Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Advisory Watch: April 4th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "The Corporate Security Sourcebook for Today's Global Economy," "The demise of traditional perimeter defences," and "Why Due Diligence as a Defense is Not Enough."
DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!

LINUX ADVISORY WATCH - This week, advisories were released for ethereal, kernel, netkit-telnet, mc, mailreader, samba, mozilla, lsof, thunderbird, epiphany, devhelp, spamassassin, slypheed, krb5, xorg, telnet, foomatic, squid, ImageMagick, gdk, mpg321, ipsec-tools, htdig, grip, mysql, XFree86, and MySQL. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE. Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Mapping Security: The Corporate Security Sourcebook for Today's Global Economy
  31st, March, 2005

Security in any enterprise should extend beyond just information technology to become an integral part of the organization's overall strategic plan. This concept is explored in great detail by the book, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy. In this download of Chapter 3, Establishing Your Coordinates, authors Tom Patterson and Scott Gleeson Blue explain why organizations need to forget the traditional notions of risk. Enterprises should identify and measure weaknesses in all areas of the organization before starting any strategic planning. This download shows you where to look for weaknesses and how to begin that process.
  Guardian Digital Announces New Firewall Product
  1st, April, 2005

Guardian Digital, Inc., a leader in open source security products, today announced the release of a new firewall product that will revolutionize internet security as we know it, forever.

Guardian Digital CEO Dave Wreski explains, "Our new product works differently from most other firewalls on the market, which can possibly allow dangerous packets into protected networks. Our technical wizards realized that all virus, worm, and malware authors use dangerous 'zeroes' in their binary code, therefore our new firewall product blocks all 'zeroes' while allowing the friendly, useful 'ones' through."
  Learn how to beef up Web application security
  30th, March, 2005

When embracing a defense-in-depth strategy for your organization's systems, setting up a secure network boundary and applying best business practices to your internal clients is a great start. But the work doesn't stop there. One area that organizations often overlook is application security for Web-enabled applications. In fact, some of the recent, highly publicized thefts of private information occurred due to poor application design and implementation.
  ISPs join to 'fingerprint' Internet attacks
  28th, March, 2005

Leading global telecommunications companies, ISPs, and network operators will begin sharing information on Internet attacks as members of a new group called the "Fingerprint Sharing Alliance," according to a published statement from the new group.
  31st, March, 2005

Network security specialist SmoothWall Limited, is today previewing its new Advanced Firewall, aimed at enterprise customers and organisations with demanding security requirements. Like its existing Corporate firewall for medium sized organisations, Advanced Firewall is based on open source technology, enabling SmoothWall to provide sophisticated enterprise class features at prices starting from £950.
  Spammer, ID Yourself
  29th, March, 2005

IBM last week introduced technology called FairUCE, for Fair Use of Unsolicited Commercial E-mail, that blocks spam by trying to ID the sender's Internet domain rather than evaluating message content.
  The demise of traditional perimeter defences
  30th, March, 2005

There is a classic moment during the battle for Helm’s Deep in the epic film, Lord of the Rings, the Two Towers, when King Theoden stands atop the supposedly impregnable city. Rain sodden, he surveys the massed ranks of Saruman’s armies and defiantly shouts ‘Is this all you’ve got?’ A few fateful minutes, and a well placed explosive, later his confidence is shattered and replaced with fear as he realises that his fortress has been penetrated.

Whilst this may have been a marvellous piece of celluloid drama, this scene could have been replicated in the IT departments of many enterprises throughout 2004. Replace Helm’s Deep with firewalls and the Orcs with trojans and viruses and you’ll soon appreciate the similarities.
  Securing your online privacy with Tor
  31st, March, 2005

You may never think about it, but many of your online activities may be monitored and analyzed. Advertising companies, government agencies, and private users can use traffic analysis to gather information about which Web sites and pages you visit, what newsgroups you read, and whom you talk to on IRC. While there is no need to be paranoid (or is there???), you can keep your online communication private. The Tor project can help you with that.
  Tips for when hackers strike
  28th, March, 2005

The nightmare started when I returned to my office to discover 17 missed calls on my cell phone. A moment later, the phone rang again. A frantic customer complained of "eyes" on his Web site. I visit the site, and, lo and behold, discovered it proclaiming being "owned" by a hacking group. Upon further investigation, I discovered all the other Web sites on the Debian-based server had been defaced.
  When will open source security grow up?
  29th, March, 2005

There are great open source products for nearly every purpose. But I have yet to find many in the security field. Most seem hand-written, based on books like the O’Reilly Secure Progrmaming Cookbook. Maybe I’m not looking hard enough. If I’m not, please point to your favorite open source security in TalkBack.
  Asset Management
  28th, March, 2005

How to fully utilise the resources at one’s disposal is one of the major dilemmas facing enterprises not only in the Middle East, but also around the globe. Increased efficiency results in costs savings and allows enterprises to focus attention to grander plans. Rashed AlOthman, senior vice president of IT services and control at Riyad Bank, has a simple mantra: The less complex a system an enterprise has, the fewer resources it is going to utilise.
  Security: getting proactive about it
  28th, March, 2005

The growth of the Indian security solutions market exceeded the expectations of most analysts last year. This momentum is expected to continue in 2005 as security war chests are expected to be opened wide this year. Analysts from Frost & Sullivan say that the growth of the network security market in India will exceed the projected growth rate of 32.4 percent in 2005. The IT and BPO industry will be the biggest consumers of security solutions.
  Compliance Fuels Security, Systems Acquisitions
  29th, March, 2005

Compliance requirements are fueling convergence between systems management and security markets, highlighted by several acquisitions over the last few years, experts said. Last Wednesday, Altiris agreed to acquire Pedestal Software for threat management for $65 million. BMC filled an important gap in an existing identity management product line by buying OpenNetwork for $18 million. Novell shored up its resource management and IT asset management suite by moving in on Tally Systems for an undisclosed sum.
  Take the initiative on security certification to meet the demands of corporate partners
  29th, March, 2005

Multinational companies invest a lot of money in IT security and increasingly expect smaller partners and suppliers to demonstrate the same level of commitment. IT security experts speaking at the RSA Security Conference last month predicted that large companies would in the future specify minimum security standards in contracts before doing business with their suppliers.
  VoIP Security Alliance Gets to Work
  29th, March, 2005

A consortium of companies focused on Voice over Internet Protocol (VoIP) Security is taking the first steps toward finding common ground in an emerging market and is boosting its presence by adding to the membership ranks.
  Why Due Diligence as a Defense is Not Enough
  29th, March, 2005

Corporate executives love two words, “Due Diligence?. Unfortunately, this is only half of the required formula for meeting the requirements under “Standard of Care?. It is startling when such a large percentage of these executives fail to grasp the concept and legal liability imposed under “Due Care?. Due care is the second half of the formula and equally as important. For without it, the standard of care can not be measured. Performing Due Diligence shows you where your risks lie, due care is exercising the requirements discovered under due diligence to protect or mitigate exposure from those risks.
  Phishers Target Yahoo Messenger
  29th, March, 2005

While most e-mail users are on guard against viruses, they are far too casual about instant messages, says Sophos security analyst Greg Mastoras. "Virus writers like to exploit low-hanging fruit, and IM is a low-hanging fruit."
  'Serious' security holes in Kerberos Telnet client
  29th, March, 2005

Attackers could exploit two "serious" security holes in the Telnet program supplied with MIT Kerberos 5 to cause a buffer overflow and launch malicious code, the Massachusetts Institute of Technology's (MIT) Kerberos Team warned in an advisory.
  Phishers spread net for smaller prey
  30th, March, 2005

Phishers are moving away from big banking institutions and heading for smaller targets, according to the Anti-Phishing Working Group (APWG).

In its study of phishing activity in February the group found that, while four out of five attacks were still on six major banks, the number of smaller organisations being targeted is rising fast.
  March's Bug Story: Old Worms Maintain Grip
  1st, April, 2005

Older worms and viruses continued to dominate March's list of Top 10 baddest apples, said security firms Thursday, in part because users don't update their anti-virus defenses, but also because 2005's entries have been too weak to unseat the old guard.

According to the list produced monthly by Sophos, the Zafi.d worm led the Top 10 for March by accounting for 45.1 percent of all the malicious traffic the U.K.-based security vendor monitored. Netsky.p came in second with 21 percent of the month's total. Rounding out the top 10 were Zafi.b, Sober.k, Netsky.d, Netsky.z, Netsky.b, MyDoom.o, Netsky.c, and Netsky.q.
  The 10 Worst Security Practices
  28th, March, 2005

Security specialists are constantly on the lookout for proven methods we can replicate to keep our networks and data safe. Independent consultants provide an outsider's perspective and carry with them the aggregate experience of helping hundreds of clients. But not every practice consultants see in the field is a good one--in fact, they encounter some stunningly bad ideas. Because sometimes one whopper of a mistake can be more instructive than a binder's worth of best practices, we interviewed more than a dozen security consultants to arrive at our 10 worst practices list. See which ones apply to you, then check our links for advice on how to do things better.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.