LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week - December 13th 2004 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "What is policy enforcement, and why should we care," "Linux Camp Takes New Tack on Kernel," and "Sarbanes-Oxley: An Opportunity for Security Professionals."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.

LinuxSecurity.com Feature Extras:

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


 
  Xandros Steps Up Security in New Desktop Linux
  9th, December, 2004

Linux desktop vendor Xandros Inc. on Wednesday released the latest version of its flagship operating system, Xandros Desktop Operating System 3.0. This latest descendant of the first mass-market Linux desktop, Corel Linux, uses the KDE 3.3 interface. It is built on the foundation of a Linux 2.6.9 kernel.

http://www.linuxsecurity.com/content/view/117450
 
 
  New set of Linux security flaws discovered
  9th, December, 2004

A security researcher has uncovered another set of security flaws in an image component, which could put Linux users at risk of system compromise if they view a maliciously crafted image.

http://www.linuxsecurity.com/content/view/117436

 
  Hot Pick: SQL Guard
  7th, December, 2004

Similar to a firewall, SQL Guard's filtering rules alert security managers to traffic from defined sources and users or to traffic that includes particular commands, such as excessive logons, one-user/one-IP, clients executing administrative commands, SQL overflows and SQL injection attacks.

http://www.linuxsecurity.com/content/view/117415
 
  The Threats To Come
  7th, December, 2004

As security pros protect their applications and networks from today's most common attacks, hackers are preparing to wage new wars. As new technologies such as Web services, radio-frequency identification, and smart phones loaded with complex operating systems become prevalent, new attack techniques against business-technology systems will follow.

http://www.linuxsecurity.com/content/view/117421

 
  Security 'Honey Pots' May Snare Private Details
  8th, December, 2004

Though some legal issues still surround "honey pots," their use within the security industry is fairly common and is considered a critical weapon in fighting malicious hackers and viruses.

http://www.linuxsecurity.com/content/view/117426

 
  How to verify that Snort is operating
  7th, December, 2004

Is your new Snort system running too quietly? Whether you're new to using Snort or you've deployed it on a new platform -- a low-noise level may have you worried. It could be a tightly-tuned (or too tightly-tuned) system, or you may have the IDS residing on a quiet network segment. Fortunately, several methods exist for testing Snort over the wire to ensure it's working properly in your environment.

http://www.linuxsecurity.com/content/view/117414

 
  Sarbanes-Oxley: An Opportunity for Security Professionals
  6th, December, 2004

Sarbanes-Oxley (SOX) is not just another regulation security professionals have to contend with in your already very busy lives. Instead, SOX should be viewed as opportunity for security teams to demonstrate your value as a key enabler of creating a sound business environment at the highest levels within your organizations. SOX presents this opportunity to every company, whether already a public entity that has to comply or private companies who fall outside mandated compliance, by providing a model for sound internal controls and a template to demonstrate the effectiveness those controls to executive management.

http://www.linuxsecurity.com/content/view/117373
 
  Linux Camp Takes New Tack on Kernel
  6th, December, 2004

A stable and mature Linux kernel is enabling its chief developers to shift away from the common kernel development model to one that will result in more frequent releases.

http://www.linuxsecurity.com/content/view/117390

 
  Security Sells
  6th, December, 2004

If the challenge for CSOs is to market themselvesÑand the security messageÑmore effectively, then surely the companies below must represent the end goal. Citigroup, Microsoft, OnStar and El-Al are so security-conscious that they've all, in one way or another, incorporated it into their brand image. Translation: They advertise security or otherwise make it part of the message they present to customers and business partners. Look closely, though, and you'll find that these companies share a common goal: to create a sense of trust for their customersÑwhile being careful not to overpromise.

http://www.linuxsecurity.com/content/view/117391

 
  The 12 Thefts Of Christmas
  8th, December, 2004

Of all the things you might want for Christmas this year, a clone is probably not one of them. But if statistics are true to form this holiday season, in the 12 days leading up to Christmas nearly quarter of a million Americans will lose something that Santa wonÕt be able to replace ? their identity.

http://www.linuxsecurity.com/content/view/117425

 
  Who says safe computing must remain a pipe dream?
  9th, December, 2004

I am regularly asked what average Internet users can do to ensure their security. My first answer is usually "Nothing--you're screwed."

http://www.linuxsecurity.com/content/view/117435

 
  What is policy enforcement, and why should we care?
  9th, December, 2004

Security administrators typically consider "authorization" in the context of user identities, which are verified via passwords or randomly generated codes or iris scans. Once identity has been validated, it's used to establish appropriate levels of access to computers, network resources and information. People with networking and Web server experience may go so far as to include certificates in their understanding of "authentication" and authorization, since IPsec and SSL/TLS both rely on certificates for validation of machine identities.

http://www.linuxsecurity.com/content/view/117451
 
  Group Enlists Honey Pots to Catch IM Threats
  10th, December, 2004

IMlogic Inc. on Tuesday announced plans to use so-called honey pots, or vulnerable machines, to track malicious virus activity on instant messaging and peer-to-peer networks.

http://www.linuxsecurity.com/content/view/117459

 
  Committee pushes for cybersecurity post
  6th, December, 2004

Members of the House Select Homeland Security Committee have recommended establishing a new assistant secretary position within the Homeland Security Department to better integrate and coordinate cybersecurity issues.

http://www.linuxsecurity.com/content/view/117400

 
  Mobile phones the biggest target for hackers
  7th, December, 2004

Having managed to cripple PCs on more than one occasion over the last decade, viruses, worms and trojans are now heading for mobile phones. And while many experts worry they could be as malicious as their PC predecessors, some fear they could be a whole lot worse.

http://www.linuxsecurity.com/content/view/117413

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Preventing Linux rootkit threats through secure boot design
What you need to know about the Drupal vulnerability CVE-2014-3704
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.