LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: April 18th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Diffie: Infrastructure a disaster in the making," "From SATAN to OVAL: The Evolution of Vulnerability Assessment," and "Taking a swipe at two-factor authentication.


DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!

LINUX ADVISORY WATCH - This week packages were released for axel, gftp, wireless-tools, glibc, selinux-policy-targeted, kernel, autofs, GnomeVFS, phpMyAdmin, shorewall, gtk, shareutils, gdk-buf, kdegraphics, dhcp, and gaim. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.

LinuxSecurity.com Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  A federated crypto guy
  14th, April, 2005

WHEN budgets get tight, R&D is often one of the first departments to feel the squeeze. But at RSA Security, vice-president of research Burt Kaliski and his team are considered the heart and soul of the business. RSA puts about 18-20 per cent of its revenue into applied research and standards development at its research centre, RSA Laboratories.

http://www.linuxsecurity.com/content/view/118876

 
  TuxJournal is online!
  11th, April, 2005

The first on-line Italian Magazine is on-line. All the Italian readers can find here a very good source of news and articles about the OpenSource and Technology World. TuxJournal.net

http://www.linuxsecurity.com/content/view/118848
 
  And here's a key to combat hacking
  11th, April, 2005

As we rely more on computers, the potential for hackers to hurt us and destroy our personal records has grown. Corporates and public networks, instead of individuals face the brunt of hackers’ ingenuity. However, there are ways to build unhackable network.

http://www.linuxsecurity.com/content/view/118845

 
  Using a Linux failover router
  13th, April, 2005

Today, it's hard to imagine an organization operating without taking advantage of the vast resources and opportunities that the Internet provides. The Internet's role has become so significant that no organization can afford to have its Net connection going down for too long. Consequently, most organizations have some form of a secondary or backup connection ready (such as a leased line) in case their primary Net connection fails.

http://www.linuxsecurity.com/content/view/118867

 
  Diffie: Infrastructure a disaster in the making
  13th, April, 2005

In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe for one of today's most widely used security algorithms in a paper called "New Directions in Cryptography. The paper mapped out the Diffie-Hellman key exchange, a major advancement in Public Key Infrastructure (PKI) technology that allows for secure online transactions and is used in such popular protocols as the Secure Sockets Layer (SSL) and Secure Shell (SSH). In 2000, they received the prestigious Marconi Foundation award for their contributions.

http://www.linuxsecurity.com/content/view/118868

 
  Network monitoring with Nagios
  14th, April, 2005

How can a system administrator monitor a large number of machines and services to proactively address problems before anyone else suffers from them?

The answer is Nagios.

Nagios is an open source network monitoring tool. It is free, powerful and flexible. It can be tricky to learn and implement, but can reduce enormously the amount of time required to keep track of how your organization's IT infrastructure is performing.

http://www.linuxsecurity.com/content/view/118877

 
  From SATAN to OVAL: The Evolution of Vulnerability Assessment
  15th, April, 2005

With the growing reliance and dependence on our inter-connected world, security vulnerabilities are a real world issue requiring focus and attention. Security vulnerabilities are the path to security breaches and originate from many different areas - incorrectly configured systems, unchanged default passwords, product flaws, or missing security patches to name a few. The comprehensive and accurate identification and remediation of security vulnerabilities is a key requirement to mitigate security risk for enterprises.

http://www.linuxsecurity.com/content/view/118886

 
  Developers Rate Linux More Secure Than Windows In Survey
  14th, April, 2005

A new study addressing security issues finds that software-development managers generally rate Linux as a more secure operating system than Windows. The study, which will be released by the end of the month, was conducted by BZ Research, the research subsidiary of publisher BZ Media LLC. It was not funded by any vendors.

http://www.linuxsecurity.com/content/view/118875

 
  Breaking software easier than you think
  15th, April, 2005

One reason software security vulnerabilities are so tough to fix is because they are so hard to find. Unlike other bugs that become apparent when an application acts up, security holes tend to hide from normal view. And that's just how the hacker underground likes it.

http://www.linuxsecurity.com/content/view/118888

 
  Fortinet in court for hiding Linux in its code
  15th, April, 2005

A German court has granted a preliminary injunction against security firm Fortinet for allegedly violating the general public licence (GPL) and hiding Linux in its code. The ruling could prevent the security appliance vendor from further distributing its products until it complies with the open source licence.

http://www.linuxsecurity.com/content/view/118885

 
  Cisco: Malicious ICMP messages could cause denial of service
  15th, April, 2005

A publicly available document on how to use how the Internet Control Message Protocol (ICMP) to launch denial-of-service attacks has prompted Cisco Systems to issue an advisory outlining a variety of vulnerable products.

http://www.linuxsecurity.com/content/view/118887

 
  Taking a swipe at two-factor authentication
  11th, April, 2005

An essay in an April trade magazine maintains two-factor authentication can't counter emerging threats, and that the industry would be wise to come up with a better solution to the nation's biggest cyberproblem: identity theft.

Most readers of Bruce Schneier's popular blog on security got a sneak preview last month when he posted the essay online under the heading "The Failure of Two-Factor Authentication." It led to a strong response from those who agree the solution has limited appeal and others who argue it works well when done right.

http://www.linuxsecurity.com/content/view/118846

 
  HIPAA Compliance In 30 Days or Less
  12th, April, 2005

HIPAA. We are all sick of the acronym by now, and the April 20 compliance deadline for the Health Insurance Portability and Accountability Act is looming. At the state agency where I work, the information security officer (ISO), who is responsible for HIPAA security rule compliance, has spent the past seven months or so writing policies and procedures. He divided them into two groups: "required" (stuff we have to do) and "addressable" (stuff we'd better be thinking about doing).

http://www.linuxsecurity.com/content/view/118853

 
  Strategic Security
  12th, April, 2005

Christofer Hoff is on a mission. As the director of information security at Western Corporate Federal Credit Union (WesCorp), Hoff has launched an initiative to quantify the benefits of information security spending for business executives at the San Dimas, Calif.-based company.

http://www.linuxsecurity.com/content/view/118854

 
  Linux servers praised for security
  12th, April, 2005

Software development managers rate Linux significantly higher than Windows server products for security, according to the latest research.

Over 6000 software development managers were asked in a survey conducted by BZ Media to rate the security of server operating systems against hacks and exploits. Linux was rated as 'secure' or 'very secure' by 74 percent of respondents, while Microsoft Windows Server was given one of these ratingd by 38 percent of respondents. Thirteen percent of respondents rated Linux as insecure or very insecure, a figure that rose to 58 percent for Windows server products.

http://www.linuxsecurity.com/content/view/118855

 
  The two-edged sword: Legal computer forensics and open source
  12th, April, 2005

Ryan Purita of Totally Connected Security is one of the leading computer forensic experts in private practice in Canada. He is a Certified Information Systems Security Professional, holding one of the most advanced security qualifications in the world. Working for both the prosecution and the defence in legal cases, Purita has also taught computer security to law enforcement agencies, probation officers and social workers, and is currently developing programs for the Justice Institute of British Columbia. Much of his daily work is an extension of a system administrator's activities. A good part of it involves the advanced use of open source tools, including several standard system tools. His work methods offer fresh perspectives on security, privacy issues and the relative merits of Windows and GNU/Linux -- to say nothing of a niche industry where open source is more than holding its own.

http://www.linuxsecurity.com/content/view/118860

 
  First Spam Felony Case Nets 9-Year Jail Term
  11th, April, 2005

A Virginia judge sentenced a spammer to nine years in prison Friday in the nation's first felony prosecution for sending junk e-mail, though the sentence was postponed while the case is appealed.

http://www.linuxsecurity.com/content/view/118847

 
  Universities To Aid U.S. Cybersecurity Effort
  12th, April, 2005

Experts from a consortium of colleges will lead a far-reaching effort to keep the nation's computer data safe from cyberattack, the National Science Foundation announced Monday.

The effort comes after a flurry of security breaches have dramatized the vulnerability of a society that increasingly entrusts its secrets to computers.

http://www.linuxsecurity.com/content/view/118861

 
  Linux programmer wins legal victory
  14th, April, 2005

A Linux programmer reported a new victory in a German court Thursday in enforcing the General Public License, which governs countless projects in the free and open-source software realms.

A Munich district court on Tuesday issued a preliminary injunction barring Fortinet, a maker of multipurpose security devices, from distributing products that include a Linux component called "initrd" that Harald Welte helped write.

http://www.linuxsecurity.com/content/view/118879

 
  LexisNexis Data on 310,000 People Feared Stolen
  12th, April, 2005

Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly 10 times the number found in a data breach announced last month.

An investigation by the firm's Anglo-Dutch parent Reed Elsevier determined that its databases had been fraudulently breached 59 times using stolen passwords, leading to the possible theft of personal information such as addresses and Social Security numbers.

http://www.linuxsecurity.com/content/view/118859

 
  180,000 warned credit-card data exposed
  14th, April, 2005

Data apparently stolen from the popular clothing retailer Polo Ralph Lauren Inc. is forcing banks and credit card issuers to notify thousands of consumers that their credit-card information may have been exposed.

http://www.linuxsecurity.com/content/view/118880

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.