LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: September 5th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "IT departments urged to prepare staff for IPv6," "CISSP vs. CCISP creating confusion for certification holders," and "Linux Kernel Update Improves Event Monitoring."


Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

LINUX ADVISORY WATCH - This week, advisories were released for courier, libpman-ldap, simple proxy, backup-manager, kismet, php, phpldapadmin, maildrop, pstotext, sqwebmail, polygen, audit, freeradius, openmotif, freeradius, openmotif, php, ntp, openoffice, lesstif, libsoup, evolution, kernel, selinux- policy-targed, policycoreutils, xen, dbus, evince, poppler, phpWiki, phpGroupWare, phpWebSite, pam_ldap, and mplayer. The distributors include Debian, Fedora, Gentoo, and Red Hat.

LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Do You Code Sign?
  1st, September, 2005

"I am a regular reader of Bruce Schneier's Blog, Articles, and Books, and I really like what he writes. However I recently read his book titled 'Secret and Lies' and I think he has done some in-justice to the security provided by the 'Code Signing'. On page 163 of his books, he (Bruce Schneier) basically states that: 'Code signing, as it is currently done, sucks'. Even though I think that Code Signing has its flaws, it does provide a fairly good mechanism for increasing security in an organization."

http://www.linuxsecurity.com/content/view/120274
 
  Zotob worm writer caught by FBI
  29th, August, 2005

Local police have arrested two people in Turkey and Morocco under suspicion of involvement in the Zotob, Rbot and Mytob computer Windows 2000 worms, according to Microsoft.

http://www.linuxsecurity.com/content/view/120246
 
  Fighting Cyberattacks By Sharing Information
  30th, August, 2005

Earlier this month, a series of worms--the first of which was named Zotob--took down a significant number of Windows 2000 PCs around the world. Microsoft issued a patch and said there was no threat to Windows XP systems unless the attacker had valid log-on credentials. About two weeks later, Microsoft discovered that wasn't the case, and said the same vulnerability that Zotob used to victimize Windows 2000 systems also existed on some Windows XP systems.

http://www.linuxsecurity.com/content/view/120257
 
  IT departments urged to prepare staff for IPv6
  31st, August, 2005

IPv6 is the replacement for IPv4, the protocol used to send and receive network traffic. The main benefit of the new version is that it offers an almost unlimited number of IP addresses. This is important as the number of internet users and connected devices, each requiring a unique IP address, is set to increase rapidly over the next few years.

Although operating systems such as Unix and Linux already support IPv6, there is expected to be a huge increase in usage with the release of Windows Vista, the next version of the Microsoft operating system, next year.

http://www.linuxsecurity.com/content/view/120263
 
  Ten-Minute Guide To Network Security
  31st, August, 2005

The Internet can be a dangerous place, full of viruses, worms and hackers bent on doing harm to your network. "Security first" has become a kind of mantra for IT professionals and CIOs, while regulations like Sarbanes-Oxley have made network protection as much a question of legal responsibility as good business sense.

http://www.linuxsecurity.com/content/view/120265
 
  Hacker fear boosts IT security spending
  31st, August, 2005

Fuelled by increasing fears of virus and hack attacks, global network security appliance and software sales continue to climb steadily, rising four per cent to $1bn between the first and second quarters of this year, according to newly published figures.

http://www.linuxsecurity.com/content/view/120266
 
  OpenSSH update fixes recent vulnerabilities
  5th, September, 2005

The first fix prevents "GatewayPorts" from being "incorrectly activated for dynamic ('-D') port forwardings when no listen address was explicitly specified," according to the changelog. The update also prevents GSSAPI credentials being "delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it." The update also includes a host of bug fixes, improvements and added features according to the announcement.

http://www.linuxsecurity.com/content/view/120299
 
  The GIMP threatens PIN number security
  29th, August, 2005

This must be a first: Linux image manipulation programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post. It's not all open source gloom, though, Photoshop can also be used to, in certain circumstances, enhance illicitly-obtained printed PIN numbers.

http://www.linuxsecurity.com/content/view/120241
 
  Linux Kernel Update Improves Event Monitoring
  29th, August, 2005

The next stable update of the Linux kernel will bring advances in file system event monitoring, the Xtensa architecture, and a set of system calls that allows users to load another kernel from the currently executing Linux kernel. While the 2.6.13 –rc (release candidates) are currently being tested, the stable version is expected to be released in the next few weeks, kernel developers told eWEEK.

http://www.linuxsecurity.com/content/view/120242
 
  Safeguarding IT against the next Katrina
  29th, August, 2005

IT managers nationwide should take a cue from Hurricane Katrina's destructive power and develop disaster-recovery plans to safeguard their computer systems against catastrophe, security experts advise.

http://www.linuxsecurity.com/content/view/120250
 
  Sainsbury's vets suppliers over IT continuity plans
  30th, August, 2005

Sainsbury's has begun a drive to ensure its key suppliers have business continuity plans in place to deal with disruptions such as the loss of IT systems or key sites becoming inaccessible.

http://www.linuxsecurity.com/content/view/120256
 
  CISSP vs. CCISP creating confusion for certification holders
  30th, August, 2005

Some holders of the security industry's much vaunted Certified Information Systems Security Professional [CISSP] certification are worried their hard-earned credential will lose its cache with the introduction of another, similar sounding designation awarded to those guarding critical infrastructure networks. That certification, awarded by the Critical Infrastructure Institute, is known informally as the CCISP.

http://www.linuxsecurity.com/content/view/120258
 
  Phishing vs. pharming
  31st, August, 2005

Phishing involves the receipt of an e-mail message that appears to come from a legitimate enterprise. Pharming attacks compromise at the DNS server level, re-directing you to a hacker's site when you type in a company's Web address.

http://www.linuxsecurity.com/content/view/120262
 
  Tweaks, Regressions in Latest Linux Kernel
  31st, August, 2005

The third stable major Linux Kernel update of the year, v. 2.6.13 was released this week. The new kernel includes a long list of updates, a few enhancements and even an odd regression. Among the new enhancements to the Linux kernel is "Kexec," which allows for a fast reboot without the need to go through a bootloader.

http://www.linuxsecurity.com/content/view/120269
 
  MS wrong on security claims: Red Hat
  1st, September, 2005

Red Hat is accusing Microsoft of getting its facts wrong in its latest attack on Linux security. In an update on security at Microsoft’s recent worldwide partner conference, the company’s security head Mike Nash took aim at Linux and singled out Red Hat.

http://www.linuxsecurity.com/content/view/120277
 
  The myths of open source
  2nd, September, 2005

Once seen as flaky, cheap and the work of amateur developers, open source has emerged blinking into the daylight. So who's using open source? Why are they using it? And are the benefits worth the risks? The answers are surprising -- and dispel some of the myths surrounding open source.

http://www.linuxsecurity.com/content/view/120286
 
  Suspected Zotob Hacker Also Wrote Mytob Worm, Security Firm Says
  30th, August, 2005

One of the two men arrested last week on charges of creating and mailing the Zotob bot worm also authored some, but not all, of the many Mytob worms in circulation, a security firm said Monday. Finnish anti-virus vendor F-Secure identified Farid Essebar, 18, who was arrested by Moroccan authorities, as the author of some Mytobs. "We know that [Essebar] had also authored several of the Mytob variants since February this year," F-Secure's Mikko Hypponen wrote on the company's blog. "However, he's not behind all of them."

http://www.linuxsecurity.com/content/view/120255
 
  Creating Security Policies That Work for Your Company
  1st, September, 2005

This week, our discussion on security and compliance continues with Julian Waits, president and CEO of Brabeion Software, which provides enterprise-class software for creating, managing and deploying IT security policies, with support for a wide range of technologies from leading vendors, including Microsoft, Cisco, Oracle and Red Hat Linux.

http://www.linuxsecurity.com/content/view/120275
 
  The Mobility Threat
  5th, September, 2005

We live in an era where mobile devices are being used by all levels of society. Today, it is fairly common to see a CEO or a school kid carrying a PDA or mobile phone. According to a survey by Infocomm Authority of Singapore (IDA), the penetration rate of mobile phones in Singapore has grown to 91 percent in 2004. Sophisticated PDA phones and other mobile devices such as the Blackberry are actually miniaturised PCs and they have become ubiquitous.

http://www.linuxsecurity.com/content/view/120300
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.