4 - 7 min read
Jan 24, 2005
This week, perhaps the most interesting articles include "," "," and "
Router
Protection is Necessary in 2005."
Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more!
LINUX
ADVISORY WATCH - This week, advisories were released for twiki,
xine, libtiff, mc, gatos, playmidi, chbg, cups, imagemagick, mysql, xpdf, xtrlock,
mysql, sword, squid, gimp, dovecot, dhcp, bind, vixie-cron, sysklogd, alsa-lib,
grep, kernel-utils, ethereal, mpg123, playmidi, and krb5. The distributors include
Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.
LinuxSecurity.com
Feature Extras:
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
A
2005 Linux Security Resolution - Year 2000, the coming of the
new millennium, brought us great joy and celebration, but also brought great
fear. Some believed it would result in full-scale computer meltdown, leaving
Earth as a nuclear wasteland. Others predicted minor glitches leading only
to inconvenience. The following years (2001-2004) have been tainted with the
threat of terrorism worldwide.
State
of Linux Security 2004 - In 2004, security continued to be a
major concern. The beginning of the year was plagued with several kernel flaws
and Linux vendor advisories continue to be released at an ever-increasing
rate. This year, we have seen the reports touting Window's security superiority,
only to be debunked by other security experts immediately after release. Also,
Guardian Digital launched the new LinuxSecurity.com, users continue to be
targeted by automated attacks, and the need for security awareness and education
continues to rise.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
|
Linux Vulnerabilities Creep Toward the Desktop |
|
17th, January, 2005
As Linux increasingly hits the enterprise Relevant and consumer mainstream,
a growing number of security threats are emerging which prey on holes
in applications and files managed by desktop users.
|
|
|
Honeypot Project: Unpatched Linux Systems Last Longer than Windows |
|
19th, January, 2005
The Honeypot Project has added fuel to the debate over which is more
secureÑLinux or WindowsÑwith findings that unpatched Linux systems can
be on the Internet for months before being successfully attacked while
Windows systems have been compromised in as little as hours.
|
|
|
Oracle Patch Fixes 23 'Critical' Vulnerabilities |
|
20th, January, 2005
Oracle Corp. late Tuesday issued a "critical patch update" to address
23 security holes in its database and application server products.
|
|
|
Security Firm Uncovers Flaws in Mac OS X's Darwin |
|
20th, January, 2005
Security company Immunity says it has found several vulnerabilities
in Darwin, the implementation of Unix that underlies Apple Computer
Inc.'s Mac OS X operating system.
|
|
|
VoIP Is Scary |
|
18th, January, 2005
Imagine that you deliver an application with 100%, instant-on availability.
Security is rock-solid. Costs are dropping. Users never complain. And
anytime you upgrade, even if you buy software and gear with new features
from a different vendor, user acceptance is always immediate and training
virtually nil.
news/network-security/voip-is-scary
|
|
|
Review: Intrusion-Protection Systems |
|
20th, January, 2005
Detecting network intrusions is no longer enough. Smart organizations
aim to prevent them. No wonder: The lag between vulnerability announcement,
patch release and exploit is shrinking like a cheap trade-show T-shirt.
The Blaster attack came only 25 days after the patch was released, and
Sasser was even faster--18 days. In March, the Witty worm struck a buffer-overflow
vulnerability one day after the flaw was discovered.
|
|
|
Notes From Security School |
|
18th, January, 2005
The underground world of the computer hacker may seem like a place
where chaos rules, but the reality is there's a method to the hacker's
perceived madness. And understanding that method is critical to knowing
how best to respond to a skilled attacker.
news/vendors-products/notes-from-security-school
|
|
|
Router Protection is Necessary in 2005 |
|
21st, January, 2005
How safe is the router? Not too safe. From a security standpoint, 2005
is the year that the router becomes the Achilles heel of the network,
says Dan Jackson, president and COO of DeepNines Technologies, the only
company capable of protecting networks from in front of the router.
news/vendors-products/router-protection-is-necessary-in-2005
|
|
|
Linux fights off hackers |
|
17th, January, 2005
Linux systems are getting tougher for hackers to crack, security experts
have reported today.
|
|
|
Automated Tools Fight Security Wars |
|
18th, January, 2005
Last year, a computer worm that conducts automated reconnaissance appeared;
it uses the Google Inc. search engine to automatically find Web sites
running vulnerable bulletin-board software and then defaces them. The
financial-services industry noticed a spike last fall in phishing attempts
to steal money from customers' accounts and put the blame on a new toolkit
that made it easier to set up such scams.
|
|
|
Linux servers safer than ever |
|
20th, January, 2005
Attackers are no longer bothering to attack average Linux systems,
because there's so much more money to be made from invading Windows,
according to security researchers.
|
|
|
FBI retires its Carnivore |
|
17th, January, 2005
FBI surveillance experts have put their once-controversial Carnivore
Internet surveillance tool out to pasture, preferring instead to use
commercial products to eavesdrop on network traffic, according to documents
released Friday.
news/government/fbi-retires-its-carnivore
|
|
|
US slaps on the wardriver-busting paint |
|
17th, January, 2005
Security-minded US decorators' supply outfit Force Field Wireless claims
to have developed a DIY solution to the international menace of marauding
geek wardrivers - DefendAir paint "laced with copper and aluminum fibers
that form an electromagnetic shield, blocking most radio waves and protecting
wireless networks".
|
|
|
Build a wireless network sniffer |
|
18th, January, 2005
This article reviews common issues of wireless security, and shows
how to use open source software to suss out wireless networks, get information
about them, and start recognizing common security problems. You will
learn how to build a lightweight wireless sniffer that runs on open
source software and, see how simple it is to interact with wireless
networks.
|
|
|
'Evil Twin' Haunts Wi-Fi Users |
|
20th, January, 2005
An IT security expert, an academic and the U.K. government's cybercrime
unit will give Londoners an introduction to the security dangers of
wireless networking on ThursdayÑwith the star of the show being an attack
method dubbed the "Evil Twin."
|
|
|
Wi-Fi Boom Makes Life Easier for Computer Hackers |
|
20th, January, 2005
Wireless networks giving computer users Internet access from anywhere
in the home could expose them to eavesdropping, and programmers should
make their security software easier to use, researchers say.
|
|
|
Securing Your Starbucks Experience |
|
21st, January, 2005
The original plan for this column was to write it at my neighborhood
Starbucks while sipping down some good old French Roast and getting
my blood caffeine level into the quadruple digits. Alas, it was not
to be. My T-Mobile account seems to have expired; the Washington, DC,
area was clobbered by a massive 3-inch snowfall, making travel impossible;
and worst of all, Starbucks has all those high-carb goodies there at
the coffee counter. I couldn't take the risk.
|
|