Linux Security Week: January 10th 2005

The number of blogs and the use of blog readers rose rapidly last year--but a majority of Americans still do not know what a blog is. A report by the Pew Internet and American Life Project, called the "State of Blogging," discovered that readership of Web blogs--essentially, Web-based diaries--spiked 58 percent last year, with 27 percent of Internet users, or 32 million people, saying that they read blogs. Twelve percent of people who read blogs also chose to post comments on them.

From bloggers to multi-billion-dollar tech vendors, the Internet community gave its money and resources to help victims of the Asian tsunamis. Here's a roundup of our stories on the subject, including moving reports from a blogger who described the toll via cell-phone text messaging, and other bloggers who wrote what they saw from the scene of the carnage.

Firestarter is a GPL-licensed graphical firewall configuration program for iptables, the powerful firewall included in Linux kernels 2.4 and 2.6. Firestarter supports network address translation for sharing an Internet connection among multiple computers, and port forwarding for redirecting traffic to an internal workstation. Firestarter's clean and easy to use graphical user interface takes the time out of setting up a custom firewall.

news/firewall/securing-your-workstation-with-firestarter

Review: Protect yourself from fraudulent sites by having as much information as possible about them. The Netcraft Toolbar makes that information convenient. A new, free browser add-in from English Internet services firm Netcraft Ltd. fights phishing attacks and helps users investigate sites they visit.eWEEK.com tested the new tool bar, available initially only for Internet Explorer on Windows 2000 and Windows XP, and liked what we saw. All but one phishing link we visited was interrupted by a popup from the tool bar (click here to see a sample) and we used the built-in link to report the one site that the tool bar didn't block.

We've tested eleven popular anti-virus programs and come to some interesting conclusions. This is not strictly a Linux article, but if you run any Windows desktops on your network you should find this interesting.

Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.

The differences are indeed subtle. Both are malicious software (malware): uninvited, intrusive, and potentially destructive.

Security researchers have raised the alarm for a series of unrelated, high-risk vulnerabilities in Microsoft Corp.'s Internet Explorer and the open-source Mozilla browsers.

Juniper Networks got the ball rolling in February with the $4 billion acquisition of NetScreen Technologies, which specialized in virtual private network and firewall technology. In July, Microsoft and Cisco Systems began butting heads on security. Each announced plans to develop a comprehensive security architecture that would not only scan for viruses but also police networks to deny connections to machines that don't conform with security policies.

news/network-security/year-in-review-networking-gets-secure

As colleges and universities continue to sharpen identity management applications, next-generation technologies are closer than ever before.

news/network-security/authentication-gg-the-power-of-who

SSH is typically used for logging into remote servers so you have shell access to do maintenance, read your email, restart services, or whatever administration you require. SSH also offers some other native services, such as file copy (using scp and sftp) and remote command execution (using ssh with a command on the command line after the hostname).

news/server-security/ssh-port-forwarding

Finally the first Linux Netwosix Virtual Community is born.
news/vendors-products/linux-netwosix-virtual-community-is-born

Sometimes people don't know when a revolution has happened until afterwards. Then, the historians tell us that 2004 was the year that open source started to become computing's mainstream.

In my last column, I reviewed the top security developments of 2004. Now I'm going to extrapolate on the trends that I see affecting IT security in 2005, both here and abroad.

Internet crime and security have gotten a lot more complicated in the past year, with phishing and spyware constantly taking on new forms.

Even though it happened late in the year, 2004 will probably be remembered as the year that Microsoft Corp.'s Internet Explorer slipped.

IT managers who think that their Microsoft certifications give them all the tenure they need are in for a rude awakening. In fact, says author Robin Miller, their pink slips are only a point-and-click away.

Security consultancies will tell you that the explosive growth of system vulnerabilities and the risks of not complying with regulatory requirements, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA), require network architects to purchase vulnerability assessment (VA) consulting. We say, "Why bother?" Packaged VA solutions provide an affordable basis for systematic, repeatable methodologies that demonstrate compliance if used correctly (see "VA Deployment Tips" on page 49). The packaged VA solution architectures carry a common theme: They have matured to the point where inexperienced administrators can perform the sorts of security scans and analysis that were once the domain of hardcore security engineers.

Little more than a year ago, a company that I'm involved with found a serious flaw with Microsoft Passport.

Virus writing is no longer the exclusive domain of teenage geeks designing malicious code in their bedroom.

Chief information officers (CIOs) have developed reliable performance measures for most aspects of their job. For example, anyone who has worked on a help desk or managed a network knows that there are specific performance expectations related to response time, cost per unit, and efficiency. These performance metrics are quantifiable, relate to actual dollars and cents, and correlate to enterprise objectives of situational awareness and continual performance improvement. But information security presents a more complex measurement challenge.

Linux vendors are issuing patches for several serious bugs affecting an imaging component, a pdf viewer, two widely used media players and the Shoutcast audio server.

Almost a month after Microsoft released a fix for a security issue in the WINS (Windows Internet Name Service) name server, malicious exploits continue to haunt tardy network administrators. According to an alert from the SANS ISC (Internet Storm Center), there has been a startling increase in hacker probes directed at TCP port 42 and UDP 42, which handle WINS services. "If you have not patched your WINS servers in respective companies or campuses, beware. Patching these systems is now overdue," the center warned.

news/hackscracks/new-wins-exploits-making-rounds

A vulnerability within Microsoft's WINS (Windows Internet Naming Service), a component of popular server software such as Windows Server 2003, has been heavily exploited since the last day of 2004, several security organizations reported Tuesday.

news/hackscracks/hackers-sniffing-for-vulnerable-microsoft-servers

Three unpatched flaws in Internet Explorer now pose a higher danger, a security company warned, after code to exploit one of the issues was published to the Internet. Secunia said Friday that it had raised its rating of the vulnerabilities in Microsoft's browser to "extremely critical," its highest rating. The flaws, which affect IE 6, could enable attackers to place and execute programs such as spyware and pornography dialers on victims' computers without their knowledge, said Thomas Kristensen, Secunia's chief technology officer.

{mos_sb_discuss:27}
news/hackscracks/ie-flaw-threat-hits-the-roof

DRAPER, Utah --(Business Wire)-- Jan. 4, 2005 Disables Wireless When Users Are Connected to the Wired Network, Keeping Intruders Out

With the recent ratification of 802.11i, and the certification and availability of products enabled for the wireless security specification, the time seems right for enterprises to feel safe in adopting wireless networking en masse. However, eWEEK Labs has found that issues ranging from incompatible legacy hardware to uneven migration strategies may slow adoption of 802.11i technology. To be sure, 802.11i is a huge step forwardÑit's the first standardized wireless security solution with which government and businesses can be comfortable.

There will also be a change in the way that viruses are spread, they say, with an increase in the number of viruses that spread wirelessly between devices, including viruses that can exploit the wireless capabilities of laptops.