Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: July 18th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Pax Dickinson   
Linux Security Week This week, perhaps the most interesting articles include "Linux Gets High Marks For Security", "Proprietary Software Can't Control The World", and "New E-Mail Authentication Spec Submitted to IETF".
Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for fuse, drupal, egroupware, ettercap, dhcpcd, ruby, squid, gzip, gedit, centericq, tiff, squirrelmail, kdegraphics, dlm-kernel, gnbd-kernel, cman-kernel, GFS-kernel, procps, libwnck, metacity, gaim, audit, libxml2, dhcp, lam, vixie-cron, krb5, net-snmp, selinux-policy-targeted, bind, rpm, openssh, pam, phpWebSite, phpGroupWare, Adobe Acrobat Reader, Ruby, MIT Kerberos 5, Bugzilla, pam_ldap, nss_ldap, Mozilla Firefox, krb5, cups. The distributors include Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Network Server Monitoring With Nmap - Portscanning, for the uninitiated, involves sending connection requests to a remote host to determine what ports are open for connections and possibly what services they are exporting. Portscanning is the first step a hacker will take when attempting to penetrate your system, so you should be preemptively scanning your own servers and networks to discover vulnerabilities before someone unfriendly gets there first.

Any open ports that are unnecessary for proper system operation should be closed. Every open port is a possible access point for an unauthorized user, and every service accepting connections from the world could have a vulnerability. Even if you are diligent about applying patches, any unnecessarily running service is still a window an attacker could possibly climb through.

Pull The Plug Revisited: An Interview Five Years Later - Five years after our original interview with Brian Gemberling, founder of, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Read more to find out...

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  CRYPTO-GRAM, July 15, 2005
  15th, July, 2005

A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.
  The Five Top Network Security Secrets
  13th, July, 2005

What is the secret to network security? In the wake of recent high-profile security breaches like at LexisNexis and MasterCard, it's worth asking what it takes to nail down network security --- and what are the secrets not everyone knows?
  Desktop port proliferation a security risk?
  14th, July, 2005

Software maker Opera's decision to support BitTorrent has added to some security experts' worries that applications which require open connections through firewalls are becoming increasingly popular.
  Speakers at E-Mail Summit Push Authentication, Reputation Tools
  14th, July, 2005

Representatives from 37 e-mail technology companies used a one-day Summit in New York on Tuesday to exhort private sector administrators and online marketers to adopt e-mail sender authentication technology that helps block spam and phishing attacks.
  ZombieAlert Scours Corporate Networks For Spam-spewing PCs
  14th, July, 2005

A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines.
  Phlooding attack could leave enterprises high and dry
  15th, July, 2005

You've got to hand it to the IT security industry for its ability to coin new and impressive sounding terms for security threats. Hot on the hells of WiPhishing and Evil Twins comes the latest buzz word for wireless Lan security: phlooding.
  Strengthening Quantum Cryptography by Putting On Blinders
  15th, July, 2005

A Korea-UK team (contact Myungshik Kim, Queen's University, Belfast,, or Chilmin Kim, Paichai University) has introduced a method for preventing several clever attacks against quantum cryptography, a form of message transmission that uses the laws of quantum physics to make sure an eavesdropper does not covertly intercept the transmission. Making the message sender and receiver a little blind to each other's actions, the researchers have shown, can bolster their success against potential eavesdroppers.
  Domain Hijacking Takes ICANN Spotlight
  18th, July, 2005

Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found.
  OSSEC Host-Based IDS v0.1 released
  13th, July, 2005

OSSEC HIDS is a self-contained system for Host-based intrusion detection. It performs log extraction, integrity checking and health monitoring. All this information is correlated and analyzed by a single engine, creating a very powerfull detection tool.
  VeriSign Buys iDefense For $40m
  14th, July, 2005

John Leyden from The Register writes: "Net infrastructure firm VeriSign has bought security intelligence firm iDefense for $40m in cash. iDefense's 45 employees will join VeriSign in a move designed to bolster its managed security services offering with proactive threat warning and security remediation advice."
  Sun To Open-Source Web Authentication, Single Sign-On
  15th, July, 2005

Sun Microsystems plans to open-source its Web site authentication and single sign-on technology.

Eric Leach, director of product management at Sun, said the Santa Clara, Calif.-based company will open-source the technology through the Open Source Web Single Sign-On, or OpenSSO project. That effort includes technology related to authentication, single domain, single sign-on, Web agents and J2EE agents, he said.
  KCPenTrix 1.0 PenTesting LiveCD released
  13th, July, 2005

Knowledgecave is proud to announce that KCPenTrix Ver 1.0 is now available.
  NetWhistler 2.6 release
  15th, July, 2005

NetWhistler 2.6 is a easy to use Network monitoring software that offers integrated fault and performance management functionality.
  Interview with Fyodor of Nmap
  17th, July, 2005

Nmap ("Network Mapper") is a free utility for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL. Read at
  Linux Gets High Marks For Security
  11th, July, 2005

The IT world may be an insecure place, but don't blame Linux. In fact, very few IT pros participating in InformationWeek Research's Linux and open-source survey say Linux has introduced security problems into their IT environments.

Only 6% of 225 user sites report security issues from Linux deployments on their servers, while 6% of 165 Linux PC users attribute a security problem to the open-source operating system. The results indicate a slight decrease in complaints about Linux security from a year ago, when 11% of IT pros encountered security issues with Linux servers and 7% had problems with Linux PCs.
  Microsoft claims Windows more secure than Linux
  11th, July, 2005

Microsoft has claimed that open source database products and servers such as Linux have had a "significantly greater number and severity of vulnerabilities compared with Windows Server 2003 and SQL Server 2000".
  Hacker magazine shuts up shop
  11th, July, 2005

Hacking magazine Phrack is closing after 20 years of publishing after its editorial team decided to call it a day. The final date for submissions for the special hardback last issue of the mag was Sunday 10 July. Issue 63 will be released at the Defcon and WhatTheHack2005 hacker conventions later this month.
  New E-Mail Authentication Spec Submitted to IETF
  12th, July, 2005

A group of leading technology companies that includes Microsoft Corp., IBM, Yahoo Inc. and Cisco Systems Inc. has submitted a new e-mail authentication standard to the Internet Engineering Task Force for consideration, eWEEK has learned.
  Computer hijacking on the rise
  12th, July, 2005

Personal computers that play unwitting host to "zombie" code are proliferating at a startling pace, according to a new report.
  Mozilla Updates Firefox to Fix Security Gaps
  13th, July, 2005

The Mozilla Foundation updated the Firefox Web browser Tuesday in order to patch a series of security vulnerabilities, including widely publicized browser spoofing issue and a frame-injection issue.
  Proprietary Software Can't Control the World
  13th, July, 2005

Jurgen Geck held what looked like a silver bullet between his thumb and index finger. "This is a Fisher Space Pen," he said -- a pen developed for NASA astronauts in space, a pen with ink that just keeps on flowing. A pen able to write upside down and even underwater.

"It's sophisticated, it's costly, it's very nice and very shiny," Geck said. Geck is chief technology officer at SuSE Linux, an open-source software outfit now owned by Novell, and he's about to make his point: "The Russians just used a pencil."
  Domain Hijacking Takes ICANN Spotlight
  14th, July, 2005

Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found.
  Linux and Windows Security Neck and Neck
  14th, July, 2005

There is little to choose between Microsoft and Linux in terms of operating system security, according to experts, but misleading figures and surveys are muddying the waters for IT managers evaluating the platforms.
  Cisco warns of security flaws
  14th, July, 2005

Cisco Systems identified several vulnerabilities in its products this week that could lead to denial-of-service attacks.
  Intel to cut Linux out of the content market
  15th, July, 2005

Which not entirely security-related, this article caught my attention:

"INTEL IS ABOUT TO CUT Linux out of the legitimate content market, and hand the keys to the future of digital media to Microsoft at your expense. ... The vehicle to do this is called East Fork, the upcoming and regrettable Intel digital media 'platform'. The funny part is that the scheme is already a failure, but it will hurt you as it thrashes before it dies. Be afraid, be very afraid."
  Bank Of America Rolls Out New Online Security System
  15th, July, 2005

Bank of America is rolling out its new online security system, SiteKey, this week in Virginia, Maryland and Washington, D.C. It launched last month in Tennessee, and should be available nationwide by the fall. By Paul Nowell, The Associated Press
  Mozilla Fixes Thunderbird Flaws In 1.0.5
  18th, July, 2005

The Mozilla Foundation this week updated its rival to Microsoft Outlook, the Thunderbird stand-alone POP3 e-mail and news client, to plug some of the same security holes that earlier were fixed in the open-source group's popular Firefox browser.
  Coalition Issue Definitions For 'Spyware'
  12th, July, 2005

Anti-spyware vendors and consumer groups took a stab at issuing uniform definitions for "spyware" and "adware" on Tuesday in hopes of giving computer users more control over their machines.

The definitions seek clarity that could help improve anti-spyware products, educate consumers and fend off lawsuits from developers of software that sneaks onto computers.
  Personal data quiz throws wrench into ID theft
  14th, July, 2005

Identity thieves and impersonators thrive on publicly available personal information and data pilfering. Now that information, along with some bogus data on would-be fraud victims, is being used against the thieves in an identity verification scheme from StrikeForce Technologies.
  Last Chance to Stop Renewal of the USA PATRIOT Act!
  15th, July, 2005

Congress will vote any day now on new legislation that would renew parts of the USA PATRIOT Act scheduled to expire or "sunset" at the end of the year, while possibly handing the FBI even more unchecked power to snoop on your mail and private records, including logs of your Internet activities.
  Law and Order on the Internet
  13th, July, 2005

In the Internet criminal justice system the people are betrayed by two separate, yet equally important groups: the hackers who investigate and exploit security problems and the legal authorities who don't take the offenders seriously. These are their stories.
  Popular Firefox Community Site Hacked
  15th, July, 2005

It appears as if a popular Firefox community site, Spread Firefox!, was hacked: It appears that a part of Spread Firefox was hacked in an attempt to use it to send out spam. It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords..

Doesn't look like a big deal but if you're a member of that site you may want to go change your password.
  Noisy party: complainant arrested for stealing?
  11th, July, 2005

The basic facts are that Benjamin Smith III used someone else's WiFi network. The facts aren't in dispute; Smith parked his vehicle outside the home of Richard Dinon, logged onto the network, and did some surfing.

"Surprise! Stealing is illegal!" bellowed Larry Seltzer in his ZD security blog.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.