LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: June 6th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "An Introduction to Securing Linux with Apache, ProFTPd and Samba," "Employee Training & Education Can Mitigate Threats," and "Lack of Confidence in IT Security Industry."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for qpopper, openssl, php4, bzip2, ImageMagick, bind, netpbm, gxine, imap4d, elfutils, gnutls, and postgresql. The distributors include Debian, Fedora, Gentoo, and Red Hat.

LinuxSecurity.com Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  What is the point of encryption if you don’t know who for?
  30th, May, 2005

Dr. Walter, Head of Cryptography for Comodo Inc. and chair of the Trusted Computing Group (TCG) Peripheral Working Group, has clarified the relationship between encryption and authentication. The blurred definition to date has split the Certificate Authority industry into two groups. Authorities such as Comodo and VeriSign compete head to head, to deliver high assurance digital certificates whilst other groups concentrate on the low assurance market.

http://www.linuxsecurity.com/content/view/119220
 
  Sentry CD - A different firewall approach
  30th, May, 2005

If you want to set up a Linux-based firewall, there's no need to run a bloated distribution that installs everything but the kitchen sink. If you are not afraid to get your hands dirty, and like having total control over your system, then Sentry Firewall CD (SFCD) is just what you need. It is a highly configurable, bootable CD that takes a minimalist approach to firewalling.

http://www.linuxsecurity.com/content/view/119221
 
  Many unaware of browser-security link
  1st, June, 2005

Many American online computer users are unaware that choice of browser affects Internet security, and few switch browsers even when they know the risk, a Norwegian study said Monday.

http://www.linuxsecurity.com/content/view/119226
 
  Network Security to Take Top Spot
  1st, June, 2005

Criminals aren't the only ones benefiting from the onslaught of threats that bombard corporate networks. Security vendors are also reaping the benefits.

According to Infonetics Research, worldwide security appliance and software revenue is forecast to hit $6.5 billion by 2008.

http://www.linuxsecurity.com/content/view/119234
 
  Zombie machines used in 'brutal' SSH attacks
  2nd, June, 2005

It's a tedious activity that can put the best of IT administrators to sleep. But as security and compliance manager for a large U.S. healthcare organization, Adam Nunn has learned to study his network activity logs religiously. He knows that when the bad guys work overtime to break his defenses, those logs can be the first sign of trouble.

He had a more relaxed approach to log checking at home. But one day he had a look and was alarmed to find that more than 1,000 brute force attacks had been targeting his personal Web server for a month.

http://www.linuxsecurity.com/content/view/119238
 
  An Introduction to Securing Linux with Apache, ProFTPd and Samba
  2nd, June, 2005

While the vast majority of Linux users are hard-core techies, some may be using Linux because they want to try something new, are interested in the technology, or simply cannot afford or do not want to use Microsoft Windows.

http://www.linuxsecurity.com/content/view/119236
 
  Review: FreeBSD 5.4
  1st, June, 2005

One of the oldest Unix-like operating systems, FreeBSD, continues its advancement with the sixth release in the FreeBSD-5 series. Its developers have added nothing major, but have made many modifications, fixing a number of problems introduced in previous releases. FreeBSD 5.4 is the best release since 5.1, but it still may not be ready for prime time.

http://www.linuxsecurity.com/content/view/119225
 
  A good morning with: Theo de Raadt
  2nd, June, 2005

Everybody know that you're the OpenBSD and OpenSSH GURU and creator, one of most famous and used secure operating system nowaday. Why you created them? What did you need many years ago from os world when you created OpenBSD? What inspired you to write from scratch OpenBSD and OpenSSH? Read Full Text

http://www.linuxsecurity.com/content/view/119235
 
  Employee Training & Education Can Mitigate Threats
  31st, May, 2005

“Many Internet threats are easily avoidable and just executed by employees who are simply unaware of their presence. Once briefed on basic Internet security, it is equally important to keep your employees educated as well. When new threats arise, send out memos alerting each employee of the threat, how to identify it, and what to do if and when they have it,? says security expert and Guardian Digital CEO Dave Wreski.

http://www.linuxsecurity.com/content/view/119223
 
  Security Action Plans
  1st, June, 2005

Centralization, automation, problem prioritization--many IT-security professionals are embracing those concepts as they fight off the never-ending onslaught of threats. Security products can help businesses stem the flood of vulnerabilities, but IT teams also have to put in place processes to ensure that they're responding appropriately and being proactive in warding off potential dangers. Fact is, some companies spend too much on some parts of their organization and not enough on more-vulnerable areas.

http://www.linuxsecurity.com/content/view/119227
 
  Fedora Directory Server Now Available To The Open Source Community
  1st, June, 2005

The Fedora Project, a Red Hat-sponsored and community-supported, open source collaboration project, today announced at the Red Hat Summit the availability of Fedora Directory Server. By making Fedora Directory Server freely available to the open source development community, Red Hat is enabling and encouraging the development of secure, enterprise technologies and providing customers and partners with increased choice. The availability of Fedora Directory Server licensed under the GPL underscores Red Hat's true commitment to open source innovation.

http://www.linuxsecurity.com/content/view/119229
 
  How to crack passwords, and why you should
  2nd, June, 2005

Auditing passwords is a worthwhile venture, particularly in an environment that deals with sensitive information. Because systems encrypt passwords when they store them, you really can't properly judge the strength of a password unless you try to crack it. We suggest using a password-cracking tool such as John the Ripper. This tool works extremely well because it can crack MD5 passwords, which most systems currently use. In addition, it's much faster and more sophisticated than earlier password-cracking software such as Crack.

http://www.linuxsecurity.com/content/view/119237
 
  Hackers target voice over IP
  2nd, June, 2005

Service providers need to focus more resources on voice over IP (VoIP) security if they are to provide the level of reliability and trust that subscribers have come to expect with traditional telephone services, analysts have warned.

According to a white paper from business consulting and systems integration firm BearingPoint, broadband operators need to address security problems before rushing to VoIP as a way to increase revenue and provide new services.

http://www.linuxsecurity.com/content/view/119239
 
  Yahoo!, Cisco Combine Antispam Efforts
  2nd, June, 2005

Network equipment maker Cisco Systems Inc. and Internet portal Yahoo Inc. are combining their efforts to combat e-mail spam and forgery in a step that's expected to help expand adoption of the technology.

http://www.linuxsecurity.com/content/view/119240
 
  Lack of Confidence in IT Security Industry
  3rd, June, 2005

IT Security industry needs to convince citizens of its trustworthiness and the robustness of their products if it works to win a slice of the project associated with the introduction of ID cards. A recent research, published by Glasshouse Partnership, reveals that there is a lack of confidence in the ability to manage data security.

http://www.linuxsecurity.com/content/view/119247
 
  US biometric ID request raises ID concern in UK
  30th, May, 2005

The UK government plans to issue its ID card as a passport with biometric identifiers stored in a chip – and the US wants those chips to be compatible with its own scanners, raising the possibility that US agencies could have access to the ID Card database.

http://www.linuxsecurity.com/content/view/119219
 
  Cybersecurity czar will have hard road ahead
  2nd, June, 2005

A spending bill likely to be passed this month will give the Department of Homeland Security's chief cybersecurity officer more clout but will not solve major issues in how the agency handles its job of protecting the nation's critical infrastructure, security experts said this week.

http://www.linuxsecurity.com/content/view/119245
 
  On the track of script-kid terrorists
  31st, May, 2005

CYBER terrorism is almost a dirty word among elite computer security professionals, and there's a high risk of being ridiculed if you use it in their midst. AusCERT director Nick Tate says you're more likely to generate public terror by flying an aircraft into a bank than by breaking through its electronic security cordon.

http://www.linuxsecurity.com/content/view/119222
 
  Israeli Police Charge 18 With Industrial Espionage
  31st, May, 2005

Eighteen people have been arrested in one of Israel's largest industrial espionage schemes, police said Sunday, charging that business executives and private investigators used sophisticated software to infiltrate competitors' computers. The investigation implicated a car importer, two cell phone providers, and the nation's main satellite television company. Police said they were still sifting through documents and computer files to figure out the extent of the damage, but maintained that victims lost competitive bids and thousands of customers because of the spying.

http://www.linuxsecurity.com/content/view/119224
 
  Hackers, Spammers Partner Up To Wreak Havoc
  3rd, June, 2005

A one-two-three assault of disparate spammer and hacker groups in the last 24 hours bodes nothing but ill for users, a security expert said Thursday.

The attack, which involves a new combination of malicious code, shows evidence of "tactical coordination that is unprecedented," said Sam Curry, vice president of Computer Associates' eTrust security group.

http://www.linuxsecurity.com/content/view/119248
 
  New hack cracks 'secure' Bluetooth devices
  3rd, June, 2005

Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else’s cellphone.

http://www.linuxsecurity.com/content/view/119250
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.