This week, perhaps the most interesting articles include "," "," and "."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.

LinuxSecurity.com Feature Extras:

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

Xandros Steps Up Security in New Desktop Linux
9th, December, 2004

Linux desktop vendor Xandros Inc. on Wednesday released the latest version of its flagship operating system, Xandros Desktop Operating System 3.0. This latest descendant of the first mass-market Linux desktop, Corel Linux, uses the KDE 3.3 interface. It is built on the foundation of a Linux 2.6.9 kernel.

New set of Linux security flaws discovered
9th, December, 2004

A security researcher has uncovered another set of security flaws in an image component, which could put Linux users at risk of system compromise if they view a maliciously crafted image.

news/server-security/new-set-of-linux-security-flaws-discovered
Hot Pick: SQL Guard
7th, December, 2004

Similar to a firewall, SQL Guard's filtering rules alert security managers to traffic from defined sources and users or to traffic that includes particular commands, such as excessive logons, one-user/one-IP, clients executing administrative commands, SQL overflows and SQL injection attacks.

news/vendors-products/hot-pick-sql-guard
The Threats To Come
7th, December, 2004

As security pros protect their applications and networks from today's most common attacks, hackers are preparing to wage new wars. As new technologies such as Web services, radio-frequency identification, and smart phones loaded with complex operating systems become prevalent, new attack techniques against business-technology systems will follow.

news/network-security/the-threats-to-come
Security 'Honey Pots' May Snare Private Details
8th, December, 2004

Though some legal issues still surround "honey pots," their use within the security industry is fairly common and is considered a critical weapon in fighting malicious hackers and viruses.

news/network-security/security-honey-pots-may-snare-private-details
How to verify that Snort is operating
7th, December, 2004

Is your new Snort system running too quietly? Whether you're new to using Snort or you've deployed it on a new platform -- a low-noise level may have you worried. It could be a tightly-tuned (or too tightly-tuned) system, or you may have the IDS residing on a quiet network segment. Fortunately, several methods exist for testing Snort over the wire to ensure it's working properly in your environment.
Sarbanes-Oxley: An Opportunity for Security Professionals
6th, December, 2004

Sarbanes-Oxley (SOX) is not just another regulation security professionals have to contend with in your already very busy lives. Instead, SOX should be viewed as opportunity for security teams to demonstrate your value as a key enabler of creating a sound business environment at the highest levels within your organizations. SOX presents this opportunity to every company, whether already a public entity that has to comply or private companies who fall outside mandated compliance, by providing a model for sound internal controls and a template to demonstrate the effectiveness those controls to executive management.

Linux Camp Takes New Tack on Kernel
6th, December, 2004

A stable and mature Linux kernel is enabling its chief developers to shift away from the common kernel development model to one that will result in more frequent releases.
Security Sells
6th, December, 2004

If the challenge for CSOs is to market themselvesÑand the security messageÑmore effectively, then surely the companies below must represent the end goal. Citigroup, Microsoft, OnStar and El-Al are so security-conscious that they've all, in one way or another, incorporated it into their brand image. Translation: They advertise security or otherwise make it part of the message they present to customers and business partners. Look closely, though, and you'll find that these companies share a common goal: to create a sense of trust for their customersÑwhile being careful not to overpromise.
The 12 Thefts Of Christmas
8th, December, 2004

Of all the things you might want for Christmas this year, a clone is probably not one of them. But if statistics are true to form this holiday season, in the 12 days leading up to Christmas nearly quarter of a million Americans will lose something that Santa wonÕt be able to replace