Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: April 11th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "7 Myths About Network Security," " SANS tracking active DNS cache poisonings," and "The Day After: Your First Response To A Security Breach."

DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!

LINUX ADVISORY WATCH - This week, advisories were released for MySQL, samba, ImageMagick, krb5, remstats, wu-ftpd, sharutils, util-linux, words, gaim, e2fsprogs, subversion, ipsec-tools, libexif, htdig, grip, gtk2, tetex, curl, gdk-pixbuf, and XFree86. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE. Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  The Hacker-Proof Network
  5th, April, 2005

In Cambridge, Mass., not too far from the Charles River, which cuts near Harvard and M.I.T., David Pearson is attempting to build an un-hackable network.
  The security risk of hard disk password protection
  4th, April, 2005

In most notebooks the hard disk can be protected against unauthorized access with the aid of a password. Without it the disk, even went inserted into another computer, cannot be made to divulge its data. This security function has meanwhile become a feature of almost all 3.5" ATA hard disks and presents a full-blown security loophole.
  A Couple Points on the "Open Source War"
  8th, April, 2005

I hadn't actually noticed the Security Innovation study comparing the frequency of reported security problems in the Windows and open source web application server stacks. These kinds of surveys and tests are pretty easily manipulated. But since eSchool News has an article on the matter, I might as well weigh in.

If you're interested in this matter at all, you should go straight to the primary source material: the Red Hat and Microsoft security advisories. Your milage may vary, but my scans of the two lists shows a lot of Red Hat fixes that are mostly irrelevant to my simple web server, unless I've given lots of untrustworthy and industriously malicious people shell access to log in to the server. On the other hand, I see lots more references to "remote code execution" on the Microsoft site, which is what I'm really afraid of when I'm exposing a server to the internet.
  Hack Job
  4th, April, 2005

When a hacker broke into the network at George Mason University (VA) earlier this year, IT officials were absolutely powerless to stop him. Within minutes, the hacker compromised the school’s main Windows 2000 server and gained access to information that included names, Social Security numbers, university identification numbers, and even photographs of almost everyone on campus. Next, he poked around for a back door into other GMU servers that store information such as student grades, financial aid, and payroll.
  7 Myths About Network Security
  4th, April, 2005

Hacker tools are growing more sophisticated and automated. Hackers can now quickly adapt to new security vulnerabilities as they are uncovered and distribute the fruits of their exploits more widely with the help of automated toolkits. And they're employing an ever-increasing range of methods to find individuals' and companies' private information and use it to their own advantage.

And yet many of us have a false sense of security about our own data and networks. We install a firewall at the perimeter, put anti-virus and anti-spyware tools on our desktops, and use encryption to send and store data. Microsoft and the big security companies provide ever-improving tools and patches to protect us. Although others who are less careful might be at risk, we're safe, right?
  SANS tracking active DNS cache poisonings
  6th, April, 2005

Around 22:30 GMT on March 3, 2005 the SANS Internet Storm Center began receiving reports from multiple sites about DNS cache poisoning attacks that were redirecting users to websites hosting malware. As the "Handler on Duty" for March 4, I began investigating the incident over the course of the following hours and days. This report is intended to provide useful details about this incident to the community.

The initial reports showed solid evidence of DNS cache poisoning, but there also seemed to be a spyware/adware/malware component at work. After complete analysis, the attack involved several different technologies: dynamic DNS, DNS cache poisoning, a bug in Symantec firewall/gateway products, default settings on Windows NT4/2000, spyware/adware, and a compromise of at least 5 UNIX webservers. We received information the attack may have started as early as Feb. 22, 2005 but probably only affected a small number of people.
  DNSSEC: What Is It Good For?
  7th, April, 2005

DNSSEC, which stands for DNS Security Extensions, is a method by which DNS servers can verify that DNS data is coming from the correct place, and that the response is unadulterated. In this article we will discuss what DNSSEC can and cannot do, and then show a simple ISC Bind 9.3.x configuration example.
  DNS cache poisoning update
  8th, April, 2005

The InfoCon is currently set at yellow in response to the DNS cache poisoning issues that we have been reporting on for the last several days. We originally went to yellow because we were uncertain of the mechanisms that allowed seemingly "secure" systems to be vulnerable to this issue. Now that we have a better handle on the mechanisms, WE WANT TO GET THE ATTENTION OF ISPs AND ANY OTHERS WHO RUN DNS SERVERS THAT MAY ACT AS FORWARDS FOR DOWNSTREAM Microsoft DNS SYSTEMS. If you are running BIND, please consider updating to Version 9.
  Anatomy of an Attack: The Five Ps
  4th, April, 2005

In a meeting with an engineer (Jonathan Hogue) from a security company called Okena (recently acquired by Cisco), I was introduced to the concept of the five Ps. Hogue graciously gave me the presentation slide and I use it all the time. There are a lot of models of how an attack progresses, but this is the best I've seen. These five steps follow an attack's progression whether the attack is sourced from a person or an automated worm or script. We will concentrate on the Probe and Penetrate phases here, since these are the stages that Snort monitors. Hopefully, the attacker won't get past these phases without being noticed. The five Ps are Probe, Penetrate, Persist, Propagate, and Paralyze.
  To catch a thief?
  8th, April, 2005

When we turn our minds to matters of e-security, our first thoughts tend to be about defenses such as firewalls and intrusion detection. And rightly so. After all, there is much wisdom in the pursuit of prevention before cure. But, what happens when our defenses are breached? How should we respond to such an incident?
  Red Hat Patches Security Flaw
  5th, April, 2005

Enterprise Linux users should update their installations of XFree86 to remedy several security holes, some of which could allow attackers to take over a system. According to an advisory released by Red Hat affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3.
  Linux still seen as most secure
  7th, April, 2005

Microsoft's efforts to improve the security of Windows have paid off, leading to significant improvements in patch management and other areas, according to executives from North American companies surveyed by Yankee Group. The Linux-Windows 2005 TCO Comparison Survey, to be published in full in June, is based on responses from 509 companies of all sizes in markets such as healthcare, academia, financial services, legal, media, retail and government, Yankee Group said this week.
  Red Hat patches critical hole
  4th, April, 2005

Red Hat is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system.

The affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory.
  Flaw found in Firefox
  7th, April, 2005

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.
  Firefox Flaw Publicity Good for Open Source
  6th, April, 2005

Publicity surrounding the JavaScript flaw shows “the open source system is working,? said Greg Minchak, an analyst with the Open Source Industry Alliance. “The open source community swarms to a problem the moment it’s made known.?
  The Day After: Your First Response To A Security Breach
  4th, April, 2005

The security incident is over. The techs have all gone home and are snug in their beds, dreaming of flawless code trees and buffer-overflow repellent. Upper management has done all the damage control they can. Everyone's shifting back into their normal activities and schedules. Everyone, that is, except you. What can you do to prevent this from ever happening again?
  Sued for finding security flaws?
  5th, April, 2005

In late March we mentioned that Sybase were making threats against a security company about disclosure of security flaws they found in Sybase code and a French company that took a security researcher to court and had him fined 5000 Euro. Going from this Register story, it looks like Sybase and NGSSoftware are going to settle their dispute amicably, but it really does bring into view a point that many in the Open Source community have been trying to make known for ages.
  Security top reason IT pros consider Linux
  5th, April, 2005

Security concerns are the main reason IT managers consider switching from Windows to Linux on the desktop - but the cost of migration and compatibility issues remain significant barriers, according to a new study.

Concerns about Windows security vulnerabilities and the high cost of keeping Windows secure were named as the top motivations for moving away from Microsoft's ubiquitous operating system in the online survey of nearly 1,700 IT professionals by analyst house Quocirca.
  U.S. government agencies turn to Linux
  7th, April, 2005

As government agencies are being forced to do more with a smaller budget more agencies are turning to the open source movement for a solution.In Mississippi three counties and 30 agencies formed a jail management system to pool all law enforcement and homeland security forces together using Linux.
  Phishers spread net for smaller prey
  4th, April, 2005

Phishers are moving away from big banking institutions and heading for smaller targets, according to the Anti-Phishing Working Group (APWG).

In its study of phishing activity in February the group found that, while four out of five attacks were still on six major banks, the number of smaller organisations being targeted is rising fast.
  Mobile-proofing your network
  4th, April, 2005

A stolen laptop made public last week by the University of California, Berkeley contained unencrypted personal data on nearly 100,000 graduate students and applicants and is just the latest case to underscore the need for increased protection of personal information.
  How 20% effort can get you 80% security
  6th, April, 2005

To manage risk, maintain razor-sharp security architecture and still enjoy a peaceful night's sleep, security professionals at this week's InfoSec World conference offered this advice: Know your limits, speak the boss's language and embrace change. It also wouldn't hurt to learn the 80/20 principle -- the theory of 19th-century economist-mathematician Vilfredo Pareto that 20% of what you do makes 80% of the difference.
  Using Intrusion Detection Systems To Keep Your WLAN Safe
  6th, April, 2005

Wireless LANs utilize radio waves for transporting information, which results in security vulnerabilities that justifiably worry network managers. To assuage those worries, most companies implement authentication and encryption to harden security.

However, WLANs have a whole host of other vulnerabilities that can be more difficult to completely smother such as illicit monitoring, unauthorized access, and denial of service (DoS) attacks. For example, someone using a wireless sniffer, such as the freely-available NetStumbler, can easily monitor wireless traffic for fun or malicious intent while sitting in their car next to your office building.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.