Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
LINUX ADVISORY WATCH This week, advisories were released for ppxp, gaim, clamav, razor, trac, zlib, bzip2, cvs, spamassassin, sudo, ht, fuse, netpbm, kernel, cryptsetup, selinux-policy, kdevelop, kde, php, gjdoc, javacc, lucene, grep, php-xmlrpc, phpBB, realplayer, tikiwiki, and cacti. The distributors include Fedora, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Pull The Plug Revisited: An Interview Five Years Later - Five years after our original interview with Brian Gemberling, founder of PullthePlug.org, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Read more to find out...
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| The Death Of A Firewall | ||
8th, July, 2005
Three years ago, I proposed to our technology architects that we eliminate our network firewalls. Today, we're close to achieving that goal. Back then, I thought that network-based firewalls were losing their effectiveness, enabling a mind-set that was flawed. Today, I'm certain. |
||
| Debian struggling with security | ||
5th, July, 2005
Linux distributor is falling behind rivals in releasing security updates, due to server configuration problems and manpower shortages Debian is facing difficulties getting timely security updates to users of its Linux distribution due to lack of manpower and software problems. |
||
| Does OS matter anymore for security? | ||
6th, July, 2005
Whenever I've touched on the sensitive topic of Linux vs. Windows or Apache vs. Microsoft IIS security, I expected the usual flame treatment and nasty name calling to fly. It's usually taken as gospel in many IT circles to assume that Windows Security is an oxymoron; anyone who dares to suggest using Microsoft IIS 6.0 for a public web server faces serious ridicule. To see if there was any truth to this presumption that Windows Server is fundamentally insecure, I looked up these hacking statistics from www.zone-h.org for 2003 to 2004. Not only did it not show that Windows was hacked more often, but just the opposite. The Linux servers were actually getting hacked and defaced far more often than the Windows server and Apache was also being hacked and defaced more than Microsoft IIS. |
||
| The root of the rootkit | ||
7th, July, 2005
Pretend you're a hacker. You just found a system that is no match for your 'leet skillz' and gained root access. Now what? Sooner or later, the system administrator is going to notice his box is 'owned' and you'll be kicked out after the system is patched. That's why you install a rootkit. |
||
| Effective Network Management for Security and Compliance | ||
8th, July, 2005
The facts are astounding: Over 80% of enterprises have reported downtime due to a network security incident; over 50% of all network security break-ins occur from manual device configuration; and some companies can face up to $1M per day in fines if their network infrastructures do not comply with compliance legislation. |
||
| Apache 2.x Request Smuggling Vulnerability | ||
8th, July, 2005
All versions of Apache previous to 2.1.6 are vulnerable to a HTTP request smuggling attack which can allow malicious piggybacking of false HTTP requests hidden within valid content. This method of HTTP Request Smuggling was first discussed by Watchfire some time ago. The issue has been addressed by an update to version 2.1.6. |
||
| Adobe Warns of Security Flaw to Software | ||
7th, July, 2005
A security flaw in the popular document-sharing software, Adobe Reader, could be exploited to seize control of a computer system, according to the software's maker. |
||
| Debian addresses security concerns | ||
8th, July, 2005
Popular Linux distributor Debian has moved quickly to address concerns it was falling behind on security. |
||
| White hat heroes | ||
4th, July, 2005
Scanit is holding an ethical hacking course from September 4-8 2005 at Knowledge Village in Dubai in a bid to encourage regional network professionals to use the black arts of hacking to make their companies safer. The course is intended for network and system engineers that want to learn how to assess the security of their IT infrastructure and IT consultants who want to learn to perform in-depth security assessments. |
||
| Rats in the security world | ||
4th, July, 2005
Not too long ago my wife and I decided to try out a Chinese restaurant in our area we had never visited before. I was looking at the menu and my wife gasped, then laughed a bit. I looked up and she pointed out a rat crawling right under the restaurant's buffet table. |
||
| Open source vs. Windows: security debate rages | ||
5th, July, 2005
It's a topic of fierce debate among high-tech cognoscenti: What's more secure -- "open source" code such as Linux and Apache, or proprietary "closed source" operating systems and applications, Microsoft's in particular? The regularity with which Microsoft has taken to announcing vulnerabilities and consequent software fixes has left few cheering about its security. In contrast, high expectations endure for open source, with proponents arguing that it's inherently more secure because a much larger set of developers can read the code, vet it and correct problems. |
||
| Data Security Is Retailers' Job, Too | ||
5th, July, 2005
Consumers aren't the only ones who pay when hackers steal credit-card numbers and other customer data. Retailers, which often hold customer information in their IT systems, can be liable for security breaches. |
||
| Reverse engineering patches making disclosure a moot choice? | ||
5th, July, 2005
When Microsoft released limited information on a critical vulnerability in Internet Explorer last month, reverse engineer Halvar Flake decided to dig deeper. |
||
| Security meltdown: who's to blame? | ||
6th, July, 2005
If there's one thing the security industry is really good at, it's pointing fingers. We all like to say that "security starts with you", so that everyone can share a piece of the mud pie. While we're pointing fingers, let's look at a few groups and individuals and see how they can share the blame for their own insecurity - and prevent the spread of viruses, Trojans and worms. |
||
| Comparing security on Windows and Linux | ||
6th, July, 2005
Software security is quite often a subjective measure, mainly because there is the risk of a security vulnerability being created with every line of programming code. Each vulnerability has a degree of severity which may or may not be important to the end user. The result is an infinite number of interpretations of security, especially in a complex application such as an operating system like Windows or Linux. |
||
| Hacking for dollars | ||
6th, July, 2005
In the past, lone hackers defaced Web sites or launched global worm attacks, mainly to gain notoriety among their peers. |
||
| Preventing malicious spyware in the enterprise | ||
6th, July, 2005
Spyware threats are becoming more sophisticated; hackers are finding ways to lodge key logging, backdoor programs and trojans onto more desktops. However, anti-spyware tools have not kept up with this increased complexity. |
||
| Zlib Security Flaw Exposes Swath of Programs | ||
7th, July, 2005
A serious security flaw has been identified in Zlib, a widely used data compression library. Fixes have begun to appear, but a large number of programs could be affected. |
||
| Linux Gets High Marks For Security | ||
11th, July, 2005
The IT world may be an insecure place, but don't blame Linux. In fact, very few IT pros participating in InformationWeek Research's Linux and open-source survey say Linux has introduced security problems into their IT environments. |
||
| Microsoft claims Windows more secure than Linux | ||
11th, July, 2005
Microsoft has claimed that open source database products and servers such as Linux have had a "significantly greater number and severity of vulnerabilities compared with Windows Server 2003 and SQL Server 2000". |
||
| Hacker magazine shuts up shop | ||
11th, July, 2005
Hacking magazine Phrack is closing after 20 years of publishing after its editorial team decided to call it a day. The final date for submissions for the special hardback last issue of the mag was Sunday 10 July. Issue 63 will be released at the Defcon and WhatTheHack2005 hacker conventions later this month. |
||
| Americans changing tack to shake off spyware | ||
7th, July, 2005
Nine out of 10 Internet users say they have changed their online habits to avoid spyware and other Internet-based threats, according to a study released on Wednesday. |
||
| The coming Web security woes | ||
5th, July, 2005
Our esteemed leaders in the U.S. Congress are vowing to enact new laws targeting data thieves, backup-tape burglars and other information-age miscreants. |
||
| Wi-Fi mooching and the law | ||
8th, July, 2005
The recent arrest of a Florida man on charges of unauthorized use of a wireless network could set legal ground rules for open Wi-Fi access. |
||
| Noisy party: complainant arrested for stealing? | ||
11th, July, 2005
The basic facts are that Benjamin Smith III used someone else's WiFi network. The facts aren't in dispute; Smith parked his vehicle outside the home of Richard Dinon, logged onto the network, and did some surfing. |
||
