Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more! LINUX ADVISORY
WATCH - This week, advisories were released for hpsockd, viewvcs, nfs-util,
cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql,
libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib,
gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include
Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.
LinuxSecurity.com
Feature Extras:
Vincenzo
Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix
talks about this year of Linux Security. A full immersion in the world of Linux
Security from many sides and points of view.
Mass
deploying Osiris - Osiris is a centralized file-integrity program
that uses a client/server architecture to check for changes on a system. A central
server maintains the file-integrity database and configuration for a client
and at a specified time, sends the configuration file over to the client, runs
a scan and sends the results back to the server to compare any changes. Those
changes are then sent via email, if configured, to a system admin or group of
people. The communication is all done over an encrypted communication channel.
AIDE
and CHKROOTKIT -Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Zero Viruses In 2005?
17th, December, 2004
'Tis the season for some holiday cheer. It's also the time of year
to reflect on the good security choices you've made over the year, the
defense-in-depth strategy that you've decided to follow, and still be
able to go home at night and have time for your wife and children.
Linux has fewer bugs than typical commercial software, says testing
tools vendor Coverity. The company says the 2.6 Linux kernel has one
bug for every 5,787 lines of code, compared to the commercial software
norm of one bug per 40 lines. Coverity markets source code analysis
software, including a product called SWAT that "simulates the effects
that the operations in the source code might have" in runtime environments.
The company says this approach finds more potentially disastrous bugs
than competing code analysis tools that simply scan for known, dangerous
coding patterns and sloppy coding constructs.
PGP Corporation Co-Sponsors HIPAA Educational Series
14th, December, 2004
"There is no single solution to the complex issues of security compliance
under the HIPAA regulations," noted Dr. Braithwaite. "But there are
certain best practices that every organization should follow. Employing
encryption technologies in situations where the risk of a security breach
is significant is an important core component of these solutions."
Kenai Systems Focuses on Web Services Vulnerabilities With Release Of Two Products
16th, December, 2004
Kenai Systems Inc., a maker of Web services vulnerability tools, today announced the release of two products: eXamine, and eXamineST. The products enable developers to import WSDL files and test them for Web services security vulnerabilities.
http://www.linuxsecurity.com/content/view/117528
Security research suggests Linux has fewer flaws
14th, December, 2004
The Linux operating system has many times fewer bugs than typical commercial
software, according to an upcoming report. The conclusion is the result
of a four-year research project conducted by code-analysis company Coverity,
which plans to release its report on Tuesday. The project found 985
bugs in the 5.7 million lines of code that make up the latest version
of the Linux core operating system, or kernel. A typical commercial
program of similar size usually has more than 5,000 flaws or defects,
according to data from Carnegie Mellon University.
CertCities.com, a leading Web site for IT certifications, this week
unveiled its annual predictions for 2005's hottest certifications. To
no one's surprise, Cisco's high-level CCIE (Cisco Certified Internetwork
Expert) garnered the most interest from IT certification seekers for
2005. Microsoft's MCSE (Microsoft Certified Systems Engineer) with a
sub-specialization in security came in a close second.
But tucked into the back of the 280-page book is a chapter of an entirely
different cast, titled "Hacking, Why Not?" There, Samudra urges fellow
Muslim radicals to take the holy war into cyberspace by attacking U.S.
computers, with the particular aim of committing credit card fraud,
called "carding." The chapter provides an outline on getting started.
SAML: The Secret to Centralized Identity Management
17th, December, 2004
Complicated by too many systems, too many applications, and too many
passwords, identity management is a major headache for most organizations.
Can an intelligent, Web-services approach employing new standards ride
to the rescue?
A Canadian man was sentenced to seven years in a U.S. prison this week after admitting he led a sophisticated satellite TV piracy ring that produced and sold thousands of hacked smart cards in the U.S. and Canada.
http://www.linuxsecurity.com/content/view/117473
Cyber-Security Office Calls for More Clout
15th, December, 2004
The office in charge of cyber-security in the Department of Homeland Security is planning to continue moving ahead on the agenda the agency has already set.
http://www.linuxsecurity.com/content/view/117510
Feds Failing To Protect Against Cybersecurity Threats
16th, December, 2004
Attention to cybersecurity has gone from one extreme to the other. Soon after 9/11, the news media was filled with shrieking and arm-waving about "cyberterrorism." Eventually, sensible people ralized that the notion of cyberterrorism is just plain silly. Terrorists are interested in being terrifying, they want to set off bombs and send bodies flying and blood flowing.
http://www.linuxsecurity.com/content/view/117527
DHS cyber security lagging
17th, December, 2004
The U.S. Department of Homeland Security is having some homeland cyber security issues on its systems providing remote access to telecommuters, according to a newly-released report by the DHS Inspector General's office.
http://www.linuxsecurity.com/content/view/117547
Students uncover dozens of Unix software flaws
16th, December, 2004
Students of iconoclastic computer scientist Daniel Bernstein have found
some 44 security flaws in various Unix applications, according to a
list of advisories posted online. The flaws, which range from minor
slipups in rarely used applications to more serious vulnerabilities
in software that ships with most versions of the Linux operating system,
were found as part of Bernstein's graduate level course at the University
of Illinois at Chicago.
Few understand how tough it can be to lock down wireless networks better than Stephen Lewack, director of technical services and communications at Columbus Regional Healthcare System. Lewack is protecting a growing number of wireless devices throughout the Georgia hospital, which includes more than 400 in-patient beds, more than 200 long-term care beds, and a pharmacy.
http://www.linuxsecurity.com/content/view/117472
WEP: Dead Again, Part 1
15th, December, 2004
This article is the first of a two-part series that looks at the new generation of WEP cracking tools for WiFi networks, which offer dramatically faster speeds for penetration testers over the previous generation of tools. In many cases, a WEP key can be determined in seconds or minutes. Part one, below, compares the latest KoreK based tools that perform passive statistical analysis and brute-force cracking on a sample of collected WEP traffic. Next time, in part two, we'll look at active attack vectors, including a method to dramatically increase the rate of packet collection to make statistical attacks even more potent.
http://www.linuxsecurity.com/content/view/117507
Wi-Fi Hacker Sentenced To Nine Years
17th, December, 2004
A 21-year-old Michigan man was sentenced Wednesday to nine years in
prison for breaking into the network of home improvement retailer Lowe's,
the longest jail term ever handed out in the U.S. for hacking.
