Linux Security Week: May 30th 2005

An italian web magazine interviewed Guido Van Rossum, the guru of Python. An interesting interview has been created.

 

The "crypto wars" are finally over - and we've won!

On 25th May 2005, Part I of the Electronic Communications Act 2000 will be torn out of the statute book and shredded, finally removing the risk of the UK Government taking powers to seize encryption keys.

 

news/cryptography/the-crypto-wars-are-over

Scientists have moved one step closer to the "unhackable" network by developing a device that can send single photons in a regular stream over a fiber optic link.

 

news/cryptography/unhackable-network-draws-nearer

Every user whose client connects to the Internet should configure his firewall immediately after installation. Some Linux distributions include firewall configuration as a part of installation, often offering a set of defaults configurations to choose from. However, to ensure that your machine presents the minimum "attack surface" (a measure of the number of vulnerable ports, user accounts, and sockets exposed to attack) to the predatory inhabitants of the Internet, you may need to do some manual configuration of your firewall. Here are three tools that can help.

 

news/firewall/three-tools-to-help-you-configure-iptables

It is with regret that I announce that Shorewall development and support is officially ended.

Unlike the originators of other successful open source projects, I have not been able to attract a core of people who believe in Shorewall and who are willing to make sacrifices to ensure it's success. That is my weakness and I accept it. But is means that I have been left with trying to develop, document, and support Shorewall almost single-handedly. I cannot do it any more.

 

news/firewall/shorewall-lead-developer-quits

Operating system vendors and hardware makers should commit more resources toward systematically auditing Windows and Linux device-driver code for flaws, security researchers say. While buffer overflows, a type of memory flaw that can lead to serious vulnerabilities, are quickly being eradicated in critical applications, the flaws are still easily found in device drivers, said David Maynor, a research engineer for Internet Security Systems' X-Force vulnerability analysis group.

 

A researcher claims that Microsoft and some Linux vendors have put small businesses at risk with their slow reaction to a vulnerability in Intel's hyperthreading chip technology.

 

Remote-controlled "zombie" networks operated by bottom-feeding spammers have become a serious problem that requires more industry action, the Federal Trade Commission is expected to announce on Tuesday.

 

news/network-security/feds-to-fight-the-zombies

Every administrator of a corporate LAN of any size these days has already built strong defenses against hackers and virus attacks. But the viruses and hackers continue to get through. Why?

 

Businesses certainly profit by using high-quality software that is freely available, and unencumbered by restrictive licensing, so they must keep an eye towards its sustainability. That might mean an occasional donation of equipment, funds, employees' time and know-how, whatever it is you have to offer.

 

news/server-security/linux-gains-maturity-in-the-data-center

The facile answer is everywhere. Professional network security managers tend to want to scan at the edges of their networks, and centralize patch management. We amateurs tend to leave it all at the edges, that is, every box we own has security on it. This leaves it up to individual users to manage security programs, making even little children into security managers. It’s not a good solution.

 

Many computer experts agree that computers are less vulnerable to hacking and virus attacks when they run Linux software rather than Microsoft's Windows.

"What is the most important issue for us is, which is the most pragmatic business model for customers?" said Shirish Netke, an executive at Aztec Software in India.

 

It is the hot crime of the 21st century - and YOU are the target. Sophisticated super-hackers are turning identity theft into a multi-billion-dollar criminal enterprise, plundering data about ordinary people from alumni directories, ATM machines, credit cards, tax returns and myriad other sources. The massive scams are costing American businesses and consumers more than $47 billion a year, according to the Federal Trade Commission.

 

It's hard enough to create a new company -- why try to create a new market as well? That’s why we like start-ups that target markets which already exist. In fact, we’ve examined this theme in the last few weeks -- more often than not, start-ups are best served by approaching old problems in new ways. The advantage is obvious: the demand for the products or services is already in place.

 

Speaking at the AusCERT conference in Australia's Gold Coast on Tuesday, Eugene Kaspersky, founder of Kaspersky Labs, said that the influence of organized crime on the malicious software industry has led to a change of tactics. Instead of trying to create viruses and worms that infect as many computers as possible, authors of malicious software are instead trying to infect 5,000 or 10,000 computers at a time to create personalized zombie armies.

 

The public believes that ID cards are the best solution to identity theft and fraud, according to a survey published this week. More than half of those polled (57%) said ID cards were their first or second preferred method to protect themselves against identity theft, the survey of 1,000 people aged 16 to 64 showed. But George Platt, general manager of US voice automation firm Intervoice, which commissioned the UK survey, warned that ID cards would “do nothing