Internet
Productivity Suite: Open Source Security - Trust Internet Productivity
Suite's open source architecture to give you the best security and productivity
applications available. Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced ideas and methods
into their design.
LINUX ADVISORY
WATCH - This week, advisories were released for yaboot, ttmkfdir, Netpbm,
ruby, squirrelmail, sysreport, xpdf, kdegraphics, cups, ucd-snmp, gaim, ethereal,
and gpdf. The distributors include Fedora, Gentoo, and Red Hat.
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes - One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I'll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction:
Buffer Overflow Vulnerabilities - Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Why the computing world chose PKI
11th, August, 2005
In Phil Zimmermann's response to "Does Phil Zimmermann need
a clue on VoIP", Zimmermann offered a blistering attack on PKI based solutions
and offered his own PGP solution as the superior alternative. There is
just one little problem: the computing world chose PKI for the most part
while PGP barely makes a dent in the email world.
OSSEC HIDS is a self-contained system for Host-based intrusion
detection. It performs log extraction, integrity checking and health monitoring.
All this information is correlated and analyzed by a single engine, creating
a very powerfull detection tool.
DMZs (short for demilitarized zones) have been a standard component
of network design ever since firewalls were invented. A DMZ is a network
segment that contains all resources, such as Web servers and mail servers,
accessible from the Internet. Implementing a DMZ allows you to limit network
traffic from the Internet to these resources in the DMZ, while preventing
any network traffic from the Internet to your internal network. As a general
rule, a DMZ server should never contain any valuable data, so even if
someone managed to break into a server in the DMZ, the damage would be
minor.
Security issues involving Cisco kit highlighted in Michael Lynn’s
presentation at Black Hat are characteristic of networking vendors in
general. Cisco is just the most visible of these vendors to target as
hackers raise their sights from attacking operating systems towards attacking
network infrastructure and database systems, security researchers warn.
Security breaches in software applications and networks are
one of the biggest threats organizations currently face. But unless you
pack your computers into boxes and go back to pencils, paper, and typewriters,
being mindful of electronic security is an unavoidable reality and business
expense. Because security vulnerabilities are such a high stakes issue,
the subject has become a political hot potato between open source and
commercial software advocates, with each pointing a finger at the other.
Some commercial software vendors claim that their model promotes security
while the open source model weakens it; some open source developers claim
the exact opposite.
Red Hat has unveiled an initiative dubbed 'Security in a Networked
World' at the LinuxWorld tradeshow in San Francisco. As part of the programme,
the Linux vendor showcased its Red Hat Certificate System that allows
organisations to manage security certificates used to sign emails, or
authenticate users for online banking applications. It also supports authentication
through the use of smartcards. Red Hat has been working with the Apache
Foundation to add support for the Firefox browser and Thunderbird email
client through the use of Apache's open source Network Security Service
Libraries.
Linux Providers Partner To Address Security And Support
10th, August, 2005
Companies that sell software and hardware around the Linux open-source
operating system have known for some time that they've tapped into a gold
mine, an area of the IT market with plenty of customer interest and enormous
growth potential. The growth will continue as long as Linux and other
open-source software are considered secure and are sold and serviced as
bundles rather than as individual products.
In a previous post about Firefox I proposed that the lack of
automatic deployment of Firefox software updates is a disservice to the
vast majority of Firefox users who may not bother to check in for updates.
Today I found out another interesting tidbit: the Mozilla Foundation doesn't
turn on Firefox's automatic notification feature for several hours after
a new Firefox version is available.
Looking to counter Microsoft Corp.'s claims of security superiority,
open-source software vendors are giving the battle against vulnerabilities
top billing at this week's LinuxWorld Conference & Expo in San Francisco.
Companies and governments secure their networks because they
have massive financial resources, intellectual property and assets that
need protection. Security for most companies, particularly the Fortune
100, does not exist in a vacuum -- most do something other than make hardware
or software for their customers. Spending on security is up dramatically
over where it was five years ago, but it's still much lower than it needs
to be. Why? Because we're losing the battle.
I'm usually not one who gets into bumper sticker logic, but
I like the idea of a CSO acting globally but thinking locally. By that
I mean a CSO needs to devise and enforce global security policies, but
also put some thought into how those policies will be implemented locally
around the world. Otherwise, variations in national customs and culture
can short-circuit even the most well-intentioned security policies.
The rapid pace of Linux development appeared to hit a roadblock
last year with the industry's decision to forestall development of the
Linux 2.7 kernel. Linux vendors and developers wondered if tweaking a
single, stable 2.6 kernel could work in practice. According to open-source
insiders, the move to create separate kernel trees for technology testing
and bug fixes, which are then incorporated into the stable kernel when
ready, has been a huge success, pleasing both kernel developers and the
vendors who distribute the open-source operating system.
The first draft of the next version of the General Public License
should be released for public comments in early 2006, according to a key
player in the effort to modernize the foundation of the free and open-source
programming movements.
Two Linux allies are taking a leaf out of their opponents' book
as they try to prevent software patents from putting a crimp in open source.
Red Hat will finance outside programmers' efforts to obtain patents that
may be used freely by open-source developers, the top Linux seller said
Tuesday at the LinuxWorld Conference and Expo here. At the same time,
the Open Source Developer Labs launched a patent commons project, which
will provide a central list of patents that have been donated to the collaborative
programming community.
In a closely watched case governing Internet privacy, a federal
appeals court has reinstated a criminal case against an e-mail provider
accused of violating wiretap laws. The 1st Circuit Court of Appeals, in
a 5-2 vote, ruled on Thursday that an e-mail provider who allegedly read
correspondence meant for his customers could be tried on federal criminal
charges.
In this interview, Sean Moshir, PatchLink Chief Executive Officer
discusses security patching, vulnerability and compliancy management for
wireless phones and PDA devices and talks about the current state and
future of wireless security in the enterprise.
