LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: January 3rd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "A 2005 Linux Security Resolution," "Unpatched Linux PCs Stay Secure For Months," and "Largest IPv6 network launched in China."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - Happy New Year! This week advisories were released for netpbm, libtiff, imlib, Xpdf,CUPS, and ViewCVS. The distributors include Conectiva, Debian, Gentoo, and Mandrake.

LinuxSecurity.com Features:

A 2005 Linux Security Resolution - Without a mission and plan, very little gets accomplished. The new year should not only be a time to set personal goals such as an exercise regiment, but also a time to focus on security practices and configurations. 2005 will be hostile, now is the time to prepare.

State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education
continues to rise.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  SysAdmin to SysAdmin: Using RAID with PVFS under ROCKS
  30th, December, 2004

I administer a newly deployed ROCKS compute cluster, and I use the Parallel Virtual Filesystem which comes with the ROCKS linux distribution to provide a parallel IO system. For those who are not familiar, check out my earlier ROCKS article, as well as my earlier article about PVFS. My cluster is slightly older hardware -- dual PIIIs, and each PC has two hard drives. Initially, I thought having two drives was great news, because I could add all of the capacity of the second drive, along with unused capacity of the first drive to grant large amounts of scratch space to the cluster users, some of whom would be more than happy to have it.

http://www.linuxsecurity.com/content/view/117717
 
  Secure programmer: Call components safely
  28th, December, 2004

How you handle calls and returns is as important as which components you call. Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.

http://www.linuxsecurity.com/content/view/117684
 
  Unix, Linux Security Bugs Patched
  27th, December, 2004

Internet security research firm iDefense has announced a series of vulnerabilities and patches for a variety of Unix- and Linux-based products.

http://www.linuxsecurity.com/content/view/117680

 
  Unpatched Linux PCs Stay Secure For Months
  29th, December, 2004

The average unpatched Linux system survives for months on the Internet before being hacked, a report recently issued by the Honeypot Project claims.

http://www.linuxsecurity.com/content/view/117697

 
  New, 'Critical' Windows Bug Lack Patches
  28th, December, 2004

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking. The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched.

http://www.linuxsecurity.com/content/view/117686
 
  Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months
  30th, December, 2004

The average unpatched Linux system survives for months on the Internet before being hacked, a report recently issued by the Honeypot Project claims. The life expectancy of Linux has lengthened dramatically since 2001 and 2002, the project said, from a mere 72 hours two and three years ago to an average of three months today. Honeypot Project is a non-profit that, as its name suggests, connects vulnerable systems to the Internet in the hope of drawing attacks so that they can be studied.

http://www.linuxsecurity.com/content/view/117718

 
  Linux, security skills projected hot skills for 2005
  30th, December, 2004

Security, Web services and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005, according to research firms that specialize in tracking skills and certifications. Researchers said companies continue to invest in security-related projects while looking to eliminate aging legacy systems, and are exploring less expensive, newer platforms such as Linux.

http://www.linuxsecurity.com/content/view/117720
 
  What's Hot in 2005
  28th, December, 2004

What technologies are going to be most important for you to survive 2005? We pull out our looking glass and tell you what's hot.We Don't Need No Stinking Power Cords! Power over Ethernet (PoE) technology will be deployed big-time, allowing wireless access points, VoIP phones, and many other devices to be used with less hassle and expense, because they can get electricity and Ethernet connectivity from the same cable. Electricians unions across the country walk out in protest.

{mos_sb_discuss:24}

http://www.linuxsecurity.com/content/view/117687
 
  Web services skills a must for 2005
  28th, December, 2004

Web services, security and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005, according to research firms that specialize in tracking skills and certifications.Researchers said companies continue to invest in security-related projects while looking to eliminate aging legacy systems, and are exploring less expensive, newer platforms such as Linux.

http://www.linuxsecurity.com/content/view/117688
 
  Phone Worm Source Code Out, Expect More Threats
  29th, December, 2004

The source code for the most prevalent worm targeting mobile phones has been made public, security firms announced Wednesday, a dangerous disclosure that may lead to more effective attacks.

http://www.linuxsecurity.com/content/view/117703

 
  Largest IPv6 network launched in China
  30th, December, 2004

An IPv6-based network linking 25 universities in 20 cities across China began operating on Saturday. The China Education and Research Network Information Center (CERNIC) announced the launch of the network, called CERNET2, which is thought to be the largest single IPv6 network yet created. CERNIC claimed it makes China a world leader in the race to build the next generation of the Internet. China's National Development Reform Commission (NDRC) has set aside 1.4bn yuan (US$169m) to support six next-generation Internet networks, according to People's Daily , China's main daily newspaper. Half of it will be used on projects linked to the university network, with the remaining money given to five telecom operators.

{mos_sb_discuss:6}

http://www.linuxsecurity.com/content/view/117715
 
  Linux and Open Source: The 2005 Generation
  3rd, January, 2005

Sometimes people don't know when a revolution has happened until afterwards. Then, the historians tell us that 2004 was the year that open source started to become computing's mainstream.

http://www.linuxsecurity.com/content/view/117740

 
  Security challenges spread to multiple fronts and IT jobs will rebound in 2005
  3rd, January, 2005

In my last column, I reviewed the top security developments of 2004. Now I'm going to extrapolate on the trends that I see affecting IT security in 2005, both here and abroad.

{mos_sb_discuss:24}

http://www.linuxsecurity.com/content/view/117741
 
  Biometric Sensors Keep Finger on Security
  27th, December, 2004

Biometrics authentication technology should be a promising means to confirm a cardholder's authenticity. With a Linux-based radio frequency (RF) personalizer that reads and writes in memory, the administrator can set various parameters of the smart security controller, such as real-time clock, personal identification number (PIN) option, alarm options and reader delays.

http://www.linuxsecurity.com/content/view/117675
 
  Security workers praise Sarbanes-Oxley
  27th, December, 2004

Many security workers feel that government regulations aimed at protecting IT networks from threats are working, according to new survey.

http://www.linuxsecurity.com/content/view/117682

 
  Holiday Attacks Target IE Browser, PHP Servers
  28th, December, 2004

Malware authors on Christmas day left dubious "gift" packages in e-mailboxes across the Internet. Fresh attacks, which took advantage of old Internet Explorer bugs, as well as new versions of the Santy worm fouled the holidays for some Windows users and PHP server admins. A posting on the Full Disclosure mailing list described a new attack that can proceed without user intervention.

http://www.linuxsecurity.com/content/view/117689

 
  Fast-Acting Hackers Put Out Trojan Attacking IE
  29th, December, 2004

It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday.

{mos_sb_discuss:27}

http://www.linuxsecurity.com/content/view/117701
 
  Fast-Acting Hackers Put Out Trojan Attacking IE
  30th, December, 2004

It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday. Phel.a, a Trojan horse discovered Monday, attempts to exploit the flaw in Internet Explorer 6.0 dubbed "Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass" that was first made public less than a week before, on December 21.

{mos_sb_discuss:27}

http://www.linuxsecurity.com/content/view/117714
 
  Phone Worm Source Code Out, Expect More Threats
  30th, December, 2004

The source code for the most prevalent worm targeting mobile phones has been made public, a dangerous disclosure that may lead to more effective attacks. The source code for the most prevalent worm targeting mobile phones has been made public, security firms announced Wednesday, a dangerous disclosure that may lead to more effective attacks. Cabir, which first appeared in June, uses Bluetooth to infect smart phones running the Symbian operating system.

http://www.linuxsecurity.com/content/view/117716

 
  ENN Year in Review 2004: Virus Wars
  30th, December, 2004

Malware used to be easy to detect and avoid. Virus writers would attach a malicious programme to an e-mail and distribute it as widely as possible. If any of the recipients opened the attachment, the virus could delete system and data files, search for confidential information and propagate itself on the local network. In those simple days, viruses were like vampires -- as long as you didn't invite them in, they couldn't do you any harm.

http://www.linuxsecurity.com/content/view/117719

 
  Spam Punishment Doesn't Fit the Crime
  28th, December, 2004

I hate spam as much as the next person, but recent decisions by courts in Iowa and Virginia demonstrate how fear of technology (and justifiable annoyance) can force the legal system to impose fines and sentences that are grossly disproportionate to the harm caused by spammers. This is not to defend or justify spammers, whose actions are at best deceptive, almost always annoying, generally illegal and frequently criminal.

http://www.linuxsecurity.com/content/view/117685

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying
FreeBSD Patches DoS Vulnerability
Rogue cell towers discovered in Washington, D.C.
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.