DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!
LINUX ADVISORY WATCH - This week, advisories were released for MySQL, PHP, libexif, gtkhtml, info2www, geneweb, f2c, XFCE, vixie-cron, at, nasm, aspell, urw-fonts, htdig, alsa-lib, curl, HelixPlayer, cvs, foomatic, monkeyd, mplayer, xloadimage, logwatch, kernel, OpenOffice, and PostgreSQL. The distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.
LinuxSecurity.com Feature Extras:
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Quantum cryptography: Your security holy grail? | ||
19th, April, 2005
Quantum cryptography – using a private communication channel to lock down the exchange of sensitive data between two points – has to date created much more discussion than it has practical applications. |
||
Five Linux Security Myths You Can Live Without | ||
20th, April, 2005
All distributions are not created equal: Some distros, by default, are very secure; others install with virtually no default security. A good source of independent information on the quality of distro security is https://distrowatch.com/, a site that supports the idea that some distros offer better security than others. |
||
Network Scanner Includes Linux Security Checks | ||
21st, April, 2005
GFI Software Ltd., recently announced the release of a new version of its network security scanner, GFI LANguard Network Security Scanner (N.S.S.) 6 that can detect all machines and devices connected to the network via a wireless link. It also alerts administrators when suspicious USB devices are connected to the network. |
||
Can this man save the Net? | ||
22nd, April, 2005
VeriSign is the world's largest digital certificate authority and is steward of the A and J root servers (two of the 13 computers representing the top of the Internet's hierarchy). With 40 percent of North American e-commerce payments going through its gateways, 100 percent of .com registrars running 15 billion queries a day through its system, and 50 percent of North American cellular roamings going through its servers, VeriSign has a significant role in seeing that the Internet infrastructure runs securely. |
||
Cybercrime Wars | ||
20th, April, 2005
In the ethereal world of the Internet, an underground crime war is being silently waged between the cyber-criminals and those trying to stop them. A war that is undermining the interests of corporations and governments worldwide and one that bears no regard for innocent victims. In fact, the victims are purposely targeted, unwittingly press-ganged into becoming foot-soldiers helping to spread spam, attack large companies and unknowingly distribute illegal porn and copyrighted materials. Nowadays, cyber-attacks and automated hacking tools work so fast and efficiently that the enemy is winning. Something needs to be done, as Nick Ray, CEO of Prevx explains. |
||
Cyber attack early warning center begins pilot project | ||
21st, April, 2005
A fledgling nonprofit group working to develop an automated cyber-attack early warning system, the Cyber Incident Detection Data Analysis Center (CIDDAC), is about to begin a pilot project to collect data on network intrusions from a group of companies in national-infrastructure industries. |
||
Configurations that keep your Linux System safe from attack | ||
20th, April, 2005
In this series of articles, learn how to plan, design, install, configure, and maintain systems running Linux in a secure way. In addition to a theoretical overview of security concepts, installation issues, and potential threats and their exploits, you'll also get practical advice on how to secure and harden a Linux-based system. |
||
US Government helps Bastille Linux gain assessment functionality | ||
20th, April, 2005
We've just finished adding a major new mission to Bastille Linux -- it now does hardening assessment! The US Government's TSWG helped us add this functionality. You can read about it in an interview I did with Jay Lyman, of Newsforge. |
||
The Five Ps of Patch Management | ||
20th, April, 2005
Security and vulnerability patching has become one of the top concerns for IT managers, but has also left many IT teams fighting a losing battle as the job of patching competes with day-to-day system maintenance and security tasks. |
||
Microsoft to support Linux | ||
21st, April, 2005
Microsoft head Steve Ballmer has promised to add Linux support for the first time in one of its products because, he explained, users need to manage heterogeneous networks. Support for the software giant's open-source rival and greatest threat will come in Virtual Server 2005 Service Pack 1, due to ship by the end of the year, Ballmer said as part of his keynote speech at the company’s annual summit. |
||
Mozilla flaws could allow attacks, data access | ||
18th, April, 2005
Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser. |
||
PHP falls down security hole | ||
20th, April, 2005
Servers running PHP are vulnerable to a number of serious security exploits, including some which could allow an attacker to execute malicious code, and denial-of-service exploits, according to the PHP Group. |
||
Linux Distribution Tames Chaos | ||
19th, April, 2005
Chaos, a Linux distribution developed by Australian Ian Latter, harnesses the unused processing power of networked PCs, creating a distributed supercomputer that can crack passwords at lightning speed. The program remotely boots Linux on a PC without touching the hard drive, leaving the "slave" PC's operating system and data secure and untouched. Thirty PCs connected as a cluster create enough processing power to complete complex mathematical equations or high-level security tasks like password cracking that no individual PC could handle alone. |
||
Linux receives pat on the back for security | ||
18th, April, 2005
A recent survey carried out by Evans Data Corporation has revealed that development managers have more faith in Linux as an operating system to guard them against internal attacks than they have in Windows. Over 6,000 development managers were interviewed in the Evans Data Corporation's new Spring 2005 Linux and Development survey. They considered open source software to be more secure with client operating systems; web servers; server operating systems and components and libraries. |
||
Guidelines for Choosing to Outsource Security Management | ||
21st, April, 2005
Outsourcing security is not appropriate for every organization. Some organizations will be better served by deploying and running security management and monitoring solutions. Your organization should use Gartner's Decision Framework to determine whether it is a candidate for MSSP services. It is important to be clear about your organization's expectation of a security outsourcing engagement, and to structure a service-level agreement that reflects those expectations. |
||
Ameritrade Shows Peril of Backup Tapes | ||
22nd, April, 2005
For the second time this year, a high-profile financial company has lost a backup tape containing customer data while shipping the tape to an off-site storage facility. |
||
Retailers feel security heat | ||
22nd, April, 2005
Following several high-profile incidents of data theft, retailers are under increased pressure to clean up their computer security act. |
||
Tackling identity theft | ||
18th, April, 2005
The only way to control today's identity theft epidemic is for consumers, Congress and corporate America to team up. |
||
Flash Player Worries Privacy Advocates | ||
21st, April, 2005
Macromedia's Flash media player is raising concerns among privacy advocates for its little-known ability to store computer users' personal information and assign a unique identifier to their machines. |
||
Teenagers struggle with privacy, security issues | ||
22nd, April, 2005
High-schools students have a message for their parents: Trust us with technology. Security and privacy? We have it covered. A panel of teenagers speaking at the Computers, Freedom and Privacy Conference told attendees on Friday that they are far more in tune with technology than their parents and have come to understand the issues of security and privacy on the Internet largely without any guidance from educators or their parents. |
||
U.S. Military's Elite Hacker Crew | ||
18th, April, 2005
The U.S. military has assembled the world's most formidable hacker posse: a super-secret, multimillion-dollar weapons program that may be ready to launch bloodless cyberwar against enemy networks -- from electric grids to telephone nets. |
||
NY AG Spitzer Targets Hackers | ||
19th, April, 2005
New York Attorney General Eliot Spitzer has called for tougher penalties on computer criminals. He wants to prosecute people who gain access to computers surreptitiously, but who do not do any harm. The proposed legislation would also make encrypting information a crime if it concealed some other crime. |
||
Critical Firefox flaws targeted by exploit code | ||
19th, April, 2005
Here's a wake-up call for those who ditched Internet Explorer for Firefox, believing it's more secure than Microsoft's much-attacked browser: |
||
DSW data theft much larger than estimated | ||
19th, April, 2005
Thieves who accessed a DSW Shoe Warehouse database obtained 1.4 million credit card numbers and the names on those accounts - 10 times more than investigators estimated last month. |
||