LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week - December 6th 2004 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include, Anti-Hacker Tool Kit 2/e, A Secure Network Needs Informed Workers, Network Forensic Tools, and Transcript of the LinuxSecurity.com Launch Chat.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

Linux Advisory Watch - This week advisories were released for java, abiworld, cyrus, squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Trustix, Red Hat, and SuSE.

LinuxSecurity.com Feature Extras:

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Anti-Hacker Tool Kit 2/e
  2nd, December, 2004

In every day life people do all sorts of things with all sorts of tools. But, do they get it right? Every tool has to be used in a certain manner, and if one doesnÕt know how to use it, the result can be damage. It's the same is with computer and network security tools. Before you can select the right tools for the job, you have to know what tools are available and learn how to use them.

http://www.linuxsecurity.com/content/view/117307
 
  Panelists: A Secure Network Needs Informed Workers
  1st, December, 2004

Analysts, law enforcement agents and corporate IT managers focused on surprisingly nontechnical security solutions Tuesday as they discussed the latest risks to corporate networks as part of Ziff Davis Media's online "virtual" tradeshow on security.

http://www.linuxsecurity.com/content/view/117286
 
  Network Forensic Tools
  3rd, December, 2004

Stage 1: Network-capable initial analysis products for first responders, such as Guidance's EnCase Enterprise Edition and Technology Pathway's ProDiscover. These two products can acquire drive images remotely in a live environment, and their use eliminates the need for the Stage 2 tools.

http://www.linuxsecurity.com/content/view/117361
 
  Transcript of Launch Chat
  2nd, December, 2004

To celebrate the launch of the new LinuxSecurity.com, we hosted a community chat event. It was held yesterday (December 1st 2004) at 4:00pm, and featured several prominent visionaries from the open source community including Jay Beale, Brian Hatch, Paul Vixie, Lance Spitzner, and Dave Wreski. The topics discussed ranged from authentication, patch management, honeypots, virtues of open source, SELinux, as well as others. We are planning another event to held in January; please send us your ideas!

http://www.linuxsecurity.com/content/view/117310
 
  Unprotected PCs can be hijacked in minutes
  30th, November, 2004

Simply connecting to the Internet -- and doing nothing else -- exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.

http://www.linuxsecurity.com/content/view/116796
 
  AirTight Networks announced first Wi-Fi Firewall
  1st, December, 2004

AirTight Networks, formerly Wibhu Technologies, announced on Tuesday the availability of SpectraGuard 2.0, the first Wi-Fi firewall to protect enterprise networks from wireless security threats.

http://www.linuxsecurity.com/content/view/117287
 
  There Is Intelligent Life On Protego's New Security Appliance, PN-MARS
  3rd, December, 2004

Protego Networks' line of PN-MARS security appliances helps network administrators manage and eliminate network attacks by combining intelligence, ContextCorrelation, SureVector analysis and AutoMitigate capability in a hardware-based solution that's easy to deploy. The appliance correlates data about security and network events from switches, routers, firewalls, intrusion-detection systems (IDSes), host logs and other hardware and software sources, and identifies incidents such as worms, Trojans, blended attacks, misconfigurations and internal abuse.

http://www.linuxsecurity.com/content/view/117362
 
  Linux Netwosix 1.2 Jinko is released
  28th, November, 2004

I'm ready to announce that Linux Netwosix 1.2 is ready. I have completely rebuilt , upgraded and secured the system. Please, read the Announcement Release. Is based on the powerful and reliable Kernel 2.6.9 and has been created for the requirements of every SysAdmin. Nepote contains the updated packages. You can download Netwosix from our Download Center or from one of our mirrors. Thank you!

http://www.linuxsecurity.com/content/view/116794
 
  Federated ID facilitates Web services
  1st, December, 2004

Companies looking to make Web services available to business partners and their respective user bases must first figure out how to federate identity. Federated identity management refers to managing access so that only those who have a right to use specific services may do so.

http://www.linuxsecurity.com/content/view/117294
 
  User knowledge key to good security
  1st, December, 2004

Given the continual drive to secure today's enterprises, and in light of National Computer Security Day celebrated this week, Security Pipeline tapped Kathleen M. Coe, Symantec Corp.'s regional education director of education services, for insight on how to foster better user security behavior, as well as how to seed a strong corporate security culture companies require today.

http://www.linuxsecurity.com/content/view/117296
 
  Why you should take information security seriously
  1st, December, 2004

All of us rely on information every day in just about every aspect of our life. As information is so important, we tend to rank it by its reliability. There are some people whose opinion we trust implicitly on certain matters. We accept as a matter of course that information is only valuable if it is accurate. The most valuable sources of information are those that are seen to be inherently reliable and easy to access.

http://www.linuxsecurity.com/content/view/117297
 
  Community Spam Fighting Effort Faces Heat
  2nd, December, 2004

Lycos Europe is offering a "screensaver that spams the spammers," using idle computer time to attack sites that have been blacklisted for abusive spamming practices. Monitoring of three of the targets housed on Chinese servers shows that two of the sites, bokwhdok.com and printmediaprofits.biz, have been knocked offline by the attack. A third target, rxmedherbals.info, has remained largely available, with intermittent outages.

http://www.linuxsecurity.com/content/view/117308
 
  Follow-up: Lycos pulls anti-spam screensaver from site
  3rd, December, 2004

Lycos Europe appeared to have pulled a controversial anti-spam screensaver program from its site on Friday, after coming under fire from both security experts and the spammers themselves.

http://www.linuxsecurity.com/content/view/117323
 
  FBI's Cyber-Crime Chief Relates Struggle for Top Talent
  1st, December, 2004

The FBI's inability to recruit and keep the best available IT talent has proven to be one of the biggest challenges facing the government's Internet Crime Complaint Center (I3C), a senior official said Tuesday.

http://www.linuxsecurity.com/content/view/117285
 
  Linux in Government: The Government Open Code Collaborative
  3rd, December, 2004

As we celebrate the holiday season and prepare for the next round of legislation, a group of state and local governments has banded together to collect and distribute freely the costly software that normally runs taxpayers $100 billion annually. Called the Government Open Code Collaborative or GOCC.gov, this organization states that its members work together voluntarily to encourage "the sharing, at no cost, of computer code developed for and by government entities where the redistribution of this code is allowed".

http://www.linuxsecurity.com/content/view/117322
 
  Is Cyberterrorism Being Thwarted?
  3rd, December, 2004

Recently, there's been increased criticism of the federal government's efforts to secure the Internet. The September departure of Amit Yoran from the Department of Homeland Security was widely cited as indicative of problems that run deep, not just through DHS, but the entire government. While everyone agrees there's much work to do, it's important to recognize the accomplishments of the past few years.

http://www.linuxsecurity.com/content/view/117324
 
  Hacking tool reportedly draws FBI subpoenas
  1st, December, 2004

The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org.

http://www.linuxsecurity.com/content/view/117282
 
  SCO hacked in apparent IP protest
  1st, December, 2004

Visitors to SCO's website this morning were treated to a rare moment of corporate self-awareness after hackers apparently replaced an image linking to the undoubtedly scintillating "Extending Legacy Applications and Databases to the Web and Wireless Devices with SCOx Web Services Substrate" with a graphic bearing the rather more promising "We own all your code - pay us all your money":

http://www.linuxsecurity.com/content/view/117293
 
  Bad, Bad Bots
  1st, December, 2004

Automated attacks are coming from unexpected quarters--from across the globe, across town, and most creepily, even from across the hall. According to a recent report from anti-virus vendor Symantec, this year's 450 percent increase in the number of attacks on Windows machines is evidence that automation is proving as efficient for 21st-Century hackers as it did for 20th-Century manufacturers.

http://www.linuxsecurity.com/content/view/117295
 
  Mobile & Wireless: Security was the Watchword in 2004
  1st, December, 2004

It's no surprise that the issue that topped the Wi-Fi agenda in 2004 was the same one that's plagued it almost from its introduction. Security, or rather "lack thereof," was an inherent problem in WEP (Wired Equivalent Privacy), the native security spec in the 802.11 IEEE standard.

http://www.linuxsecurity.com/content/view/117283
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.