Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
LINUX ADVISORY WATCH - This week, advisories were released for fuse, drupal, egroupware, ettercap, dhcpcd, ruby, squid, gzip, gedit, centericq, tiff, squirrelmail, kdegraphics, dlm-kernel, gnbd-kernel, cman-kernel, GFS-kernel, procps, libwnck, metacity, gaim, audit, libxml2, dhcp, lam, vixie-cron, krb5, net-snmp, selinux-policy-targeted, bind, rpm, openssh, pam, phpWebSite, phpGroupWare, Adobe Acrobat Reader, Ruby, MIT Kerberos 5, Bugzilla, pam_ldap, nss_ldap, Mozilla Firefox, krb5, cups. The distributors include Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Network Server Monitoring With Nmap -Portscanning, for the uninitiated, involves sending connection requests to a remote host to determine what ports are open for connections and possibly what services they are exporting. Portscanning is the first step a hacker will take when attempting to penetrate your system, so you should be preemptively scanning your own servers and networks to discover vulnerabilities before someone unfriendly gets there first.
Any open ports that are unnecessary for proper system operation should be closed. Every open port is a possible access point for an unauthorized user, and every service accepting connections from the world could have a vulnerability. Even if you are diligent about applying patches, any unnecessarily running service is still a window an attacker could possibly climb through.
Pull The Plug Revisited: An Interview Five Years Later -Five years after our original interview with Brian Gemberling, founder of PullthePlug.org, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Read more to find out...
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| CRYPTO-GRAM, July 15, 2005 | ||
15th, July, 2005
A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. |
||
| The Five Top Network Security Secrets | ||
13th, July, 2005
What is the secret to network security? In the wake of recent high-profile security breaches like at LexisNexis and MasterCard, it's worth asking what it takes to nail down network security --- and what are the secrets not everyone knows? |
||
| Desktop port proliferation a security risk? | ||
14th, July, 2005
Software maker Opera's decision to support BitTorrent has added to some security experts' worries that applications which require open connections through firewalls are becoming increasingly popular. |
||
| Speakers at E-Mail Summit Push Authentication, Reputation Tools | ||
14th, July, 2005
Representatives from 37 e-mail technology companies used a one-day Summit in New York on Tuesday to exhort private sector administrators and online marketers to adopt e-mail sender authentication technology that helps block spam and phishing attacks. |
||
| ZombieAlert Scours Corporate Networks For Spam-spewing PCs | ||
14th, July, 2005
A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines. |
||
| Phlooding attack could leave enterprises high and dry | ||
15th, July, 2005
You've got to hand it to the IT security industry for its ability to coin new and impressive sounding terms for security threats. Hot on the hells of WiPhishing and Evil Twins comes the latest buzz word for wireless Lan security: phlooding. |
||
| Strengthening Quantum Cryptography by Putting On Blinders | ||
15th, July, 2005
A Korea-UK team (contact Myungshik Kim, Queen's University, Belfast, |
||
| Domain Hijacking Takes ICANN Spotlight | ||
18th, July, 2005
Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found. |
||
| OSSEC Host-Based IDS v0.1 released | ||
13th, July, 2005
OSSEC HIDS is a self-contained system for Host-based intrusion detection. It performs log extraction, integrity checking and health monitoring. All this information is correlated and analyzed by a single engine, creating a very powerfull detection tool. |
||
| VeriSign Buys iDefense For $40m | ||
14th, July, 2005
John Leyden from The Register writes: "Net infrastructure firm VeriSign has bought security intelligence firm iDefense for $40m in cash. iDefense's 45 employees will join VeriSign in a move designed to bolster its managed security services offering with proactive threat warning and security remediation advice." |
||
| Sun To Open-Source Web Authentication, Single Sign-On | ||
15th, July, 2005
Sun Microsystems plans to open-source its Web site authentication and single sign-on technology. |
||
| KCPenTrix 1.0 PenTesting LiveCD released | ||
13th, July, 2005
Knowledgecave is proud to announce that KCPenTrix Ver 1.0 is now available. |
||
| NetWhistler 2.6 release | ||
15th, July, 2005
NetWhistler 2.6 is a easy to use Network monitoring software that offers integrated fault and performance management functionality. |
||
| Interview with Fyodor of Nmap | ||
17th, July, 2005
Nmap ("Network Mapper") is a free utility for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL. Read at TuxJournal.net |
||
| Linux Gets High Marks For Security | ||
11th, July, 2005
The IT world may be an insecure place, but don't blame Linux. In fact, very few IT pros participating in InformationWeek Research's Linux and open-source survey say Linux has introduced security problems into their IT environments. |
||
| Microsoft claims Windows more secure than Linux | ||
11th, July, 2005
Microsoft has claimed that open source database products and servers such as Linux have had a "significantly greater number and severity of vulnerabilities compared with Windows Server 2003 and SQL Server 2000". |
||
| Hacker magazine shuts up shop | ||
11th, July, 2005
Hacking magazine Phrack is closing after 20 years of publishing after its editorial team decided to call it a day. The final date for submissions for the special hardback last issue of the mag was Sunday 10 July. Issue 63 will be released at the Defcon and WhatTheHack2005 hacker conventions later this month. |
||
| New E-Mail Authentication Spec Submitted to IETF | ||
12th, July, 2005
A group of leading technology companies that includes Microsoft Corp., IBM, Yahoo Inc. and Cisco Systems Inc. has submitted a new e-mail authentication standard to the Internet Engineering Task Force for consideration, eWEEK has learned. |
||
| Computer hijacking on the rise | ||
12th, July, 2005
Personal computers that play unwitting host to "zombie" code are proliferating at a startling pace, according to a new report. |
||
| Mozilla Updates Firefox to Fix Security Gaps | ||
13th, July, 2005
The Mozilla Foundation updated the Firefox Web browser Tuesday in order to patch a series of security vulnerabilities, including widely publicized browser spoofing issue and a frame-injection issue. |
||
| Proprietary Software Can't Control the World | ||
13th, July, 2005
Jurgen Geck held what looked like a silver bullet between his thumb and index finger. "This is a Fisher Space Pen," he said -- a pen developed for NASA astronauts in space, a pen with ink that just keeps on flowing. A pen able to write upside down and even underwater. |
||
| Domain Hijacking Takes ICANN Spotlight | ||
14th, July, 2005
Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found. |
||
| Linux and Windows Security Neck and Neck | ||
14th, July, 2005
There is little to choose between Microsoft and Linux in terms of operating system security, according to experts, but misleading figures and surveys are muddying the waters for IT managers evaluating the platforms. |
||
| Cisco warns of security flaws | ||
14th, July, 2005
Cisco Systems identified several vulnerabilities in its products this week that could lead to denial-of-service attacks. |
||
| Intel to cut Linux out of the content market | ||
15th, July, 2005
Which not entirely security-related, this article caught my attention: |
||
| Bank Of America Rolls Out New Online Security System | ||
15th, July, 2005
Bank of America is rolling out its new online security system, SiteKey, this week in Virginia, Maryland and Washington, D.C. It launched last month in Tennessee, and should be available nationwide by the fall. By Paul Nowell, The Associated Press |
||
| Mozilla Fixes Thunderbird Flaws In 1.0.5 | ||
18th, July, 2005
The Mozilla Foundation this week updated its rival to Microsoft Outlook, the Thunderbird stand-alone POP3 e-mail and news client, to plug some of the same security holes that earlier were fixed in the open-source group's popular Firefox browser. |
||
| Coalition Issue Definitions For 'Spyware' | ||
12th, July, 2005
Anti-spyware vendors and consumer groups took a stab at issuing uniform definitions for "spyware" and "adware" on Tuesday in hopes of giving computer users more control over their machines. |
||
| Personal data quiz throws wrench into ID theft | ||
14th, July, 2005
Identity thieves and impersonators thrive on publicly available personal information and data pilfering. Now that information, along with some bogus data on would-be fraud victims, is being used against the thieves in an identity verification scheme from StrikeForce Technologies. |
||
| Last Chance to Stop Renewal of the USA PATRIOT Act! | ||
15th, July, 2005
Congress will vote any day now on new legislation that would renew parts of the USA PATRIOT Act scheduled to expire or "sunset" at the end of the year, while possibly handing the FBI even more unchecked power to snoop on your mail and private records, including logs of your Internet activities. |
||
| Law and Order on the Internet | ||
13th, July, 2005
In the Internet criminal justice system the people are betrayed by two separate, yet equally important groups: the hackers who investigate and exploit security problems and the legal authorities who don't take the offenders seriously. These are their stories. |
||
| Popular Firefox Community Site Hacked | ||
15th, July, 2005
It appears as if a popular Firefox community site, Spread Firefox!, was hacked: It appears that a part of Spread Firefox was hacked in an attempt to use it to send out spam. It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords.. |
||
| Noisy party: complainant arrested for stealing? | ||
11th, July, 2005
The basic facts are that Benjamin Smith III used someone else's WiFi network. The facts aren't in dispute; Smith parked his vehicle outside the home of Richard Dinon, logged onto the network, and did some surfing. |
||
