LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week - December 27th 2004 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Survivor's Guide to 2005: Security," "Security Starts from the Inside Out," " and "Linux lasting longer against Net attacks."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - Happy Holidays! This week, advisories were released for cscope,htget, a2ps, ethereal, xzgv, debmake, xcdroast, udev, cups, postgresql, namazu, pam, samba, glibc, krb5, php, gnumeric, abiword, libtiff, kfax, abcm2ps, phpMyAdmin, WordPress, NASM, mplayer, mpg123, wget, urpmi, aspell, krb5, logcheck, samba, Linux kernel, kerberos5, libxml, gd, XFree86, and nfs-utils. The distributors include Debian, Fedora, Gentoo, Mandrake, NetBSD, Trustix, Red Hat, and SuSE.

LinuxSecurity.com Features:

State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education
continues to rise.

Vincenzo Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

 

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  The Linux Year
  24th, December, 2004
The year of the penguin, some people hailed 2004 at the turn of the year. And in many ways it was. Was it because the march on the server space continued at a relentless pace? Because there were big announcements around desktop installments? Because there was finally some realistic perspective about the threat from SCO, or the threat to Microsoft? However you look at it, the penguin's tux has never looked more pristine or ready for business. So here we'll take a stroll though the last 12 months that sharpened the creases and quickened the pace of the Linux-based platforms.

http://www.linuxsecurity.com/content/view/117669
 
  Adding strong security from day one
  22nd, December, 2004
Adding security to constrained devices is not an easy task for developers who need to accommodate a range of new features without compromising usability. Experience has shown that building security in at the design stage yields better results from a security and performance perspective. Therein lies the challenge. ItÕs no secret that most cryptographic systems are computationally taxing. Such is not the case with Elliptic Curve Cryptography, or ECC, which has the most strength per bit of any known public key system today and consequently is ideally suited for resource-constrained devices.

http://www.linuxsecurity.com/content/view/117637
 
  LDAP Server Administration with GOsa
  20th, December, 2004
A flaw in two popular Unix and Linux administration consoles could lead to systems being compromised, according to an alert from security firm Secunia. The bug in Usermin, a widely used administration console for Unix and Linux, could allow the introduction of rogue shell code when a user views a particular e-mail via the web.

http://www.linuxsecurity.com/content/view/117585
 
  Survivor's Guide to 2005: Security
  20th, December, 2004

Intrusion detection systems--the primary source of warnings that attacks are under way--are critical pieces of network-security infrastructure, providing detailed records of attacks, intrusions and unexpected network activity. For most enterprises, the IDS has become the central piece of security hardware, certainly the most visible piece to the staff. Without an IDS, the security staff must gather forensics information from firewall, server and router log files.

http://www.linuxsecurity.com/content/view/117587

 
  Linux Advisory Watch - December 24th 2004
  23rd, December, 2004
Happy Holidays! This week, advisories were released for cscope, htget, a2ps, ethereal, xzgv, debmake, xcdroast, udev, cups, postgresql, namazu, pam, samba, glibc, krb5, php, gnumeric, abiword, libtiff, kfax, abcm2ps, phpMyAdmin, WordPress, NASM, mplayer, mpg123, wget, urpmi, aspell, krb5, logcheck, samba, Linux kernel, kerberos5, libxml, gd, XFree86, and nfs-utils. The distributors include Debian, Fedora, Gentoo, Mandrake, NetBSD, Trustix, Red Hat, and SuSE.

http://www.linuxsecurity.com/content/view/117656
 
  GPL to get a makeover
  23rd, December, 2004

The General Public License hasn't had a proper update for 13 years, and it's starting to show its age. It looks set to be updated though, to ensure it's more in tune with today's software models and potential legal battles.

{mos_sb_discuss:20}

http://www.linuxsecurity.com/content/view/117654
 
  Security Flaw Found In Multiple Linux Distro
  23rd, December, 2004
iDEFENSE has discovered a flaw in Xpdf, an open-source viewer for Portable Document Format (PDF) files included in most Linux distros. iDEFENSE has confirmed the existence of this vulnerability in version 3.00 of xpdf. It is suspected that previous versions may also be vulnerable. Remote exploitation of the buffer overflow vulnerability in the xpdf PDF viewer could allow attackers to execute arbitrary code as the user viewing a PDF file.

http://www.linuxsecurity.com/content/view/117653
 
  Special Report: Database Security
  24th, December, 2004

Databases control most of the business world's valuable information. Pick a vital application--credit-card processing, EDI, financial analysis, just-in-time production--and you'll find a database under it.

http://www.linuxsecurity.com/content/view/117663

 
  Know Your Enemy: Trends
  22nd, December, 2004
New Honeynet Project KYE paper released "Know Your Enemy: Trends". This paper documents how the life expectancy of unpatched or vulnerable deployments of common Linux systems has increased from 3 days to 3 months. This is surprising based on the increase of malicious activity seen in the past 18 months.

http://www.linuxsecurity.com/content/view/117617
 
  Tools Block Code-Busting Crooks
  20th, December, 2004

The concept of adding security to the coding phase of application development is catching on, with new companies delivering tools to help developers test for vulnerabilities early in the process.

http://www.linuxsecurity.com/content/view/117600

 
  Why Your Data Is At Risk
  21st, December, 2004
Your data is vulnerable no matter where it resides. While most companies take security precautions, many of those precautions turn out to be insufficient to protect valuable corporate assets. The key lies in knowing where vulnerabilities exist and making appropriate risk-based decisions.

http://www.linuxsecurity.com/content/view/117613
 
  Security Starts from the Inside Out
  21st, December, 2004

Patrick Angle, 34, was charged with intentionally damaging a protected computer. The charge alleged that Angle, who had worked for Varian, had become disgruntled with his employment by September 2003 and had been told by the company that his employment contract would be terminated in October of that same year.

{mos_sb_discuss:24}

http://www.linuxsecurity.com/content/view/117615
 
  Defacement Of Indian Websites On The Rise
  24th, December, 2004

The Indian Computer Emergency Response Team (CERT-In) has compiled a report that speaks on how with the global rise in cyber terrorism activity, Indian websites too have come under fire by attackers, some of them being opportunists while others targeting specific sites and domains.

http://www.linuxsecurity.com/content/view/117661

 
  Linux holds out against attackers
  24th, December, 2004

A recent 'honeynet' experiment showed that unpatched Linux systems held up for an average of three months before succumbing to Internet-based attacks.

http://www.linuxsecurity.com/content/view/117662

 
  How ITIL Can Improve Information Security
  24th, December, 2004

ITIL - the Information Technology Infrastructure Library - is a set of best practices and guidelines that define an integrated, process-based approach for managing information technology services. ITIL can be applied across almost every type of IT environment.

{mos_sb_discuss:24}

http://www.linuxsecurity.com/content/view/117666
 
  Linux lasting longer against Net attacks
  24th, December, 2004
Unpatched Linux systems are surviving longer on the Internet before being compromised, according to a report from the Honeynet Project released this week. The data, from a dozen networks, showed that the average Linux system lasts three months before being compromised, a significant increase from the 72 hours life span of a Linux system in 2001. Unpatched Windows systems continue to be compromised more quickly, sometimes within minutes, the Honeynet Project report stated.

http://www.linuxsecurity.com/content/view/117668
 
  Will 2005 Bring a Safer Internet?
  24th, December, 2004
Sometimes writing about security is just too easy. Making predictions about next year is like this in some ways. Let's pick some of the low-hanging fruit early. Even though most spam-tracking companies show that spam already comprises 75 percent or more of all e-mail, that proportion will go up in 2005. We are approaching the situation in which, I have always assumed, users will begin to withdraw from e-mail because it is so unpleasant.

http://www.linuxsecurity.com/content/view/117671
 
  Banks test ID device for online security
  24th, December, 2004
For years, banks gave away toasters to people who opened checking accounts; soon they may be distributing a more modern kind of appliance. Responding to an increase in Internet fraud, some banks and brokerage firms plan to begin issuing small devices that would help their customers prove their identities when they log on to online banking, brokerage and bill-payment programs. E*Trade Financial intends to introduce such a product in the first few months of 2005. And U.S. Bancorp says it will test a system, though it has not given a timetable.

http://www.linuxsecurity.com/content/view/117673
 
  Linux in Government: Security Enhanced Linux - The Future is Now
  20th, December, 2004
If a must-have, must-know innovation exists for Linux's future viability, you might place all bets on Security Enhanced Linux. Vastly misunderstood and underrated, SELinux provides a marketing differentiator that could carry Linux deep into infrastructures that so far have shown lukewarm acceptance of the open-source operating system. SELinux transforms standard Linux from a cost-effective and secure operating system into a behemoth.

http://www.linuxsecurity.com/content/view/117586
 
  NASA hacker jailed for six months
  20th, December, 2004

A US man has been jailed for six months for a 2001 attack on the web systems of space agency NASA which cost $200,000 to fix.

http://www.linuxsecurity.com/content/view/117588

 
  Groups fight Internet wiretap push
  24th, December, 2004

Companies and advocacy groups opposed to the FBI's plan to make the Internet more accommodating to covert law enforcement surveillance are sharpening a new argument against the controversial proposal: that law enforcement's Internet spying capabilities are just fine as it is.

http://www.linuxsecurity.com/content/view/117665

 
  Army focuses on cyber protection
  24th, December, 2004

A recently issued Army white paper, "Fight the Network," provides a new framework for the Signal Regiment, the service's communications organization, as it changes to support lighter, more mobile warfighting units. Army information technology officials devised the document to help foster a different mind-set for communications personnel in defending and managing the service's networks, said Gordon Van Vleet, public affairs officer for the service's Network Enterprise Technology Command/Ninth Army Signal Command at Fort Huachuca, Ariz. Netcom officials oversee the operation, management and protection of the Army's networks.

http://www.linuxsecurity.com/content/view/117670
 
  Exploits released for new Windows flaws
  24th, December, 2004

A Chinese security group has released sample code to exploit two new unpatched flaws in Microsoft Windows. The advisory comes in the week before Christmas, a time when many companies and home users are least prepared to deal with the problems. Security firm Symantec warned its clients of the vulnerabilities on Thursday, after the Chinese company that found the flaws published them to the Internet. One vulnerability, in the operating system's LoadImage function, could enable an attacker to compromise a victim's PC when the computer displays a specially crafted image placed on a Web site or in an e-mail. The other vulnerability, in the Windows Help program, likewise could affect any program that opens a Help file.

http://www.linuxsecurity.com/content/view/117672
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.