Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
LINUX ADVISORY WATCH - This week, perhaps the most interesting articles include cacti, heimdal, webcalendar, ekg, phpbb2, setarch, openoffice, pvm, fetchmail, mozilla,devhelp, yelp, subversion, zlib, kdenetwork, perl, module-init-tools, mgetty, system-config-netboot, libsepol, gnbc-kernel, dlm-kernel, cman-kernel, util-linux, tar, gcc, libtool, audit, zlib, apr, pam_ldap, fetchmail, sandbox, Koptete, Clam, Ethereal, cpio, kdenetwork, httpd, and dhcpd. The distributors include Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Single photons distributed for quantum cryptography | ||
|
26th, July, 2005
Japanese Nippon Telegraph and Telephone Corp. (NTT) has successfully demonstrated the quantum cryptography with a single photon can be realised in the photonic network of optical fibres. The quantum cryptography is expected to be the last resort of the cryptography protocol, and to enhance enormously the safety of transmitting information. |
||
| CSOs Worry About Digital Pearl Harbor | ||
|
25th, July, 2005
Forty-five percent of corporate chief security officers believe a "digital Pearl Harbor" will take place eventually, with 13 percent anticipating such an attack within a year, according to a survey by CSO Magazine. |
||
| 'Critical' Kerberos Flaws Could Open Networks to Attack | ||
|
28th, July, 2005
Kerberos, the popular authentication protocol developed by the Massachusetts Institute of Technology, is vulnerable to three serious flaws that could allow an attacker to gain access to protected corporate networks, MIT researchers disclosed late on Tuesday. |
||
| Linux Network Security Higher than Other Platforms | ||
|
29th, July, 2005
"There are many research reports that try to compare the number of vulnerabilities between Linux and other operating systems but none take into account the severity of the issues." said Mark Cox head of the Red Hat security response team, "This report shows there are relatively few critical issues affecting users of Linux based operating systems. However, we believe even one is unsatisfactory, and our strategy is to rapidly respond to fix these issues whilst innovating new technology to reduce the risk of future issues." |
||
| Should Michael Lynn have kept his mouth shut? | ||
|
29th, July, 2005
One can only imagine what raced through Michael Lynn's mind the penultimate moment before he saved or sacrificed our nation's critical infrastructure, depending on your take of the researcher's Black Hat Briefings presentation this week. |
||
| Cisco Comes Clean on Extent of IOS Flaw | ||
|
29th, July, 2005
Cisco Systems Inc. on Friday confirmed that a security hole in its Internetwork Operating System could be exploited by remote attackers to execute arbitrary code. |
||
| Black Hat Confab to Spotlight Database Security | ||
|
27th, July, 2005
Rootkits. Zero-day exploits. Social engineering. Encryption cracking. Cryptography. File format fuzzing. Kernel exploitation. These are just some of the buzzwords making the rounds at the Black Hat USA 2005 security conference here, where some of the sharpest minds in the research community will congregate to share information on computer and Internet security threats. |
||
| Secure servers standards launched | ||
|
27th, July, 2005
The Trusted Computing Group has announced an open specification for trusted servers to allow manufacturers to offer better data and transaction security. The specification launched by the industry standards body defines the architecture of a trusted server including its management, maintenance and communication between servers and clients. |
||
| 3Com to pay for threat tips | ||
|
27th, July, 2005
3Com this week is expected to launch a program that offers cash to members of the security community in return for information on potentially damaging Internet-based security threats. Its Zero Day Initiative is an attempt to prompt the disclosure of security vulnerabilities quicker by giving independent security researchers incentive for pointing out holes in software and hardware products that could lead to network attacks. Some observers call the program a positive step toward making networks safer, while others question how such a payoff system would work, or whether third-party vendors -- including 3Com competitors -- would react negatively to a system under which 3Com gives money to individuals for information about product vulnerability before the affected vendors know about them. |
||
| Cisco Security Hole a Whopper | ||
|
28th, July, 2005
A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit. |
||
| A security qualification is a must but make sure it fits your field | ||
|
25th, July, 2005
Europe will need another 680,000 information security professionals by 2008, according to a survey by IDC on behalf of the International Information Systems Security Certification. The survey found that most hiring managers (93%) preferred candidates with security qualifications. ISC2 offers certificates for systems security practitioners (SSCP) and professionals (CISSP), and is one of several bodies to provide such qualifications. The survey found that security specialists are also expected to understand business processes, to help minimise risks as new systems are developed. |
||
| Offering a bounty for security bugs | ||
|
25th, July, 2005
TippingPoint--part of 3Com--is soliciting hackers to report vulnerabilities in exchange for money. If a valid bug is found, TippingPoint will notify the maker of the flawed product and update its security products to protect users against exploitation of the flaw until an official patch is released. |
||
| Critical MySQL Flaw Found | ||
|
25th, July, 2005
A "highly critical" flaw has been reported in MySQL that can be exploited to cause a DoS (Denial of Service) or to execute arbitrary code on the open-source database, according to security alerts aggregator Secunia Inc. |
||
| Trike - A Conceptual Framework for Threat Modeling | ||
|
26th, July, 2005
Trike is a unified conceptual framework for security auditing from a risk management perspective through the generation of threat models in a reliable, repeatable manner. A security auditing team can use it to completely and accurately describe the security characteristics of a system from its highlevel architecture to its low-level implementation details. |
||
| Paying for Flaws: Undermining Security or Rewarding Good Deeds? | ||
|
26th, July, 2005
3Com Corp.'s announcement that its Tipping Point division would start paying for the rights to security flaw information found by private researchers has reignited an old debate: Should underground hackers benefit from breaking into software systems? |
||
| Virus Writers Adopting Stealth Strategy | ||
|
26th, July, 2005
Virus writers who once favored releasing malware that would clog corporate networks by the thousands have shifted to a strategy of secrecy in which they commandeer PCs on the Internet in the pursuit of dollars instead of notoriety, a security expert said Friday. |
||
| Privacy Guru Locks Down VOIP | ||
|
26th, July, 2005
First there was PGP e-mail. Then there was PGPfone for modems. Now Phil Zimmermann, creator of the wildly popular Pretty Good Privacy e-mail encryption program, is debuting his new project, which he hopes will do for internet phone calls what PGP did for e-mail. |
||
| iDefense ups the bidding for bugs | ||
|
27th, July, 2005
Security intelligence company iDefense has sweetened its offer to hackers who sell it details on new software vulnerabilities. The change comes one day after rival TippingPoint started to offer rewards for pinpointing bugs. |
||
| VoIP Security: Uncovered | ||
|
27th, July, 2005
There seems little doubt amongst industry experts, that VoIP usage will only grow over the next five to ten years. All public estimates put the growth of the VoIP market in the billions over the coming decade. |
||
| Personal storage sites are a 'safe haven for hackers' | ||
|
28th, July, 2005
Websense, the employee management software outfit that's become best known for heaping FUD on emergent net technolgies, has found a new target. Hot on the heels of charecterising online storage sites as a conduit for industrial espionage and blogs as a host of malware it's decided to chastise personal web hosting sites as a "Safe Haven for Hackers". |
||
| SFTPPlus to meet regulatory & corporate needs | ||
|
28th, July, 2005
SFTPPlus is immediately available as a method of secure file transfer to meet corporate and regulatory requirements - offering additional functionality to SFTP. It is expected to have widespread usage in all sectors including government, local authority, retail, financial etc. |
||
| The hunt is on for file format bugs | ||
|
28th, July, 2005
New tools could help bug hunters find vulnerabilities in popular file formats, such as the JPEG and GIF image formats. Flaws in how applications handle those file formats are drawing interest among security researchers, according to speakers at the Black Hat security conference here. |
||
