Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week - December 20th 2004 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Linux has Fewer Bugs, Analysis Shows," "SAML: The Secret to Centralized Identity Management," and "Students Uncover Dozens of Unix Software Flaws."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux. Feature Extras:

Vincenzo Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Zero Viruses In 2005?
  17th, December, 2004

'Tis the season for some holiday cheer. It's also the time of year to reflect on the good security choices you've made over the year, the defense-in-depth strategy that you've decided to follow, and still be able to go home at night and have time for your wife and children.

  Linux has fewer bugs, analysis shows
  14th, December, 2004

Linux has fewer bugs than typical commercial software, says testing tools vendor Coverity. The company says the 2.6 Linux kernel has one bug for every 5,787 lines of code, compared to the commercial software norm of one bug per 40 lines. Coverity markets source code analysis software, including a product called SWAT that "simulates the effects that the operations in the source code might have" in runtime environments. The company says this approach finds more potentially disastrous bugs than competing code analysis tools that simply scan for known, dangerous coding patterns and sloppy coding constructs.

  PGP Corporation Co-Sponsors HIPAA Educational Series
  14th, December, 2004

"There is no single solution to the complex issues of security compliance under the HIPAA regulations," noted Dr. Braithwaite. "But there are certain best practices that every organization should follow. Employing encryption technologies in situations where the risk of a security breach is significant is an important core component of these solutions."

  Kenai Systems Focuses on Web Services Vulnerabilities With Release Of Two Products
  16th, December, 2004

Kenai Systems Inc., a maker of Web services vulnerability tools, today announced the release of two products: eXamine, and eXamineST. The products enable developers to import WSDL files and test them for Web services security vulnerabilities.

  Security research suggests Linux has fewer flaws
  14th, December, 2004

The Linux operating system has many times fewer bugs than typical commercial software, according to an upcoming report. The conclusion is the result of a four-year research project conducted by code-analysis company Coverity, which plans to release its report on Tuesday. The project found 985 bugs in the 5.7 million lines of code that make up the latest version of the Linux core operating system, or kernel. A typical commercial program of similar size usually has more than 5,000 flaws or defects, according to data from Carnegie Mellon University.

  Linux, Security Certifications Gain Popularity
  14th, December, 2004, a leading Web site for IT certifications, this week unveiled its annual predictions for 2005's hottest certifications. To no one's surprise, Cisco's high-level CCIE (Cisco Certified Internetwork Expert) garnered the most interest from IT certification seekers for 2005. Microsoft's MCSE (Microsoft Certified Systems Engineer) with a sub-specialization in security came in a close second.

  Study: Linux the Safest Out There
  15th, December, 2004

A new study has found that Linux is more secure than most commercial software -- results that echo what its proponents have long said.

  Fashion-Technology Fusion Threatens Security
  15th, December, 2004

Employers need thoughtful policies to control which fashionable personal tech items they'll allow on the premises.

  Bali bomber writes How-To
  16th, December, 2004

But tucked into the back of the 280-page book is a chapter of an entirely different cast, titled "Hacking, Why Not?" There, Samudra urges fellow Muslim radicals to take the holy war into cyberspace by attacking U.S. computers, with the particular aim of committing credit card fraud, called "carding." The chapter provides an outline on getting started.

  SAML: The Secret to Centralized Identity Management
  17th, December, 2004

Complicated by too many systems, too many applications, and too many passwords, identity management is a major headache for most organizations. Can an intelligent, Web-services approach employing new standards ride to the rescue?

  DirecTV hacker sentenced to seven years
  13th, December, 2004

A Canadian man was sentenced to seven years in a U.S. prison this week after admitting he led a sophisticated satellite TV piracy ring that produced and sold thousands of hacked smart cards in the U.S. and Canada.

  Cyber-Security Office Calls for More Clout
  15th, December, 2004

The office in charge of cyber-security in the Department of Homeland Security is planning to continue moving ahead on the agenda the agency has already set.

  Feds Failing To Protect Against Cybersecurity Threats
  16th, December, 2004

Attention to cybersecurity has gone from one extreme to the other. Soon after 9/11, the news media was filled with shrieking and arm-waving about "cyberterrorism." Eventually, sensible people ralized that the notion of cyberterrorism is just plain silly. Terrorists are interested in being terrifying, they want to set off bombs and send bodies flying and blood flowing.

  DHS cyber security lagging
  17th, December, 2004

The U.S. Department of Homeland Security is having some homeland cyber security issues on its systems providing remote access to telecommuters, according to a newly-released report by the DHS Inspector General's office.

  Students uncover dozens of Unix software flaws
  16th, December, 2004

Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online. The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate level course at the University of Illinois at Chicago.

  Securing Wireless E-Records
  13th, December, 2004

Few understand how tough it can be to lock down wireless networks better than Stephen Lewack, director of technical services and communications at Columbus Regional Healthcare System. Lewack is protecting a growing number of wireless devices throughout the Georgia hospital, which includes more than 400 in-patient beds, more than 200 long-term care beds, and a pharmacy.

  WEP: Dead Again, Part 1
  15th, December, 2004

This article is the first of a two-part series that looks at the new generation of WEP cracking tools for WiFi networks, which offer dramatically faster speeds for penetration testers over the previous generation of tools. In many cases, a WEP key can be determined in seconds or minutes. Part one, below, compares the latest KoreK based tools that perform passive statistical analysis and brute-force cracking on a sample of collected WEP traffic. Next time, in part two, we'll look at active attack vectors, including a method to dramatically increase the rate of packet collection to make statistical attacks even more potent.

  Wi-Fi Hacker Sentenced To Nine Years
  17th, December, 2004

A 21-year-old Michigan man was sentenced Wednesday to nine years in prison for breaking into the network of home improvement retailer Lowe's, the longest jail term ever handed out in the U.S. for hacking.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.