Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: May 9th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Why Snort makes IDS worth the time and effort," "Five Linux Security Myths You Can Live Without," and "Backups tapes a backdoor for identity thieves."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, perhaps the most interesting articles include ethereal, prozilla, smartlist, kdewebdev, wireless-tools, gimp, bootparamd, tcpdump, kdelibs, vte, php, words, util-linux, lapack, gnuutils, and glibc. The distributors include Conectiva, Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Review: Deep Inspection Firewalls
  6th, May, 2005

If it were on public display, this portion of our Firewall Blowout would be the geek equivalent of the Chicago Auto Show. Our Chicago Neohapsis partner labs focused on the muscle cars: enterprise-class, gigabit-capable network firewall appliances and turnkey systems that support high-availability stateful failover, VPNs and centralized management as well as DI (deep inspection), which we define as having the ability not only to perform stateful packet filtering, but also to inspect packet payloads higher up the OSI model using specific attack signatures and Layer 7 protocol engines.
  In praise of Gentoo
  2nd, May, 2005

On the server end, you get the best release schedule in the business for security updates and bug fixes. On the desktop, you get the latest and greatest packages (if you enable 'beta' packages to be used) like KDE 3.4 (which I'm running), with awesome openGL support, and a nicely compiled nvidia driver. Wonderful. Absolutely wonderful.
  From Operating System to Application: Web Survey Looks at Malware Trends
  5th, May, 2005

"Two years ago, this list was dominated completely by weaknesses in operating systems," said SANS Institute Director of Research Alan Paller. "Now we're seeing more and more vulnerabilities in applications being exploited." The data also reveal that, for the first time, some security Latest News about Security and anti-virus software is vulnerable to hackers, creating a dangerous high-level backdoor into users' systems.
  Report: IT shops lax about logging
  3rd, May, 2005

If a new report from the SANS Institute is any indication, enterprises are jeopardizing security by taking a sloppy approach to log keeping. As a result, the report recommends some companies abandon home-grown logging systems in favor of commercial tools or simply outsource the task.
  Why Snort makes IDS worth the time and effort
  5th, May, 2005

The decision of whether to implement an intrusion-detection system (IDS) is a complicated one. Unfortunately, IDS has a well-deserved reputation for requiring a lot of "care and feeding" and commercial systems can be very expensive. However, there is an enterprise-grade open source IDS called Snort that may tip the scales over to a "can't lose" position.
  BlueCat Networks Previews its Proteus Enterprise IP Address Management
  3rd, May, 2005

Networks, Inc., a leading provider of simple, secure and affordable network security appliances, today announced that it is previewing Proteus, its new enterprise class Internet protocol (IP) Address Management (IPAM) system at Networld+Interop in booth # 1124. Proteus, the first dedicated IPAM appliance of its kind, is a self-managed, turnkey design and management tool created to help enterprises design, deploy and manage their IP-based networks. Its unique design combines the features of an enterprise class IPAM software application with the security and manageability of a network appliance.
  Linux Labs International consolidates SELinux with Bproc
  6th, May, 2005

Linux Labs International, Inc. ( LLII ), the world leader in Linux-based clustered supercomputer engineering, announced today a key milestone for security in supercomputing technology. With today's release of Nimbus 4.0, its out-of-the-box Linux cluster distribution, the leading Single System Image cluster architecture ( bproc ) is now seamlessly integrated with SELinux, the Security Enhanced Linux platform ( SELinux ).
  Backups tapes a backdoor for identity thieves
  2nd, May, 2005

Large companies are reconsidering their security and backup policies after a handful of financial and information-technology companies have admitted that tapes holding unencrypted customer data have gone missing.

Last week, trading firm Ameritrade acknowledged that the company that handles its backup data had lost a tape containing information on about 200,000 customers. The financial firm is now revising its backup policies and, in the interim, has halted all movement of backup tapes, a spokesperson said this week.
  Netcraft Phishing Site Feed Available
  2nd, May, 2005

Netcraft launched an anti-phishing system at the start of 2005: people install a toolbar and effectively become part of a giant neighbourhood watch system whereby the most experienced members of the community can report phishing sites and effectively block them for the rest of the community.

Some 5,400 unique phishing sites have been detected and blocked to date [late April 2005] and the community has been widely featured in the media from the Washington Post & Wall St. Journal through to Slashdot.
  Infosecurity Europe 2005 Interviews
  3rd, May, 2005 recently recorded a series of interviews with attendees at ‘Infosecurity Europe 2005’, “Europe's number one, dedicated Information Security event?. Those interviewed include representatives from eEye Digital Security, Zone-H, Forensic Computing Ltd, British Computing Society, and a reformed serial website defacer. They are downloadable in MP3 or OGG Vorbis format [22 minutes].
  China's largest bank switches to Linux
  3rd, May, 2005

The Industrial Commercial Bank of China (ICBC) has decided to switch its servers to the Linux operating system after signing an agreement with Turbolinux. The deal marks the largest Linux deployment in China; ICBC has $640bn in total assets and over 20,000 branch offices across the country. Claude Zhou, general manager for Turbolinux China, said that stability, security and flexibility were key factors in the bank's choice.
  Moving IT management to a new paradigm
  4th, May, 2005

IT management software ranges from hundreds of point solutions to huge integrated bundles for high-end enterprises. Aiming for a target in between is Robert Fanini, co-founder and CEO of GroundWork Open Source Solutions Inc., a startup in Emeryville, Calif., that has built its simple, low-priced IT management package on open source code. In this interview, Fanini explains how open source will open the eyes of now-doubting chief information officers (CIOs).
  Is VoIP Service the Next Big Target for Hackers?
  5th, May, 2005

Internet telephone service's appeal as a cutting-edge technology for cutting phone costs is convincing more and more people to ditch their landlines and go hi-tech with Voice over Internet Protocol.

VoIP companies like Vonage are growing rapidly, with their promise of nifty new features and lower monthly phone bills. Vonage, one of many Internet telephone service providers, says that about 1500 people sign up for its service alone per month. But some computer security experts say that, just as with wireless networking, VoIP's rapid-fire adoption will be closely followed by revelations of security vulnerabilities and electronic attacks.
  Five Linux Security Myths You Can Live Without
  6th, May, 2005

Before I wrote this article, I went to some Linux newsgroups to find out what typical concerns among security-conscious Linux users might be. I asked, simply, what they felt were the biggest myths surrounding Linux security. Boy, did I get an earful! It was as if I had gored someone's pet ox. When I asked about the most common misperceptions of Linux security, I wasn't implying that Linux is any worse, or any better, than other operating systems. There are few "religions," however, with followers as zealous as those of Linux. As with any religion, you can't make zealots question the perfection of their belief systems.
  Sober Hasn't Slowed, Still Accounts For Four Of Five Worms And Viruses
  6th, May, 2005

Sober.p, the worm that stormed the Internet Monday, showed no signs of fading away as of Thursday morning, an anti-virus vendor said.

"It's had quite the impact," said Graham Cluley, a senior technology consultant with Sophos. "Although it's not on the level of a really major worm, like Sobig of last year, Sober is the biggest we've seen so far this year."
  Business inaction could lead to data privacy laws
  2nd, May, 2005

U.S. businesses for years have urged the government to let them set computer-security standards of their own, but their inability to do so could now prompt Congress to step in, experts say.

Those who worry that regulation may stifle innovation say the business community may have already missed an opportunity to prove the government's help is not needed.
  House subcommittee elevates cybersecurity position
  6th, May, 2005

A bill that would create a high-level cybersecurity official in the U.S. Department of Homeland Security (DHS) was approved Wednesday by a House of Representatives subcommittee.
  How a Bookmaker and a Whiz Kid Took On an Extortionist — and Won
  3rd, May, 2005

The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to will be under attack each weekend for the next 20 weeks, or until you close your doors."
  Hackers Widen Their Attacks
  4th, May, 2005

Hackers continue to develop new ways to infiltrate computer systems, staying one step ahead of software providers by targeting an array of applications, according to a recent report from the SANS Institute Latest News about SANS Institute. Some 600 new Internet security Latest News about Security vulnerabilities were found by SANS during the first quarter of 2005, a 20 percent increase over the same period last year. The surge indicates a continuous assault by individuals aiming to cash in on software vulnerabilities.
  Spying on the spyware makers
  5th, May, 2005

The 25-year-old researcher has spent years analyzing how spyware and adware programs work and publicizing his findings. That often results in red faces and, occasionally, lawsuit threats from companies like WhenU and Claria, formerly known as Gator. When testing spyware and adware, Edelman isn't about to sacrifice his own Windows XP computer. So he uses the VMware utility to create a virtual Windows box.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.