Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: April 25th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Five Linux Security Myths You Can Live Without," "Configurations that keep your Linux System safe from attack," and "Linux Distribution Tames Chaos."

DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!

LINUX ADVISORY WATCH - This week, advisories were released for MySQL, PHP, libexif, gtkhtml, info2www, geneweb, f2c, XFCE, vixie-cron, at, nasm, aspell, urw-fonts, htdig, alsa-lib, curl, HelixPlayer, cvs, foomatic, monkeyd, mplayer, xloadimage, logwatch, kernel, OpenOffice, and PostgreSQL. The distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE. Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Quantum cryptography: Your security holy grail?
  19th, April, 2005

Quantum cryptography – using a private communication channel to lock down the exchange of sensitive data between two points – has to date created much more discussion than it has practical applications.

However, with scientists, researchers and academics already on the case, it could be just five years until the technology hits the mainstream.

  Five Linux Security Myths You Can Live Without
  20th, April, 2005

All distributions are not created equal: Some distros, by default, are very secure; others install with virtually no default security. A good source of independent information on the quality of distro security is, a site that supports the idea that some distros offer better security than others.

  Network Scanner Includes Linux Security Checks
  21st, April, 2005

GFI Software Ltd., recently announced the release of a new version of its network security scanner, GFI LANguard Network Security Scanner (N.S.S.) 6 that can detect all machines and devices connected to the network via a wireless link. It also alerts administrators when suspicious USB devices are connected to the network.

  Can this man save the Net?
  22nd, April, 2005

VeriSign is the world's largest digital certificate authority and is steward of the A and J root servers (two of the 13 computers representing the top of the Internet's hierarchy). With 40 percent of North American e-commerce payments going through its gateways, 100 percent of .com registrars running 15 billion queries a day through its system, and 50 percent of North American cellular roamings going through its servers, VeriSign has a significant role in seeing that the Internet infrastructure runs securely.

  Cybercrime Wars
  20th, April, 2005

In the ethereal world of the Internet, an underground crime war is being silently waged between the cyber-criminals and those trying to stop them. A war that is undermining the interests of corporations and governments worldwide and one that bears no regard for innocent victims. In fact, the victims are purposely targeted, unwittingly press-ganged into becoming foot-soldiers helping to spread spam, attack large companies and unknowingly distribute illegal porn and copyrighted materials. Nowadays, cyber-attacks and automated hacking tools work so fast and efficiently that the enemy is winning. Something needs to be done, as Nick Ray, CEO of Prevx explains.

  Cyber attack early warning center begins pilot project
  21st, April, 2005

A fledgling nonprofit group working to develop an automated cyber-attack early warning system, the Cyber Incident Detection Data Analysis Center (CIDDAC), is about to begin a pilot project to collect data on network intrusions from a group of companies in national-infrastructure industries.

  Configurations that keep your Linux System safe from attack
  20th, April, 2005

In this series of articles, learn how to plan, design, install, configure, and maintain systems running Linux in a secure way. In addition to a theoretical overview of security concepts, installation issues, and potential threats and their exploits, you'll also get practical advice on how to secure and harden a Linux-based system.

  US Government helps Bastille Linux gain assessment functionality
  20th, April, 2005

We've just finished adding a major new mission to Bastille Linux -- it now does hardening assessment! The US Government's TSWG helped us add this functionality. You can read about it in an interview I did with Jay Lyman, of Newsforge.

  The Five Ps of Patch Management
  20th, April, 2005

Security and vulnerability patching has become one of the top concerns for IT managers, but has also left many IT teams fighting a losing battle as the job of patching competes with day-to-day system maintenance and security tasks.

  Microsoft to support Linux
  21st, April, 2005

Microsoft head Steve Ballmer has promised to add Linux support for the first time in one of its products because, he explained, users need to manage heterogeneous networks. Support for the software giant's open-source rival and greatest threat will come in Virtual Server 2005 Service Pack 1, due to ship by the end of the year, Ballmer said as part of his keynote speech at the company’s annual summit.

  Mozilla flaws could allow attacks, data access
  18th, April, 2005

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Details of the nine flaws were published on Mozilla's security Web site over the weekend.

  PHP falls down security hole
  20th, April, 2005

Servers running PHP are vulnerable to a number of serious security exploits, including some which could allow an attacker to execute malicious code, and denial-of-service exploits, according to the PHP Group.

The project has issued updates fixing the bugs, available from the PHP website and directly from various operating system vendors. "All users of PHP are strongly encouraged to upgrade to this release," the PHP Group says in its advisory.

  Linux Distribution Tames Chaos
  19th, April, 2005

Chaos, a Linux distribution developed by Australian Ian Latter, harnesses the unused processing power of networked PCs, creating a distributed supercomputer that can crack passwords at lightning speed. The program remotely boots Linux on a PC without touching the hard drive, leaving the "slave" PC's operating system and data secure and untouched. Thirty PCs connected as a cluster create enough processing power to complete complex mathematical equations or high-level security tasks like password cracking that no individual PC could handle alone.

  Linux receives pat on the back for security
  18th, April, 2005

A recent survey carried out by Evans Data Corporation has revealed that development managers have more faith in Linux as an operating system to guard them against internal attacks than they have in Windows. Over 6,000 development managers were interviewed in the Evans Data Corporation's new Spring 2005 Linux and Development survey. They considered open source software to be more secure with client operating systems; web servers; server operating systems and components and libraries.

  Guidelines for Choosing to Outsource Security Management
  21st, April, 2005

Outsourcing security is not appropriate for every organization. Some organizations will be better served by deploying and running security management and monitoring solutions. Your organization should use Gartner's Decision Framework to determine whether it is a candidate for MSSP services. It is important to be clear about your organization's expectation of a security outsourcing engagement, and to structure a service-level agreement that reflects those expectations.

  Ameritrade Shows Peril of Backup Tapes
  22nd, April, 2005

For the second time this year, a high-profile financial company has lost a backup tape containing customer data while shipping the tape to an off-site storage facility.

Brokerage company Ameritrade has begun warning about 200,000 current and former customers about the loss of a backup tape containing their personal information, officials said this week.

  Retailers feel security heat
  22nd, April, 2005

Following several high-profile incidents of data theft, retailers are under increased pressure to clean up their computer security act.

Leading the effort are MasterCard International and Visa USA, which are giving major retailers until June 30 to comply with a new set of computer security standards aimed at protecting consumer data. Retailers that don't comply with the Payment Card Industry, or PCI, data security standard may face penalties, including fines.

  Tackling identity theft
  18th, April, 2005

The only way to control today's identity theft epidemic is for consumers, Congress and corporate America to team up.

Jim Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C., today told a panel of security experts from eBay, eTrade, RSA Security, Forrester Research and BITS that protecting data is a shared responsibility. "Consumers have to become more perceptive about risks, but companies that use and hold data have a greater responsibility to put procedures and safeguards in place," he said. "Government's responsibility is to make sure this happens and to prosecute the criminals."

  Flash Player Worries Privacy Advocates
  21st, April, 2005

Macromedia's Flash media player is raising concerns among privacy advocates for its little-known ability to store computer users' personal information and assign a unique identifier to their machines.

"A lot of media players come with identifiers embedded in them to track content usage and digital rights management," Chris Hoofnagle, director of the Electronic Privacy Information Center's West Coast office, said. "With respect to Windows Media Player and now the Macromedia player, we're realizing that the media players themselves are creating privacy risks."

  Teenagers struggle with privacy, security issues
  22nd, April, 2005

High-schools students have a message for their parents: Trust us with technology. Security and privacy? We have it covered. A panel of teenagers speaking at the Computers, Freedom and Privacy Conference told attendees on Friday that they are far more in tune with technology than their parents and have come to understand the issues of security and privacy on the Internet largely without any guidance from educators or their parents.

  U.S. Military's Elite Hacker Crew
  18th, April, 2005

The U.S. military has assembled the world's most formidable hacker posse: a super-secret, multimillion-dollar weapons program that may be ready to launch bloodless cyberwar against enemy networks -- from electric grids to telephone nets.

The group's existence was revealed during a U.S. Senate Armed Services Committee hearing last month. Military leaders from U.S. Strategic Command, or Stratcom, disclosed the existence of a unit called the Joint Functional Component Command for Network Warfare, or JFCCNW.

  NY AG Spitzer Targets Hackers
  19th, April, 2005

New York Attorney General Eliot Spitzer has called for tougher penalties on computer criminals. He wants to prosecute people who gain access to computers surreptitiously, but who do not do any harm. The proposed legislation would also make encrypting information a crime if it concealed some other crime.

  Critical Firefox flaws targeted by exploit code
  19th, April, 2005

Here's a wake-up call for those who ditched Internet Explorer for Firefox, believing it's more secure than Microsoft's much-attacked browser:

Proof-of-concept code targeting security holes in Firefox and the Mozilla Suite have started appearing on public mailing lists. An attacker could exploit the flaws to launch malicious code. But users can protect themselves by updating to Firefox 1.0.3 and Mozilla Suite 1.7.7.

  DSW data theft much larger than estimated
  19th, April, 2005

Thieves who accessed a DSW Shoe Warehouse database obtained 1.4 million credit card numbers and the names on those accounts - 10 times more than investigators estimated last month.

DSW Shoe Warehouse said Monday that it has contact information for about half of those people and started sending letters notifying them of the thefts, which happened at 108 stores in 25 states between November and February. A list of the stores is available on the company's Web site.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OpenSSL Mystery Patch is No Heartbleed
Study: One-third of top websites vulnerable or hacked
Threat-sharing cybersecurity bill unveiled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.