Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: February 7th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Getting to Know Linux Security: File Permissions," "Reporting Kernel Security Issues," and "Linux software can secure an entire network."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for squirrelmail, prozilla, cpio, openswan, enscript, zlib, gaim, cvs, openssl, curl, ruby, rhgh, file, net-tools, gimp, squid, dump, mc, dbus, kdepim, xpdf, kernel, ngIRCd, tikiwiki, f2c, ncfs, clamav, imap, chbg, vim, perl-dbi, and ethereal. The distributors include Debian, Fedora, Gentoo, Mandrake, and Red Hat. Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Linux Security Cookbook
  3rd, February, 2005

I read this book from cover to cover and consider it a great effort by the authors to cover many security issues related to not just Linux, but most *nix operating systems. Here's a chapter by chapter review of what I've observed in the book.
  Microsoft Claims Linux Security a Myth
  31st, January, 2005

Microsoft bigwig Nick McGrath claims that Linux security is highly exaggerated, and that the open source development model is 'fundamentally flawed.' The gist of his argument appears to be his claim of lack of accountability among distributors, coupled with generic statements short on facts. 'Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.'
  Home User Security Guide
  1st, February, 2005

I know many of you have received some nice to tech toys for Christmas recently, so its time to talk about making them secure and keeping them that way. I know many of you have new computers in your homes, but how many of you realize that this computer is already vulnerable? How can this be? How can a brand new computer be vulnerable? There are many reasons for this.
  Reporting Kernel Security Issues
  2nd, February, 2005

A lengthy and interesting thread was started on the lkml by Chris Wright looking to define a centralized place to report security issues in the Linux Kernel. Chris offered his services in getting things set up, addressing his email to Linus Torvalds, Andrew Morton [interview], Alan Cox [interview] and Marcelo Tosatti [interview]. He explained that he wanted to centralize the information "to help track it, make sure things don't fall through the cracks, and make sure of timely fix and disclosure". The resulting discussion was joined by numerous members of the kernel hacking community, exposing a wide range of opinions.
  Linux can secure entire network
  3rd, February, 2005

Tested over three months at IBMĂ•s Linux Test Integration Center (LTIC) by a seven-person team, the 87-page report [pdf] titled "Linux Security: exploring open source security for a Linux server environment" set out to test a wide range of open-source Linux products supported by IBM to see whether they could adequately protect a middleware environment. Only open source products were us
  Linux software can secure an entire network
  3rd, February, 2005

An IBM report that tested the suitability of Linux software to secure an network its entirety has come to light months after it was originally published. Tested over three months at IBM's Linux Test Integration Center (LTIC) by a seven-person team, the 87-page report set out to test a wide range of open-source Linux products supported by IBM to see whether they could adequately protect a middleware environment. Only open source products were used.
  Linux is mission critical for Czechs
  31st, January, 2005

The Czech postal service is putting its faith in open source, by migrating a vital application onto SuSE Linux The Czech postal service has moved a mission-critical application used by 3,400 post offices across the country to Linux.
  Penguins at the Gate
  2nd, February, 2005

Only a few open-source vendors have borne the time and expense of having their software EAL-certified. Red Hat and Novell's SuSE Linux attained EAL3+ ratings in the last year, but many other vendors have yet to do the same. This raises a fundamental question: Does open-source software need security certifications to win global acceptance?
  IBM study tests Linux security
  31st, January, 2005

To test open source security products, a study was conducted over a period of three months at the IBM Linux Test Integration Center. The goal for the security study was to deploy and compare various open source security tools that were available for free in the industry, and provide solution recommendations.v
  Linux security is a 'myth', claims Microsoft
  1st, February, 2005

A senior Microsoft executive, speaking exclusively to, has dismissed Linux's reputation as a secure platform as a "myth", claiming that the open source development process creates fundamental security problems. Nick McGrath, head of platform strategy for Microsoft in the UK, said that the myths surrounding the open source operating system are rapidly being exploded, and that customers are dismissing Linux as too immature to cope with mission-critical computing.
  Best Security Software Solution Live Voting
  2nd, February, 2005

SYS-CON's Readers' Choice Awards program is considered to be the most prestigious award program of the software industry and is often referred to as "the Oscars of the software industry." The products participating in the program are nominated by their vendors, customers, users, or SYS-CON readers. This year a record number of companies and products were nominated. Below is a list of all companies and products participating in the 2005 Readers' Choice Awards in each category.
  Identity Management: Controlling the Costs of Continuous Compliance
  3rd, February, 2005

There are a number of technologies that can streamline your compliance effort so that your company remains compliant without incurring burdensome recurring costs. One such technology is identity management, which can help to establish repeatable, sustainable, cost-effective processes that respond quickly to organizational changes, enable continuous compliance and security, and create auditable histories of who had access to what information.
  MS Security Program No Threat to Linux, Advocate Says
  4th, February, 2005

Bruce Perens, co-founder of the Open Source Initiative and leader of the Debian GNU/Linux distribution, said he believes Linux is simply more secure and can respond to potential threats at any time since it has an international developer base.
  RFID Vulnerability Expose
  1st, February, 2005

A vulnerability in radio-frequency ID chips could put millions of users of wireless car key tags or speed pass payment devices at risk, according to a recent study by researchers at Johns Hopkins University and RSA Laboratories. Using a relatively simple electronic device, criminals could wirelessly probe a car key tag or payment tag and then use the information obtained from the probe to crack the cryptographic key on the tag, Ari Juels, principal research scientist at RSA, explained.
  Manhunt for Filipino hacker ensues
  1st, February, 2005

A manhunt for the alleged Filipino hacker of the government portal "" and other government websites was launched after the suspect went into hiding, the police said Tuesday. Judge Antonio Eugenio of the Manila Regional Trial Court ordered the arrest of a certain JJ Maria Giner on January 24, 2005 for violating section 33a of the Electronic Commerce Law. Giner remains at large to date however.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.