendly firewall script for iptables. It is based
on bash. It includes a configuration for 1-2 interfaces, port forwarding,
DoS protection, and so on.

http://www.linuxsecurity.com/articles/firewalls_article-8639.html


+------------------------+
| General Security News: |
+------------------------+

* The Unix Bookshelf, "Linux Server Hacks"
January 2nd, 2004

When we last dusted off our Unix bookshelf, we were considering books
about "the Unix Way" as an abstraction or paradigm, and hadn't gotten
around to discussing any books addressing practical Unix.

http://www.linuxsecurity.com/articles/documentation_article-8674.html


* Experts: 2004 seen bringing more, worse cyberattacks
December 31st, 2003

The New Year will offer weary network administrators little respite from a
new generation of Internet worms, viruses and targeted hacks that appeared
in 2003, according to security experts.

http://www.linuxsecurity.com/articles/network_security_article-8663.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: