Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LINUX ADVISORY WATCH - This week, advisories were released for courier, libpman-ldap, simple proxy, backup-manager, kismet, php, phpldapadmin, maildrop, pstotext, sqwebmail, polygen, audit, freeradius, openmotif, freeradius, openmotif, php, ntp, openoffice, lesstif, libsoup, evolution, kernel, selinux- policy-targed, policycoreutils, xen, dbus, evince, poppler, phpWiki, phpGroupWare, phpWebSite, pam_ldap, and mplayer. The distributors include Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Do You Code Sign? | ||
1st, September, 2005
"I am a regular reader of Bruce Schneier's Blog, Articles, and Books, and I really like what he writes. However I recently read his book titled 'Secret and Lies' and I think he has done some in-justice to the security provided by the 'Code Signing'. On page 163 of his books, he (Bruce Schneier) basically states that: 'Code signing, as it is currently done, sucks'. Even though I think that Code Signing has its flaws, it does provide a fairly good mechanism for increasing security in an organization." |
||
Zotob worm writer caught by FBI | ||
29th, August, 2005
Local police have arrested two people in Turkey and Morocco under suspicion of involvement in the Zotob, Rbot and Mytob computer Windows 2000 worms, according to Microsoft. |
||
Fighting Cyberattacks By Sharing Information | ||
30th, August, 2005
Earlier this month, a series of worms--the first of which was named Zotob--took down a significant number of Windows 2000 PCs around the world. Microsoft issued a patch and said there was no threat to Windows XP systems unless the attacker had valid log-on credentials. About two weeks later, Microsoft discovered that wasn't the case, and said the same vulnerability that Zotob used to victimize Windows 2000 systems also existed on some Windows XP systems. |
||
IT departments urged to prepare staff for IPv6 | ||
31st, August, 2005
IPv6 is the replacement for IPv4, the protocol used to send and receive network traffic. The main benefit of the new version is that it offers an almost unlimited number of IP addresses. This is important as the number of internet users and connected devices, each requiring a unique IP address, is set to increase rapidly over the next few years. |
||
Ten-Minute Guide To Network Security | ||
31st, August, 2005
The Internet can be a dangerous place, full of viruses, worms and hackers bent on doing harm to your network. "Security first" has become a kind of mantra for IT professionals and CIOs, while regulations like Sarbanes-Oxley have made network protection as much a question of legal responsibility as good business sense. |
||
Hacker fear boosts IT security spending | ||
31st, August, 2005
Fuelled by increasing fears of virus and hack attacks, global network security appliance and software sales continue to climb steadily, rising four per cent to $1bn between the first and second quarters of this year, according to newly published figures. |
||
OpenSSH update fixes recent vulnerabilities | ||
5th, September, 2005
The first fix prevents "GatewayPorts" from being "incorrectly activated for dynamic ('-D') port forwardings when no listen address was explicitly specified," according to the changelog. The update also prevents GSSAPI credentials being "delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it." The update also includes a host of bug fixes, improvements and added features according to the announcement. |
||
The GIMP threatens PIN number security | ||
29th, August, 2005
This must be a first: Linux image manipulation programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post. It's not all open source gloom, though, Photoshop can also be used to, in certain circumstances, enhance illicitly-obtained printed PIN numbers. |
||
Linux Kernel Update Improves Event Monitoring | ||
29th, August, 2005
The next stable update of the Linux kernel will bring advances in file system event monitoring, the Xtensa architecture, and a set of system calls that allows users to load another kernel from the currently executing Linux kernel. While the 2.6.13 –rc (release candidates) are currently being tested, the stable version is expected to be released in the next few weeks, kernel developers told eWEEK. |
||
Safeguarding IT against the next Katrina | ||
29th, August, 2005
IT managers nationwide should take a cue from Hurricane Katrina's destructive power and develop disaster-recovery plans to safeguard their computer systems against catastrophe, security experts advise. |
||
Sainsbury's vets suppliers over IT continuity plans | ||
30th, August, 2005
Sainsbury's has begun a drive to ensure its key suppliers have business continuity plans in place to deal with disruptions such as the loss of IT systems or key sites becoming inaccessible. |
||
CISSP vs. CCISP creating confusion for certification holders | ||
30th, August, 2005
Some holders of the security industry's much vaunted Certified Information Systems Security Professional [CISSP] certification are worried their hard-earned credential will lose its cache with the introduction of another, similar sounding designation awarded to those guarding critical infrastructure networks. That certification, awarded by the Critical Infrastructure Institute, is known informally as the CCISP. |
||
Phishing vs. pharming | ||
31st, August, 2005
Phishing involves the receipt of an e-mail message that appears to come from a legitimate enterprise. Pharming attacks compromise at the DNS server level, re-directing you to a hacker's site when you type in a company's Web address. |
||
Tweaks, Regressions in Latest Linux Kernel | ||
31st, August, 2005
The third stable major Linux Kernel update of the year, v. 2.6.13 was released this week. The new kernel includes a long list of updates, a few enhancements and even an odd regression. Among the new enhancements to the Linux kernel is "Kexec," which allows for a fast reboot without the need to go through a bootloader. |
||
MS wrong on security claims: Red Hat | ||
1st, September, 2005
Red Hat is accusing Microsoft of getting its facts wrong in its latest attack on Linux security. In an update on security at Microsoft’s recent worldwide partner conference, the company’s security head Mike Nash took aim at Linux and singled out Red Hat. |
||
The myths of open source | ||
2nd, September, 2005
Once seen as flaky, cheap and the work of amateur developers, open source has emerged blinking into the daylight. So who's using open source? Why are they using it? And are the benefits worth the risks? The answers are surprising -- and dispel some of the myths surrounding open source. |
||
Suspected Zotob Hacker Also Wrote Mytob Worm, Security Firm Says | ||
30th, August, 2005
One of the two men arrested last week on charges of creating and mailing the Zotob bot worm also authored some, but not all, of the many Mytob worms in circulation, a security firm said Monday. Finnish anti-virus vendor F-Secure identified Farid Essebar, 18, who was arrested by Moroccan authorities, as the author of some Mytobs. "We know that [Essebar] had also authored several of the Mytob variants since February this year," F-Secure's Mikko Hypponen wrote on the company's blog. "However, he's not behind all of them." |
||
Creating Security Policies That Work for Your Company | ||
1st, September, 2005
This week, our discussion on security and compliance continues with Julian Waits, president and CEO of Brabeion Software, which provides enterprise-class software for creating, managing and deploying IT security policies, with support for a wide range of technologies from leading vendors, including Microsoft, Cisco, Oracle and Red Hat Linux. |
||
The Mobility Threat | ||
5th, September, 2005
We live in an era where mobile devices are being used by all levels of society. Today, it is fairly common to see a CEO or a school kid carrying a PDA or mobile phone. According to a survey by Infocomm Authority of Singapore (IDA), the penetration rate of mobile phones in Singapore has grown to 91 percent in 2004. Sophisticated PDA phones and other mobile devices such as the Blackberry are actually miniaturised PCs and they have become ubiquitous. |
||