Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
LINUX ADVISORY WATCH - Happy New Year! This week advisories were released for netpbm, libtiff, imlib, Xpdf,CUPS, and ViewCVS. The distributors include Conectiva, Debian, Gentoo, and Mandrake.
LinuxSecurity.com Features:
A 2005 Linux Security Resolution - Without a mission and plan, very little gets accomplished. The new year should not only be a time to set personal goals such as an exercise regiment, but also a time to focus on security practices and configurations. 2005 will be hostile, now is the time to prepare.
State
of Linux Security 2004 - In 2004, security continued to be a major
concern. The beginning of the year was plagued with several kernel flaws and
Linux vendor advisories continue to be released at an ever-increasing rate.
This year, we have seen the reports touting Window's security superiority, only
to be debunked by other security experts immediately after release. Also, Guardian
Digital launched the new LinuxSecurity.com, users continue to be targeted by
automated attacks, and the need for security awareness and education
continues to rise.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
SysAdmin to SysAdmin: Using RAID with PVFS under ROCKS | ||
30th, December, 2004
I administer a newly deployed ROCKS compute cluster, and I use the Parallel Virtual Filesystem which comes with the ROCKS linux distribution to provide a parallel IO system. For those who are not familiar, check out my earlier ROCKS article, as well as my earlier article about PVFS. My cluster is slightly older hardware -- dual PIIIs, and each PC has two hard drives. Initially, I thought having two drives was great news, because I could add all of the capacity of the second drive, along with unused capacity of the first drive to grant large amounts of scratch space to the cluster users, some of whom would be more than happy to have it. |
||
Secure programmer: Call components safely | ||
28th, December, 2004
How you handle calls and returns is as important as which components you call. Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components. |
||
Unix, Linux Security Bugs Patched | ||
27th, December, 2004
|
||
Unpatched Linux PCs Stay Secure For Months | ||
29th, December, 2004
|
||
New, 'Critical' Windows Bug Lack Patches | ||
28th, December, 2004
A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking. The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched. |
||
Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months | ||
30th, December, 2004
|
||
Linux, security skills projected hot skills for 2005 | ||
30th, December, 2004
Security, Web services and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005, according to research firms that specialize in tracking skills and certifications. Researchers said companies continue to invest in security-related projects while looking to eliminate aging legacy systems, and are exploring less expensive, newer platforms such as Linux. |
||
What's Hot in 2005 | ||
28th, December, 2004
What technologies are going to be most important for you to survive 2005? We pull out our looking glass and tell you what's hot.We Don't Need No Stinking Power Cords! Power over Ethernet (PoE) technology will be deployed big-time, allowing wireless access points, VoIP phones, and many other devices to be used with less hassle and expense, because they can get electricity and Ethernet connectivity from the same cable. Electricians unions across the country walk out in protest. |
||
Web services skills a must for 2005 | ||
28th, December, 2004
Web services, security and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005, according to research firms that specialize in tracking skills and certifications.Researchers said companies continue to invest in security-related projects while looking to eliminate aging legacy systems, and are exploring less expensive, newer platforms such as Linux. |
||
Phone Worm Source Code Out, Expect More Threats | ||
29th, December, 2004
|
||
Largest IPv6 network launched in China | ||
30th, December, 2004
An IPv6-based network linking 25 universities in 20 cities across China began operating on Saturday. The China Education and Research Network Information Center (CERNIC) announced the launch of the network, called CERNET2, which is thought to be the largest single IPv6 network yet created. CERNIC claimed it makes China a world leader in the race to build the next generation of the Internet. China's National Development Reform Commission (NDRC) has set aside 1.4bn yuan (US$169m) to support six next-generation Internet networks, according to People's Daily , China's main daily newspaper. Half of it will be used on projects linked to the university network, with the remaining money given to five telecom operators. |
||
Linux and Open Source: The 2005 Generation | ||
3rd, January, 2005
|
||
Security challenges spread to multiple fronts and IT jobs will rebound in 2005 | ||
3rd, January, 2005
In my last column, I reviewed the top security developments of 2004. Now I'm going to extrapolate on the trends that I see affecting IT security in 2005, both here and abroad. |
||
Biometric Sensors Keep Finger on Security | ||
27th, December, 2004
Biometrics authentication technology should be a promising means to confirm a cardholder's authenticity. With a Linux-based radio frequency (RF) personalizer that reads and writes in memory, the administrator can set various parameters of the smart security controller, such as real-time clock, personal identification number (PIN) option, alarm options and reader delays. |
||
Security workers praise Sarbanes-Oxley | ||
27th, December, 2004
|
||
Holiday Attacks Target IE Browser, PHP Servers | ||
28th, December, 2004
|
||
Fast-Acting Hackers Put Out Trojan Attacking IE | ||
29th, December, 2004
It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday. |
||
Fast-Acting Hackers Put Out Trojan Attacking IE | ||
30th, December, 2004
It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday. Phel.a, a Trojan horse discovered Monday, attempts to exploit the flaw in Internet Explorer 6.0 dubbed "Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass" that was first made public less than a week before, on December 21. |
||
Phone Worm Source Code Out, Expect More Threats | ||
30th, December, 2004
|
||
ENN Year in Review 2004: Virus Wars | ||
30th, December, 2004
|
||
Spam Punishment Doesn't Fit the Crime | ||
28th, December, 2004
|
||