Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
LINUX ADVISORY WATCH - This week, advisories were released for libXpm, evolution, mailman, hztty, xpcd, sympa, netkit-rwho, toolchain, htdig, synaestheia, awstats, typespeed, emacs, gftp, python, openoffice, kernel, kdeedu, gallery, webmin, perl-squid, ht/dig, opera, vmware, lighttpd, kstars, midnight commander, drakextools, cpio, enscript, mysql, rwho, kdelibs, xpdf, libtiff, vim, ethereal, thunderbird, and squid. The vendors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.
LinuxSecurity.com Feature Extras:
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
What's The Best VoIP System For SMBs? | ||
15th, February, 2005
Making phone calls using a broadband Internet connection, more fondly known as VoIP (Voice over Internet Protocol), is becoming more and more popular with corporations of every size. The prospect of paying a flat fee for unlimited long-distance phone calls is appealing to every company that has struggled to balance the need to conduct business phone calls with the price of those calls. Calling plans are now available that provide unlimited minutes to any U.S. or Canadian phone number by routing the voice traffic over an existing broadband connection shared with the company's Internet access. |
||
Why Not Truth? | ||
14th, February, 2005
Ultimately cryptographers want some form of quantum repeater--in essence, an elementary form of quantum computer that would overcome distance limitations. A repeater would work through what Albert Einstein famously called "spukhafte Fernwirkungen," spooky action at a distance. |
||
Researchers: Digital encryption standard flawed | ||
17th, February, 2005
In a three-page research note, three Chinese scientists -- Xiaoyun Wang and Hongbo Yu of Shandong University and Yiqun Lisa Yin, a visiting researcher at Princeton University -- stated they have found a way to significantly reduce the time required to break a algorithm, known as the Secure Hashing Algorithm, or SHA-1, widely used for digital fingerprinting data files. Other cryptographers who have seen the document said that the results seemed to be genuine. |
||
Researchers find security flaw in SHA-1 | ||
17th, February, 2005
Security experts are warning that a security flaw has been found in a powerful data encryption algorithm, dubbed SHA-1, by a team of scientists from Shandong University in China. The three scientists are circulating a paper within the cryptographic research community that describes successful tests of a technique that could greatly reduce the speed with which SHA-1 could be compromised. |
||
How To Shop For A VPN | ||
14th, February, 2005
Get clued in on what to look for in enterprise-class products, including the ins and outs of software vs. appliances, LAN-to-LAN vs. remote access, SSL, IPsec, and other decisions you need to make. With a virtual private network creating safe access for your Internet-connecting users, you can rip out expensive frame relay, leased lines and modem dial-up banks in favor of a secure WAN connection. For any network that connects remote users to the Internet, a VPN gateway provides three essentials for your data: authentication, confidentiality and integrity. |
||
Linux Magazine: mod_perl, Part Two | ||
14th, February, 2005
As I mentioned last month, having persistent Perl code means that some steps of your application can be reused rather than repeated. One very easy optimization is keeping your database handles open between web hits, rather than reopening them on each new hit. The Apache::DBI module (found in the CPAN) does the work for you by altering the way normal DBI connections are processed. If your application is like most, you simply add PerlModule Apache::DBI to the configuration file, and it just magically works. |
||
Deploy an application with Cerise Web server | ||
16th, February, 2005
|
||
HITB E-Zine: Issue #36 Released | ||
20th, February, 2005
After a nice Chinese New Year break we are pleased to bring you Issue #36 of the HITB e-zine. This is a pretty interesting issue with an exclusive article on Red Hat PIE Protection written by Zarul Shahrin as well as an article on building a simple wireless authenticated gateway using OpenBSD by Rosli Sukri (member of the HITB CTF Crew). |
||
Evaluating Your Firewall | ||
14th, February, 2005
Are you an administrator or security analyst who watches over a firewall with a hundred or more rules? Or perhaps a hired gun who must review a firewall with years of crusty buildup? Are you creating a test lab that involves a wide variety of networks, servers, and risks? If you're interested in enterprise-level firewalls, this article will help you make sense of common failures in processes and tools. We'll focus on enterprise-grade business and networking issues that affect firewalls. (Penetration studies and piercing firewalls from the outside will be covered in a later article.) |
||
SWsoft Unveils Virtuozzo 2.6.1 for Linux | ||
15th, February, 2005
The latest version of the Virtuozzo server virtualization solution features several new enhancements, including a new Virtuozzo control center, automatic update utility, stateful firewall support and VPN support. The company also announced that Australian firm SMS Central has purchased Virtuozzo for installation in its data center. |
||
Clever service has key to e-mail security | ||
14th, February, 2005
How can you be sure your e-mails are safe from prying eyes? To most of us e-mailing mom or even sending work-related e-mails, security really isn't of great concern. But for people to whom security is of great importance, sending sensitive documents over the Internet carries an extremely high degree of risk. |
||
More advisories, more security | ||
15th, February, 2005
More and more, we see articles questioning the security of a given platform based solely on the number of advisories published - and this approach is simply wrong, writes Thierry Carrez, of Gentoo Linux. |
||
Is Linux Security A Myth? | ||
17th, February, 2005
There are rare occasions in IT when a particular architecture reaches a point where it stops being purely IT driven and takes on a life of its own. The last year has seen the open source movement reach such a cult status and at the vanguard of open source fashion can be found the Linux operating system. Whilst the platform appeals at several levels for potential users, some of a philosophical nature and others far more concrete, it is noticeable that a couple of its qualities have recently been called into question. |
||
OsAudit v0.1 (log gathering, monitoring and analysis) Available | ||
18th, February, 2005
OsAudit version 0.1 is available for download. OsAudit is a complete system for log gathering, monitoring and analysis. It has two different running modes: server and client. In client mode, OsAudit will read the logs and forward them (encrypted) to the server station. In server mode, OsAudit will receive external logs from the clients or from any other device that can send remote syslog messages and analyze them. OsAudit uses (right now) 3 different methods to analyze the logs... |
||
Why VoIP is raising new security concerns | ||
16th, February, 2005
New technology often leads to improved productivity, but it also arrives with new IT challenges, often centering on security. "With any new technology, security functions tend to be the last area that matures," noted Pete Lindstrom, Research Director at Spire Security LLC, a market research firm focusing on security issues. Voice over IP (VoIP) has begun to make significant inroads in the enterprise, so IT managers need to be aware of the unique security challenges it presents. |
||
Security firms show united front | ||
16th, February, 2005
A joint system for reporting and grading security vulnerabilities is going to be launched today. With an eye to guiding companies on which software problems to patch first, Cisco, Symantec and Qualys plan to launch a joint grading system for security vulnerabilities. The ratings will consist of three numbers, Gerhard Eschelbeck, the chief technology officer at security information provider Qualys said on Tuesday. The first will be a baseline estimate of the severity of the flaw. The second will rate the bug depending on how long it has been around, and therefore how likely it is that companies have patched against it. |
||
Securing Linux with Mandatory Access Controls | ||
15th, February, 2005
Some in the security industry say that Linux is inherently insecure, that the way Linux enforces security decsions is fundamentally flawed, and the only way to change this is to redesign the kernel. Fortunately, there are a few projects aiming to solve this problem by providing a more robust security model for Linux by adding Mandatory Access Control (MAC) to the kernel. |
||
Is Linux Security A Myth? | ||
16th, February, 2005
There are rare occasions in IT when a particular architecture reaches a point where it stops being purely IT driven and takes on a life of its own.The last year has seen the open source movement reach such a cult status and at the vanguard of open source fashion can be found the Linux operating system. Whilst the platform appeals at several levels for potential users, some of a philosophical nature and others far more concrete, it is noticeable that a couple of its qualities have recently been called into question. |
||
Defense picks two for PKI | ||
16th, February, 2005
Defense Department officials selected two companies to provide digital certificate validation for the department's public-key infrastructure (PKI), a decision that some officials feel could spur a faster move to paperless e-government. After a yearlong, worldwide pilot test, military officials chose Tumbleweed Communications and CoreStreet as the two certificate validation providers for its Identity Protection and Management Program, which includes the Common Access Card smart card program. |
||
Novell taps open source for security | ||
15th, February, 2005
For Novell, security and open source belong together. The Waltham, Mass.-based company said Monday that it will submit the programming interfaces for eDirectory to two open-source projects, allowing developers to use Novell's directory program to authenticate network access. Novell also detailed a partnership with Linux security company Astaro to create a security appliance that runs Novell's SuSE Linux operating system. |
||
Novell boosts its Linux security credentials | ||
16th, February, 2005
Novell has unveiled a SuSE Linux-based soft appliance designed to protect businesses against security threats from hackers, viruses, worms and spam. The company said that its Novell Security Manager, which is powered by security software from network security firm Astaro, features six perimeter security applications with an integrated management platform. |
||
SuSE Linux awarded government security cert | ||
18th, February, 2005
IBM and Novell announced at LinuxWorld today that SuSE Linux Enterprise Server 9 has become the first distribution to complete Evaluation Assurance Level (EAL) 4+. The high security rating will enable the operating system to be adopted by governments and government agencies for mission-critical operations, according to the firms. |
||
Security show tackles online threats | ||
14th, February, 2005
The security industry, in the business of paranoia, will be looking over its shoulders more frequently at the annual RSA Security Conference this week. With phishing attacks plaguing consumers, viruses showing no signs of abating, and regulations such as Sarbanes-Oxley worrying clients, business has been brisk for security firms. |
||
Liberty Alliance Releases ID Standard For Web Services | ||
14th, February, 2005
The Liberty Alliance Project on Friday unveiled the public draft release of a framework for identity-based web services. The latest release of ID-WSF 2.0 is the first of three that will each add greater depth to the identity-management framework. The final specification including all three releases is expected to be available by end of the year. Phase one extends ID-WSF 2.0 to include support for SAML 2.0 from the Organization for Advancement of Structured Information Sciences, an international standards body. |
||
The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage | ||
14th, February, 2005
In a few short years, email has become a major part of the national psyche and a business-critical tool of communication. However, while companies have been more than willing to embrace the business benefits of email, they continue to remain oblivious to many of the responsibilities this new form of communication brings, particularly as it affects their employees. It is a commonly held misconception, due to the informal traditions of electronic communication, that e-mails carry less weight than letters on headed notepaper. |
||
Security firms show united front | ||
16th, February, 2005
With an eye to guiding companies on which software problems to patch first, Cisco, Symantec and Qualys plan to launch a joint grading system for security vulnerabilities. The ratings will consist of three numbers, Gerhard Eschelbeck, the chief technology officer at security information provider Qualys said on Tuesday.The first will be a baseline estimate of the severity of the flaw. The second will rate the bug depending on how long it has been around, and therefore how likely it is that companies have patched against it. The third will measure the threat a vulnerability poses to a specific corporate network. Each will take five or six factors into account for the measurement. |
||
Providing Database Encryption | ||
16th, February, 2005
|
||
Novell makes open source security moves | ||
18th, February, 2005
The Waltham, Massachusetts-based company has released the APIs to the open source community to enable open source developers to make use of Novell's eDirectory identity management platform. The code has been posted to two open source groups: the Samba file and print server project, and the FreeRadius remote user authentication project, enabling the Samba CIFS and SMB clients and the FreeRadius wireless authentication technologies to be supported by eDirectory. |
||
Watch Out for Spies With Friendly Faces | ||
18th, February, 2005
As tech-savvy people, we know by now that we have to worry about technology being used to invade our privacy. But we tend to focus on the stuff that's deliberately snooping on us: spyware, keyloggers, Trojan horses, and other software and hardware designed with malicious intent. An even bigger risk, though, can come from the tools we usually trust--helpful gadgets and programs that weren't built to spy on us but can be used that way. |
||
Passwords? We don't need no stinking passwords | ||
16th, February, 2005
RSA 2005: Concerns over online security are continuing to slow consumer e-commerce growth. A quarter of the respondents in a recent survey have reduced their online purchases in the past year and 21 per cent refuse to conduct business with their financial institutions online because of security fears. More than half (53 per cent) of the 1,000 consumers quizzed believe that basic passwords fail to provide sufficient protection for sensitive personal information. |
||
F-Secure exploit patched | ||
14th, February, 2005
F-Secure has become the latest security firm to be embarrassed by a flaw in its flagship security product line, but the company manged to patch the flaw while it was still only 'theoretical' F-Secure has released a patch for a serious flaw in its antivirus products, the second time in a week a security company has warned of a risk in its software. |
||
WLAN Users Lack Support | ||
14th, February, 2005
Setting up a wireless LAN can be as easy as sticking a plug into an outlet. But even technology-savvy customers are complaining that security can be a hassle due to problems with documentation and support. While industry standards bodies are making strides to ensure that even consumer-level WLAN hardware is effective and secure, the user manuals that come with the hardware continue to leave a lot to be desired. "The biggest challenge is inconsistent nomenclature and presentation of the basic components," said Christopher Bell, a software developer in Los Angeles whose home-office WLAN has included wireless routers from Linksys Inc. and Microsoft Corp. as well as myriad PC brands. |
||
Wi-Fi Alliance to beef up security | ||
14th, February, 2005
Security remains the key issue deterring enterprise users from making major investments in Wi-Fi, despite all the improvements over the past year. Whether real or perceived, the security risks of wireless LANs are still holding deployments back. Conscious of this, the Wi-Fi Alliance is trying to beef up standard security still further. It has already agreed to a dual-layer security approach, with WPA2 (the brand name for the 802.11i standard) supporting advanced functions including AES encryption, while the more basic WPA originally an interim standard en route to 802.11i will be kept for devices that require less stringent security and lower costs, particularly in the consumer space. |
||
Teething problems for wireless LANs | ||
17th, February, 2005
WIRELESS LAN is an emerging trend, but as with most young technologies, it is plagued by insecurities. John Martin, IBM principal security specialist and security practice leader, spends his days advising corporate enterprises on risk management. "The whole end-to-end process must be secure, regardless of the type of industry," he says. |
||
Mesh Networking Soars to New Heights | ||
19th, February, 2005
Mesh Networking and community wireless broadband reached new heights with a world first for Locustworld MeshAP PRO when a Shadow microlight aircraft flew over Lincolnshire UK and successfully tested air to ground mesh networking and voice over broadband. South Witham broadband (Lincolnshire UK) joined forces with Make Me Wireless (Australia) and using LocustWorld MeshAP PRO and Asterisk VoIP equipment, seamlessly created air to ground voice communications at 2000 feet with the 16 node South Witham community broadband network. |
||