LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: July 4th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contribtors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Linux to the rescue: A review of three system rescue CDs," "We Don't Need the GPL Anymore," and "Senators propose sweeping data-security bill."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for crip, Network Manager, HelixPlayer, gedit, gzip, selinux, gnome, openssh, libwpd, openoffice, openssh, binutils, totem, rgmanager, magma-plugins, iddev, fence, dlm, cman, css, GFS, mod_perl, Heimdal, and sudo. The distributors include Debian, Fedora, Gentoo, and Red Hat.

LinuxSecurity.com Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  ActiveState Releases ActivePerl, ActivePython & ActiveTcl for Sun's Solaris 10
  28th, June, 2005

ActiveState, a leading provider of developer tools and services for dynamic languages, today announced the release of ActiveState's ActivePerl, ActivePython, and ActiveTcl language distributions for Sun's Solaris 10 Operating System (OS) for SPARC, x86 and x64 systems. The release underlines ActiveState's commitment to providing developers with up-to-date scripting languages on Sun Solaris 10.

http://www.linuxsecurity.com/content/view/119430
 
  Linux to the rescue: A review of three system rescue CDs
  30th, June, 2005

We've all had this nightmare. You turn on your functioning Windows/Linux PC, and all you get is a blank screen, or a message telling you that certain files are missing, or the kernel has panicked for some obscure reason. Nothing works, and you need the data on your machine. Yes, now's the time to whip out that trusty backup disk, and heave a sigh of relief that all the important stuff is backed up, right? Well, think again.

http://www.linuxsecurity.com/content/view/119458
 
  What is the Best Firewall for Servers?
  28th, June, 2005

I maintain a bunch of servers at our labs in the university. Of late, the number of attacks on the computers has been more noticeable. The university provides firewall software (Kerio) but that doesn't work with Win 2003. And so we keep getting hit by zombie machines taken over in the Education Department or from Liberal Arts. So what does the Slashdot crowd use when they need to secure their Linux and Windows servers? Does it cost less than US $100?

http://www.linuxsecurity.com/content/view/119427
 
  Xen Developers Focus on Security
  28th, June, 2005

With the next major release of the Xen Virtual Machine Monitor expected this August, the project's developers have turned their attention to a new issue: security. Over the last few months, a group of the project's open source developers have begun work on a "security enhanced" version of Xen called XenSE that is similar in concept to the Security Enhanced Linux project backed by the U.S. National Security Agency (NSA).

http://www.linuxsecurity.com/content/view/119426
 
  Browser Identification For Web Applications
  27th, June, 2005

Browser identification is not a new concept. With the focus having shifted to desktops from networks and servers, a topic such as remote browser identification needs to be revisited.

http://www.linuxsecurity.com/content/view/119425
 
  The Going Gets Hot
  28th, June, 2005

As if angry customers, declining consumer confidence, and the threat of fines weren't enough, business executives have something new to mull on the troubling issue of lost or stolen customer data. Two U.S. senators are floating the prospect of jail time for business leaders who knowingly conceal such breaches. If top managers can't secure data in a well-guarded environment, well, perhaps they'll find themselves in one.

http://www.linuxsecurity.com/content/view/119428
 
  Virtual Private Servers Virtualize the OS
  29th, June, 2005

In today's never-ending crusade to reduce IT costs, various techniques are used to squeeze every drop of computing power out of servers. One popular technique is consolidation. Through consolidation, under used servers are subdivided into smaller, more usable pieces. And with these pieces, you generally achieve greater server performance overall. Often, it completely eliminates the need for some of the physical servers.

http://www.linuxsecurity.com/content/view/119432
 
  Open-source projects get free checkup by automated tools
  29th, June, 2005

More open-source software projects are gaining the benefits of the latest code-checking software, as the programs' makers look to prove their worth. On Tuesday, code-analysis software maker Coverity announced that its automated bug finding tool had analyzed the community-built operating system FreeBSD and flagged 306 potential software flaws, or about one issue for every 4,000 lines of code. The tool, which identifies certain types of programming errors, has previously been used to find flaws in other open-source software, including the Linux kernel and the MySQL database.

http://www.linuxsecurity.com/content/view/119433
 
  Open source ‘not big' in SMEs
  30th, June, 2005

Open source software has not made a big impact in small to medium enterprises (SMEs), according to a report by research firm BMI-TechKnowledge – “SME IT End-User Trends and Market Forecast?. BMI-T analyst Astrid Hamilton says 74% of the 165 respondents indicated they were not currently considering the use of open source software (OSS). Fifteen percent of respondents said they were using OSS, while 11% said they were considering using it.

http://www.linuxsecurity.com/content/view/119457
 
  Return of the Anti-Zombies
  30th, June, 2005

It's a recurring theme on security discussion lists: Someone ought to build a worm that infects insecure systems and remedies the problems on them.

Every six months or so someone thinks they're the first one to think of it. So in case any of you think it's a good idea, please stop wasting your time. It's a dreadful idea, it's been tried, and it's failed in the most miserable way. It's a Frankenstein's Monster in an e-mail attachment.

http://www.linuxsecurity.com/content/view/119460
 
  Final Draft of ISO 27001 Released
  1st, July, 2005

Following hot on the heels of the publication of the latest release of ISO 17799, ISO have published the final draft of ISO 27001.

This is the eagerly awaited replacement for BS7799-2, the Information Security Management Systems standard. It is anticipated that the final version will be published before the end of the year.

http://www.linuxsecurity.com/content/view/119462
 
  ESR: "We Don't Need the GPL Anymore"
  1st, July, 2005

Recently, during FISL (Fórum Internacional de Software Livre) in Brazil, Eric Raymond gave a keynote speech about the open source model of development in which he said, "We don't need the GPL anymore. It's based on the belief that open source software is weak and needs to be protected. Open source would be succeeding faster if the GPL didn't make lots of people nervous about adopting it." Federico Biancuzzi decided to interview Eric Raymond to learn more about that.

http://www.linuxsecurity.com/content/view/119467
 
  White hat heroes
  4th, July, 2005

Scanit is holding an ethical hacking course from September 4-8 2005 at Knowledge Village in Dubai in a bid to encourage regional network professionals to use the black arts of hacking to make their companies safer. The course is intended for network and system engineers that want to learn how to assess the security of their IT infrastructure and IT consultants who want to learn to perform in-depth security assessments.

http://www.linuxsecurity.com/content/view/119476
 
  Rats in the security world
  4th, July, 2005

Not too long ago my wife and I decided to try out a Chinese restaurant in our area we had never visited before. I was looking at the menu and my wife gasped, then laughed a bit. I looked up and she pointed out a rat crawling right under the restaurant's buffet table.

I got the waitress's attention and pointed out the rat to her. The waitress, a large Asian woman with a heavy oriental accent replied, "Oh ya' his name is Tock." She giggled a bit then walked off.

http://www.linuxsecurity.com/content/view/119477
 
  Italian Police 1 / Privacy 0
  27th, June, 2005

The cryptographic services offered by the Autistici/Inventati server, housed in the Aruba web farm, have been compromised on 15th June 2004. We discovered the fact on 21st June 2005. One year later.

One year ago the authorities (i.e. the postal police), during the investigation that led to the suspension of an email account (croceneraanarchica-at-inventati.org), shut down our server without any notice, and copied the keys necessary for the decryption of the webmail. Since then, they potentially had access to all the data on the disks, including sensible information about our users. This happened with the collaboration of Aruba, our provider.

http://www.linuxsecurity.com/content/view/119416
 
  Senators propose sweeping data-security bill
  30th, June, 2005

Corporate data-security practices would be hit with an avalanche of new rules and information burglars would face stiff new penalties under a far-reaching bill introduced Wednesday in the U.S. Senate.

The bill represents the most aggressive--and at 91 pages, the most regulatory--legislative proposal crafted so far in response to a slew of high-profile security breaches in the last few months.

http://www.linuxsecurity.com/content/view/119459
 
  Hackers unleash industrial spy Trojan
  29th, June, 2005

IT security experts have detected a malware-based hack attack that attempts to gain unauthorised access to the networks of specifically targeted domains.

Security firm MessageLabs, which discovered the attack, explained that the Trojan targets only a small number of email addresses - 17 in this case - rather than mass mailing itself to as many recipients as possible.

http://www.linuxsecurity.com/content/view/119435
 
  Phishing Up By 226 Percent
  1st, July, 2005

Phishing is up dramatically over the last two months according to data released Thursday by computer maker IBM and message filtering firm Postini.

IBM's monthly security report said that phishing jumped 226 percent in May over the previous month to record an all-time high that beat out the earlier record in January of this year.

http://www.linuxsecurity.com/content/view/119468
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.