Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: June 27th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "DShield: A community approach to intrusion detection," "Patch Management: Q&A with Thom Bailey," and "IT and physical security joining hands."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for elinks, mikmod, tcpdump, parted, system-config-securitylevel, checkpolicy, spamassassin, gaim, ruby, arts, kde, util-linux, sudo, gawk, mc, pilot-link, alsa-utils, jpilot, ImageMagick, hwdata, webapp, cpio, squirrelmail, and bzip2. The distributors include Fedora, Gentoo, and Red Hat. Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Denial of Service Attacks
  21st, June, 2005

DoS attacks are not unique to the digital world. They existed many years before anything digital was created. For example, someone sticking a piece of chewing gum into the coin slot of a vending machine prevents thirsty people from using the machine to fetch a refreshing drink. In the digital world, DoS attacks can be acts of vandalism, too. They are performed for fun, pleasure, or even financial gain. In general, DoS attacks are a tough problem to solve because the Internet was designed on a principle that everyone plays by the rules. In this article we will describe the network based DOS.
  AT&T plans CNN-syle security channel
  23rd, June, 2005

Security experts at AT&T are about to take a page from CNN's playbook. Within the next year they will begin delivering a video streaming service that will carry Internet security news 24 hours a day, seven days a week, according to the executive in charge of AT&T Labs.
  DShield - A community approach to intrusion detection
  22nd, June, 2005

Analyzing firewall logs is key to understanding the threats your servers face. Knowing what the bad guys are looking for is the first step in assessing how vulnerable your servers are. Both open source and commercial firewalls make log information available to firewall administrator. But taking risk assessment a step further, what if there were a way to apply the principles that make open source software successful to firewall log analysis? A way to help yourself and others at the same time? The DShield project seeks to do just that.
  Patch Management: Q&A with Thom Bailey
  21st, June, 2005

Patches are small, sometimes temporary “quick fixes� that address often critical software flaws. Patches are usually made available by software vendors in between service packs or version upgrades upon confirmation that a software flaw affects a large number of users with usually serious consequences. More often than not, patches address vulnerabilities impacting security. These patches are therefore referred to as security patches. Typically, patches are made available for download from the software vendor’s support Web site.
  Linux vs. Windows: Analysts question assumptions about security, TCO
  22nd, June, 2005

Both Linux and Windows are here to stay. The decision to deploy a Linux or a Windows server should be based on a careful evaluation of both technical and business needs. For smaller companies with in-house Windows skills, moving to Linux or implementing Linux alongside Windows could cause more headaches and staff issues than value. For larger companies with sufficient staff and training budgets, implementing Linux-based servers may prove cost-effective in the long-term.
  Linux-Windows Single Sign-On
  23rd, June, 2005

I am an advocate of centralized identity management and I think Active Directory makes a great repository for user account information. Interoperability can be a challenge, though. For example, you may work in a mixed environment of Linux/Unix and Windows and want users to take advantage of their Windows accounts when logging on at a Linux/Unix machine. This provides single sign-on for users who otherwise would need to maintain two different sets of passwords.
  Interview with GaĂ«l Duval of Mandriva (ex MandrakeSoft)
  22nd, June, 2005

Well... I'm 32 years old, and it's been nearly 7 years since I launched the first Mandrake Linux distribution - so my professional life has been totally focusing on Mandrkesoft/Mandriva for 7 years! I started as a technical director for the distribution, then I retired a bit in 2000/2001 by just focusing on our community website. Then I started to manage all the communication of Mandriva. And it's possible that I will soon stop that and focus on something else. At the same time, I always had a look at our products, sent suggestions, launched new projects such as the redesign of our desktop and the MandrakeMove concept, our very own liveCD. My spare time mostly consists of spending time with my wife and my little daughter, who was born 4 months ago! I also spend a little time recording music, which was my big hobby for years. Read At
  IT and physical security joining hands
  20th, June, 2005

IT departments and physical security departments at corporations must learn to work together and coordinate their efforts, because computer security and conventional security are getting increasingly and irreversibly intertwined, speakers at a security conference said this week.
  Botnet Hunters Search for 'Command and Control' Servers
  20th, June, 2005

Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style.

The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers.
  Hacking and phishing soars in May
  21st, June, 2005

May saw a resurgence in the amount of viruses in circulation and the number of phishing attacks.

The latest monthly report from managed security vendor MessageLabs noted that virus attacks, and particularly Trojan attacks, increased by a third month on month, in part due to the Bagel virus.
  Black Market in Stolen Credit Card Data Thrives on Internet
  21st, June, 2005

"Want drive fast cars?" asks an advertisement, in broken English, atop the Web site "Want live in premium hotels? Want own beautiful girls? It's possible with dumps from Zo0mer." A "dump," in the blunt vernacular of a relentlessly flourishing online black market, is a credit card number. And what Zo0mer is peddling is stolen account information - name, billing address, phone - for Gold Visa cards and MasterCards at $100 apiece.
  Security risks associated with portable storage devices
  22nd, June, 2005

There is no question that USB Flash Drives and their electronic counterparts are a valuable addition to the road warrior's toolbox. They have also created a nightmare for data security managers and have spawned an entire sub industry that is aimed squarely at portable data storage security.
  Advertising for help can showcase security weaknesses
  22nd, June, 2005

Wonder how hackers know where your company's network is vulnerable? Your online job postings may be the culprit. Do they hint where you're weak in IT staffing? List specific operating systems and hardware that candidates should be familiar with? If so, you've provided enough information for the bad guys to break in.
  New Version of ISO 17799 Published
  23rd, June, 2005

The revision of the ISO 17799 information security standard is now available. This has been under development for several years, and introduces a major changes to ISO 17799. The old version, published originally in 2000, has been withdrawn.
  eSecurity management comes of age
  24th, June, 2005

In this environment, no organisation can afford to be without intelligent and proactive security monitoring and disaster management capabilities as the dangers of attacks by intruders become increasingly important, and the scale of potential damage also arises. Keeping pace with the rapid evolution and escalation of security threats is a daunting challenge, and IT professionals continue to seek technologies that can enhance security without the frustration of additional management overhead.
  Data security: It doesn't take a breach to get the FTC's attention
  24th, June, 2005

The litany of the latest database security breaches reads like a laundry list of some of the most prominent companies in the U.S. But your company doesn't have to be prominent or suffer a breach to come under the scrutiny -- and wrath -- of the Federal Trade Commission.
  Government looks into Open Source Security
  24th, June, 2005

The Cabinet Office's Central Sponsor for Information Assurance, which co-ordinates information security projects across government, is investigating applications based around a highly secure open source operating system. The proof-of-concept systems being developed by the CSIA will use security enhanced Linux to support remote working and web services. Ministers were prompted to disclose details of the work following parliamentary questions tabled by Lord Harris of Haringey about the CSIA's activities in evaluating the security of open source software.
  Targeted Trojan-horse attacks hitting U.S., worldwide
  23rd, June, 2005

On June 16, the United Kingdom's incident response team, the National Infrastructure Security Co-ordination Centre, warned that stealthy Trojan-horse attacks were targeting specific U.K. companies and government agencies. However, similar attacks aimed at other countries, including the United States, have been detected over the past year, according to security firms.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.