Internet
Productivity Suite: Open Source Security - Trust Internet Productivity
Suite's open source architecture to give you the best security and productivity
applications available. Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced ideas and methods
into their design.
LINUX ADVISORY
WATCH - This week, advisories were released for gaim, gopher, pdns, apt-
catcher, ethereal, im-sdk, selinux-policy-targeted, gamin, pam, netpbm, mkinitrd,
kde, arts, NetworkManager, labraw, ckermit, httpd, gphoto, coreutils, iiimf,
yum, gimp, redhead, zlib, fetchmail, sandbox prsotext, proftpd, nbsmtp, dump,
and SquirrelMail. The distributors include Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes - One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I'll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction:
Buffer Overflow Vulnerabilities - Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Ten Reasons towards Cryptography
5th, August, 2005
Cryptography is already the de facto way of securing sensitive
web traffic and it is now reaching across the entire enterprise as companies
start to use industry-standard protocols such as SSL internally - even
between servers only a few feet apart.
It's Saturday night, a time for blowout parties at the annual
DEF CON hacker convention, including the Goth-flavored Black and White
Ball. But a half dozen researchers in the nondescript room quietly drink,
stare at the screens of their laptops, and in low voices, discuss how
to compromise two flat metal boxes sitting on a sofa side table: Cisco
routers.
Although security software can identify when an attacker is
performing reconnaissance work on a company's network, attackers can find
network topology information on Google instead of snooping for it on the
network they're studying, he said. This makes it harder for the network's
administrators to block the attacker. "The target does not see us crawling
their sites and getting information," he said.
Last week, former Internet Security Systems researcher Michael
Lynn presented at the Black Hat USA 2005 conference a reliable process
that could be used to exploit Cisco routers running the Internetworking
Operating System (IOS.) Even though the exact exploit demonstrated during
his presentation was not disclosed, Lynn showed enough details to prove
that the exploit is real and that previous misconceptions that routers
and switches are not exploitable are false.
Hundreds of thousands of Internet servers are at risk of an
attack that would redirect unknowing Web surfers from legitimate sites
to malicious ones. In a scan of 2.5 million so-called Domain Name System
machines, which act as the White Pages of the Internet, security researcher
Dan Kaminsky found that about 230,000 are potentially vulnerable to a
threat known as DNS cache poisoning.
There's some new information on last week's Lynn/Cisco/ISS
story: Mike Lynn gave an interesting interview
to Wired. Here's some news
about the FBI's investigation. And here's a video
of Cisco/ISS ripping pages out of the BlackHat conference proceedings.
Future worms could evade a network of early-warning sensors
hidden across the Internet unless countermeasures are taken, according
to new research. In a pair of papers presented at the Usenix Security
Symposium here Thursday, computer scientists said would-be attackers can
locate such sensors, which act as trip wires that detect unusual activity.
That would permit nefarious activities to take place without detection.
Linux Kernel Security and Quality Improved Dramatically in Last Six Months, New Coverity Study Finds
3rd, August, 2005
Coverity, Inc., makers of the world's most advanced and scalable
source code analysis solution today announced results from a new study
on the security and quality of the Linux kernel. Six months ago Coverity
analyzed Linux kernel 2.6.9, the same version used in Red Hat Enterprise
Linux 4.0, and found six potentially critical defects in the core filesystem
and networking code. Today's findings on the newest Linux kernel 2.6.12
show that all critical defects have been fixed.
Serious security bugs in key parts of the latest Linux code
have been fixed, but some small glitches have been introduced, according
to a recent scan. In December, Coverity looked at version 2.6.9 of the
Linux kernel, the heart of the open-source operating system, and found
six critical defects in the core file system and networking code. In July,
the code analysis company scanned the latest version of the Linux kernel,
version 2.6.12, and found no such programming errors, Coverity CEO Seth
Hallem said.
The carwhisperer project intends to sensibilise manufacturers
of carkits and other Bluetooth appliances without display and keyboard
for the possible security threat evolving from the use of standard passkeys.
A Bluetooth passkey is used within the pairing process that takes place,
when two Bluetooth enabled devices connect for the first time. Besides
other public data, the passkey is a secret parameter used in the process
that generates and exchanges the so-called link key. In Bluetooth communication
scenarios the link key is used for authentication and encryption of the
information that is exchanged between the counterparts of the communication.
The investment bank, despite billions in annual revenue and the small squadron of former police, military and security officers on its payroll, was no match for Mark Seiden.
"Tell me the things you most want to keep secret," Mr. Seiden challenged
a top executive at the bank a few years back. The executive listed two.
One involved the true identities of clients negotiating deals so hush-hush
that even people inside the bank referred to them by using a code name.
The other was the financial details of those mergers and acquisitions.
Linux Security - Is it Ready For The Average User?
1st, August, 2005
There seems to be a new important security patch out for Linux
every month, lots of "do not use this program" warnings, too many articles
and books with too little useful information, high-priced consultants,
and plenty of talk about compromised systems. It is almost enough to send
someone back to Windows. Can the average Linux user or system administrator
keep his or her system secure and still have time to do other things?
Bob Toxen is happy to say yes and here
is how to do it.
Governments, financial services firms and manufacturing companies
are now the top targets for security attacks, according to research published
today by IBM. The first half of this year has seen a whopping 50 per cent
increase in what Big Blue calls "customised" attacks.
An IT Manager’s Guide to Provisioning and Identity Management
4th, August, 2005
With staff now requiring access to so many internal and external
computer systems, all of which might require separate usernames, passwords
and access privileges, identity management is far from straightforward.
Learn what can be done to simplify identity management in this
article.
A vulnerability in many hotel television infrared systems can
allow a hacker to obtain guests' names and their room numbers from the
billing system. It can also let someone read the e-mail of guests who
use web mail through the TV, putting business travelers at risk of corporate
espionage. And it can allow an intruder to add or delete charges on a
hotel guest's bill or watch pornographic films and other premium content
on their hotel TV without paying for it.
Even the ATM machines were suspect at this year's Defcon conference,
where hackers play intrusion games at the bleeding edge of computer security.
With some of the world's best digital break-in artists pecking away at
their laptops, sending e-mails or answering cell phones could also be
risky. Defcon is a no-man's land where customary adversaries — feds vs.
digital mavericks — are supposed to share ideas about making the Internet
a safer place. But it's really a showcase for flexing hacker muscle.
A recent court case, which saw a West London man fined £500
and sentenced to 12 months' conditional discharge for hijacking a wireless
broadband connection, has repercussions for almost every user of wi-fi
networks.
Malicious insiders represent today's toughest challenge for
security architects. Traditional database security tools such as encryption
and access controls are rendered useless by a trusted employee who has--or
can easily obtain--the right credentials. In addition, more users in the
enterprise are getting database access, including DBAs, application developers,
software engineers, and even marketing, HR, and customer support representatives.
And whether spurred by revenge or tempted by easy money, insiders can
sell their booty on a bustling information black market.
Companies are leaving their wireless networks exposed to hackers
because of widespread failure to understand or implement 802.11x security
systems, a survey has claimed.
Lock down your wireless network -- that’s the message coming
loud and clear now that the DefCon hacker convention has rolled through
Las Vegas. Jesse Krembs, president of The Hacker Foundation, who spoke
at the show, warned that wireless is the weak under-belly of many businesses.
“I think that the main thing that people will be looking at is more wireless
hacking,� he says.
At last year's USENIX Security Symposium, Marcus Ranum was minding
his own business -- checking his e-mail, updating his Web site, etc. --
when another conference attendee sent him an e-mail. In the text: Ranum's
password. Ranum, known for his work in intrusion detection, later angrily
confronted the sender at the conference about invading his privacy. Bill
Cheswick, a well-known security expert who sent the offensive message,
later chalked up his actions as just "a friendly nudge."
The main purpose of our paper is to describe the various forms
of wireless data transmission and to address the security concerns in
each. The major form of wireless data transmission that we will be covering
will be Wi-Fi. We will discuss security concerns, how to protect yourself,
the future of Wi-Fi, and what it is used for in today’s world.
