Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
LINUX ADVISORY WATCH - This week, advisories were released for krb4, mailutils, traversal, Wordpress, SilverCity, kdbg, ImageMagick, openssh, dbus, rsh, and the Red Hat kernel. The distributors include Debian, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Talking with Richard Stallman | ||
12th, June, 2005
|
||
How well do you know your partner? | ||
7th, June, 2005
For those of you who follow the news, you may have read the recent story of spy software discovered at some of IsraelÕs leading companies which reads just like the spy stories weÕve been reading for years. The imagined villains are in fact the victims, but more importantly the problem of spy software being prevalent in Israeli companies came as a result of one of the most comprehensive investigations involving computer crime ever undertaken. The Trojan had been introduced by providing companies with contaminated files, or sending a contaminated e-mail message to the companies. This also raises concerns that this evaded all the security measures in place at the companies infected. |
||
Debian released without security update feature | ||
8th, June, 2005
A configuration mistake in the new Debian Linux distribution has forced a fix less than 24 hours after the software was released. "New installations [of Debian 3.1 from CD and DVD] will not get security updates by default," said Debian developer Colin Watson in an e-mail warning. Installations from floppy disks or network servers were not affected. |
||
The meagre living of Linux virus writers | ||
9th, June, 2005
According to anti-virus firm Trend Micro, the number of Linux viruses in the wild has not changed dramatically for two years, but its figure of 500 dangerous and exploitative programs dashing around the Internet seeking unprotected systems is cause for concern, until you look closer at the reasoning. Rainer Link, assistant to head of the companyÕs EMEA (Europe, Middle East & Africa) Operations, admits the figures can be misleading and says it refers to Linux malware in general, including malware running on Linux whose ultimate target is Windows. |
||
Attack Trends: 2004 and 2005 | ||
7th, June, 2005
Counterpane Internet Security, Inc., monitors more than 450 networks in 35 countries, in every time zone. In 2004 we saw 523 billion network events, and our analysts investigated 648,000 security "tickets." What follows is an overview of what's happening on the Internet right now, and what we expect to happen in the coming months. |
||
Analysts say 'cloudy' forecast is OK | ||
7th, June, 2005
The network security forecast is cloudy, and that's not a bad thing if you're to believe what analysts are saying at this week's Gartner IT Security Summit. |
||
What to ask when evaluating intrusion-prevention systems | ||
8th, June, 2005
An intrusion-prevention system (IPS) is part of an overall security strategy to protect your network from attack. The IPS literally prevents an attack by blocking bad stuff, such as viruses or malformed packets, from getting into the company network. |
||
Secure Mac and Linux authentication | ||
8th, June, 2005
CryptoCard (.com) makes a variety of secure authentication and ID management tools, and they just released support for OS X Tiger (they already did Panther). For the rest of you PC alternative fans, Linux support includes Red Hat, SuSE, and an easy compile option for Debian. |
||
Integrating and securing Linux without a silver bullet | ||
10th, June, 2005
The difficulty in integrating Linux with legacy systems and securing IT systems are two of IT managers' most common complaints about Linux, says Peter Harrison, who canvassed many IT pros while writing The Linux Quick Fix Notebook, a new book from Prentice Hall PTR. In this tip, Harrison doesn't offer a quick fix, but he does offer sage advice about security and integration. |
||
Has Ransomware Learned from Cryptovirology? | ||
6th, June, 2005
A secure cryptovirus, cryptotrojan or cryptoworm contains a payload that activates under a particular circumstance. When it activates, it generates a random symmetric key and encrypts the victim's files with it. This key is then encrypted in turn with the attacker's public key to produce an asymmetric ciphertext. |
||
Trusted Matters: Interview, Chad Hanson, TCS | ||
6th, June, 2005
I was fortunate enough to have a conversation with Chad Hanson, Manager of the Trusted Operating Systems Lab at Trusted Computer Solutions in Urbana, Illinois. Chad has a long history in working with Trusted Operating Systems. He came to Trusted Computer Solutions from Argus Systems, where he led the development of PitBull, itself a Trusted Operating System. Chad's experience also includes leading the design and development of new components to NSA SE Linux that are leading to greater security in the Linux kernel. |
||
Software is just one component of security | ||
7th, June, 2005
Here's an important lesson for everyone, whether you run Linux, Solaris, Windows, OpenBSD, Mac OS X, or MS-DOS your customers' data isn't very secure when tapes carrying sensitive customer data go missing in transit. In this particular case, one wonders whether transporting physical media is the best way to transfer sensitive customer data from Citigroup to Experian. It certainly makes one wonder to find out that the tapes had been shipped on May 2, and it wasn't noticed that they'd gone missing until May 20. |
||
Insecurity through obscurity | ||
9th, June, 2005
Security through obscurity is probably one of the oldest tricks in the security book. The basic premise stems from the fact that people are trying to ensure security by hiding certain facts of their software or architecture design from regular users. This is equivalent to someone hiding a house key under a pot of plants in front of his house. |
||
Gartner IDs 'Over-Hyped' Security Threats | ||
9th, June, 2005
Over-hyped security threats have made companies unnecessarily hesitant to roll out new technologies, such as Internet telephony and wireless networks, a research firm said Wednesday. |
||
A Tale of Two Hackers | ||
6th, June, 2005
Lapping up the sunshine here outside a downtown cafe, Kevin Mitnick is apprehensive. He never asked to be the world's most high-profile convicted computer criminal, he says, and he's sick of media interviews dwelling on his criminal past. |
||
Israel espionage case points to new Net threat | ||
10th, June, 2005
Executives of top telecom firms accused of spying on each other. A jealous ex-husband suspected of monitoring his former in-laws. Private investigators implicated in computer-hacking-for-hire; one now involved in a possible attempted suicide. So much bad publicity, government officials worry it might impact the entire nationÕs economy. |
||
Cracking WEP in 10 minutes | ||
8th, June, 2005
Yesterday I started noticing referral traffic from myscreencast.com, a phpbb-based community site for finding and sharing screencasts. The most entertaining one I found is called Cracking WEP in 10 minutes. It was produced with Camtasia, but the action takes place in Whoppix, which describes itself thusly: |
||