Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more!
LINUX
ADVISORY WATCH - This week, advisories were released for php, ethereal,
krb, kerberos, lintian, kdelibs, linpopup, bmv, exim, libc6, exim-tls, gopher,
libtiff, gtk, selinux-policy-targeted, epiphany, kernel, yum, samba, cups, subversion,
vim, samba, gdpdf, dillo, tikiwiki, pdftohelp, mpg123, imlib2, poppassed_pam,
kde, nfs-utils, hylafax, fcron, lesstif, and unarj. The distributors include
Contectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and TurboLinux.
LinuxSecurity.com
Feature Extras:
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
A
2005 Linux Security Resolution - Year 2000, the coming of the
new millennium, brought us great joy and celebration, but also brought great
fear. Some believed it would result in full-scale computer meltdown, leaving
Earth as a nuclear wasteland. Others predicted minor glitches leading only
to inconvenience. The following years (2001-2004) have been tainted with the
threat of terrorism worldwide.
State
of Linux Security 2004 - In 2004, security continued to be a
major concern. The beginning of the year was plagued with several kernel flaws
and Linux vendor advisories continue to be released at an ever-increasing
rate. This year, we have seen the reports touting Window's security superiority,
only to be debunked by other security experts immediately after release. Also,
Guardian Digital launched the new LinuxSecurity.com, users continue to be
targeted by automated attacks, and the need for security awareness and education
continues to rise.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Patching takes over IT for a day
10th, January, 2005
The engineers at vulnerability testing tool vendor nCircle Network
Security spend US$100 per month at the coffee shop in the lobby of their
office building in downtown San Francisco. But there is one day each
month when a trip to the cafe is more urgent than at any other time:
Patch Tuesday.
Not Dead Yet: NT Gets Patches Even Though Support's Over
13th, January, 2005
Although Microsoft has repeatedly warned users of Windows NT that security
fixes would cease and desist as of Jan. 1, 2005, January's regularly-scheduled
patches actually included one for the obsolete and retired operating
system.
A computer hacker apparently broke into a George Mason University database
containing student and employee Social Security numbers, leaving 32,000
people uncertain whether their finances or identities might be compromised.
Major penetration tool upgrade gets sysadmin hearts beating
14th, January, 2005
A major update to highly regarded open-source penetration testing tool
Metasploit Framework (MSF) has been released by its volunteer developers.
MSF is designed to exploit dozens of security holes with just a few
clicks.
Locking down the network and patrolling the perimeter is a never-ending
job. Still, it feels good to get through another shift on the Forbidden
Planet without an invisible force penetrating your shield and setting
off alarms. But there's a change: now, other humans want to work from
their home worlds -- but by mind alone, over the computer screen. It's
up to you to create for them a safe passage (one that won't have Robby
the Robot all stirred up and carrying Anne Francis around like a rag
doll) and to make sure the Krell don't come sneaking in, under the fence,
behind the newcomers.
With the launch of its Aspen 8800 enterprise LAN switches, Extreme
Networks Inc. is challenging network designers to rethink the way they
build systems to deal with voice traffic and growing internal security
threats.
Spyware is challenging spam and viruses for the top spot on IT worry
lists. Spyware poses considerable threats and risks to enterprise networks
and remediation and countermeasures are now being regarded as critical
to network security.
Hacker Takes Seven-Month Spree On T-Mobile Network
13th, January, 2005
A hacker broke into a wireless carrier's network over at least seven
months and read e-mails and personal computer files of hundreds of customers,
including the Secret Service agent investigating the hacker, the government
said Wednesday.
This paper looks at the evolution of firewall technology towards Deep
Packet Inspection, and then discusses some of the security issues with
this evolving technology.
Sophos to Join 2005 Southern California Linux Expo
12th, January, 2005
The Southern California Linux expo has announced that Sophos has signed
on as one of the latest sponsors of SCALE 3x, the Third Annual Southern
California Linux Expo. SCALE 3x has been called " .. one of the few
good grass-root level technical conferences for Linux" by Linux Kernel
Developer Robert Love.
PIKT, Problem Informant/Killer Tool, v1.18.0 has been released. PIKT
is a cross-categorical, multi-purpose toolkit to monitor and configure
computer systems, organize system security, format documents, assist
command-line work, and perform other common systems administration tasks.
Guardian Digital Launches New Edition of
Award-Winning EnGarde Secure Linux Distribution
12th, January, 2005
Guardian Digital, Inc., the worldÕs premier provider of open source
security solutions, today announced the expansion of its product portfolio
with the launch of EnGarde Secure Linux: Basic Edition, a low-cost alternative
to the award-winning EnGarde Secure Linux operating platform. Responding
to the economic and network security requirements of individuals and
small business users, EnGarde Basic is a flexible platform upon which
users can build a comprehensive Internet infrastructure including features
that provide leading-edge security, ease of management and standard
Internet functions.
BitDefender has unveiled three new products for its 1.6.1 generation
of BitDefender for Linux mail servers, in a bid to bolster its offering
for the Linux community.
Although some ISPs and legislators are crediting the year-old CAN-SPAM
Act and better technology for recent gains in the war on spam, many
in the industry say the advances are forcing spammers to employ new
tactics, which are destabilizing the Internet's crucial DNS.
New Windows boxes under heavy fire, Linux largely untouched
10th, January, 2005
There will be more new Windows computers booting up than those running
Linux after the most recent season of giving. But there's no safety
in numbers; recent analysis and expert opinion indicates the Microsoft
machines will be quickly and heavily targeted by attackers, while Linux
computers are largely left alone.
Linux creator Linus Torvalds had a few things to say this week about
the way potential security issues are disclosed to fellow open sourcers.
And it wasn't all good.
Opinion: The development cycle of vulnerability definition, exploit
programming and attack deployment is moving at full speed. The prospects
for a 2005 full of grief for users and IT are excellent.
Linux in Government: How Security Exploits Threaten Government Infrastructures
10th, January, 2005
The Linux in Government series has taken a new format for 2005. This
year's articles will provide fundamental information to government technologists
about Linux and open-source software. Although we will continue to inform
you about agencies and projects specifically using open-source solutions,
we also are going to provide information about open-source resources
available to governments.
Homeland Security Offers Online Tool To Assess Stadium Security
11th, January, 2005
Fashioned after online self-assessment tools used by authorities to
assess vulnerabilities at airports, the Department of Homeland Security
on Friday unveiled software it developed to let officials identify vulnerabilities
and assess the security at stadiums with large seating capacity.
