Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more! LINUX ADVISORY
WATCH - Happy New Year! This week advisories were released for netpbm, libtiff,
imlib, Xpdf,CUPS, and ViewCVS. The distributors include Conectiva, Debian, Gentoo,
and Mandrake.
LinuxSecurity.com
Features:
A 2005
Linux Security Resolution - Without a mission and plan, very little
gets accomplished. The new year should not only be a time to set personal goals
such as an exercise regiment, but also a time to focus on security practices
and configurations. 2005 will be hostile, now is the time to prepare.
State
of Linux Security 2004 - In 2004, security continued to be a major
concern. The beginning of the year was plagued with several kernel flaws and
Linux vendor advisories continue to be released at an ever-increasing rate.
This year, we have seen the reports touting Window's security superiority, only
to be debunked by other security experts immediately after release. Also, Guardian
Digital launched the new LinuxSecurity.com, users continue to be targeted by
automated attacks, and the need for security awareness and education
continues to rise.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
SysAdmin to SysAdmin: Using RAID with PVFS under ROCKS
30th, December, 2004
I administer a newly deployed ROCKS compute cluster, and I use the Parallel Virtual Filesystem which comes with the ROCKS linux distribution to provide a parallel IO system. For those who are not familiar, check out my earlier ROCKS article, as well as my earlier article about PVFS. My cluster is slightly older hardware -- dual PIIIs, and each PC has two hard drives. Initially, I thought having two drives was great news, because I could add all of the capacity of the second drive, along with unused capacity of the first drive to grant large amounts of scratch space to the cluster users, some of whom would be more than happy to have it.
How you handle calls and returns is as important as which components you call. Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.
A trio of new and unpatched vulnerabilities in Microsoft Windows
were made public on security mailing lists over the weekend, nudging some
security vendors to alert users that their systems may be open to attack
and hijacking. The vulnerabilities, first reported by a Chinese group
and then posted to the Bugtraq mailing list, are in Windows' LoadImage
API function, its animated cursor files, and in the way it handles help
files. All of the bugs are as yet unpatched.
Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months
30th, December, 2004
The average unpatched Linux system survives for months on the Internet
before being hacked, a report recently issued by the Honeypot Project
claims. The life expectancy of Linux has lengthened dramatically since
2001 and 2002, the project said, from a mere 72 hours two and three
years ago to an average of three months today. Honeypot Project is a
non-profit that, as its name suggests, connects vulnerable systems to
the Internet in the hope of drawing attacks so that they can be studied.
Linux, security skills projected hot skills for 2005
30th, December, 2004
Security, Web services and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005, according to research firms that specialize in tracking skills and certifications. Researchers said companies continue to invest in security-related projects while looking to eliminate aging legacy systems, and are exploring less expensive, newer platforms such as Linux.
What technologies are going to be most important for you to survive 2005? We pull out our looking glass and tell you what's hot.We Don't Need No Stinking Power Cords! Power over Ethernet (PoE) technology will be deployed big-time, allowing wireless access points, VoIP phones, and many other devices to be used with less hassle and expense, because they can get electricity and Ethernet connectivity from the same cable. Electricians unions across the country walk out in protest.
Web services, security and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005, according to research firms that specialize in tracking skills and certifications.Researchers said companies continue to invest in security-related projects while looking to eliminate aging legacy systems, and are exploring less expensive, newer platforms such as Linux.
The source code for the most prevalent worm targeting mobile phones
has been made public, security firms announced Wednesday, a dangerous
disclosure that may lead to more effective attacks.
An IPv6-based network linking 25 universities in 20 cities across China began operating on Saturday. The China Education and Research Network Information Center (CERNIC) announced the launch of the network, called CERNET2, which is thought to be the largest single IPv6 network yet created. CERNIC claimed it makes China a world leader in the race to build the next generation of the Internet. China's National Development Reform Commission (NDRC) has set aside 1.4bn yuan (US$169m) to support six next-generation Internet networks, according to People's Daily , China's main daily newspaper. Half of it will be used on projects linked to the university network, with the remaining money given to five telecom operators.
Sometimes people don't know when a revolution has happened until afterwards.
Then, the historians tell us that 2004 was the year that open source
started to become computing's mainstream.
Security challenges spread to multiple fronts and
IT jobs will rebound in 2005
3rd, January, 2005
In my last column, I reviewed the top security developments of 2004. Now I'm going to extrapolate on the trends that I see affecting IT security in 2005, both here and abroad.
Biometrics authentication technology should be a promising means
to confirm a cardholder's authenticity. With a Linux-based radio frequency
(RF) personalizer that reads and writes in memory, the administrator can
set various parameters of the smart security controller, such as real-time
clock, personal identification number (PIN) option, alarm options and
reader delays.
Malware authors on Christmas day left dubious "gift" packages in e-mailboxes
across the Internet. Fresh attacks, which took advantage of old Internet
Explorer bugs, as well as new versions of the Santy worm fouled the
holidays for some Windows users and PHP server admins. A posting on
the Full Disclosure mailing list described a new attack that can proceed
without user intervention.
It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday.
It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday. Phel.a, a Trojan horse discovered Monday, attempts to exploit the flaw in Internet Explorer 6.0 dubbed "Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass" that was first made public less than a week before, on December 21.
The source code for the most prevalent worm targeting mobile phones
has been made public, a dangerous disclosure that may lead to more effective
attacks. The source code for the most prevalent worm targeting mobile
phones has been made public, security firms announced Wednesday, a dangerous
disclosure that may lead to more effective attacks. Cabir, which first
appeared in June, uses Bluetooth to infect smart phones running the
Symbian operating system.
Malware used to be easy to detect and avoid. Virus writers would attach
a malicious programme to an e-mail and distribute it as widely as possible.
If any of the recipients opened the attachment, the virus could delete
system and data files, search for confidential information and propagate
itself on the local network. In those simple days, viruses were like
vampires -- as long as you didn't invite them in, they couldn't do you
any harm.
I hate spam as much as the next person, but recent decisions by courts
in Iowa and Virginia demonstrate how fear of technology (and justifiable
annoyance) can force the legal system to impose fines and sentences
that are grossly disproportionate to the harm caused by spammers. This
is not to defend or justify spammers, whose actions are at best deceptive,
almost always annoying, generally illegal and frequently criminal.
