Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: September 5th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "IT departments urged to prepare staff for IPv6," "CISSP vs. CCISP creating confusion for certification holders," and "Linux Kernel Update Improves Event Monitoring."

Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

LINUX ADVISORY WATCH - This week, advisories were released for courier, libpman-ldap, simple proxy, backup-manager, kismet, php, phpldapadmin, maildrop, pstotext, sqwebmail, polygen, audit, freeradius, openmotif, freeradius, openmotif, php, ntp, openoffice, lesstif, libsoup, evolution, kernel, selinux- policy-targed, policycoreutils, xen, dbus, evince, poppler, phpWiki, phpGroupWare, phpWebSite, pam_ldap, and mplayer. The distributors include Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Do You Code Sign?
  1st, September, 2005

"I am a regular reader of Bruce Schneier's Blog, Articles, and Books, and I really like what he writes. However I recently read his book titled 'Secret and Lies' and I think he has done some in-justice to the security provided by the 'Code Signing'. On page 163 of his books, he (Bruce Schneier) basically states that: 'Code signing, as it is currently done, sucks'. Even though I think that Code Signing has its flaws, it does provide a fairly good mechanism for increasing security in an organization."
  Zotob worm writer caught by FBI
  29th, August, 2005

Local police have arrested two people in Turkey and Morocco under suspicion of involvement in the Zotob, Rbot and Mytob computer Windows 2000 worms, according to Microsoft.
  Fighting Cyberattacks By Sharing Information
  30th, August, 2005

Earlier this month, a series of worms--the first of which was named Zotob--took down a significant number of Windows 2000 PCs around the world. Microsoft issued a patch and said there was no threat to Windows XP systems unless the attacker had valid log-on credentials. About two weeks later, Microsoft discovered that wasn't the case, and said the same vulnerability that Zotob used to victimize Windows 2000 systems also existed on some Windows XP systems.
  IT departments urged to prepare staff for IPv6
  31st, August, 2005

IPv6 is the replacement for IPv4, the protocol used to send and receive network traffic. The main benefit of the new version is that it offers an almost unlimited number of IP addresses. This is important as the number of internet users and connected devices, each requiring a unique IP address, is set to increase rapidly over the next few years.

Although operating systems such as Unix and Linux already support IPv6, there is expected to be a huge increase in usage with the release of Windows Vista, the next version of the Microsoft operating system, next year.
  Ten-Minute Guide To Network Security
  31st, August, 2005

The Internet can be a dangerous place, full of viruses, worms and hackers bent on doing harm to your network. "Security first" has become a kind of mantra for IT professionals and CIOs, while regulations like Sarbanes-Oxley have made network protection as much a question of legal responsibility as good business sense.
  Hacker fear boosts IT security spending
  31st, August, 2005

Fuelled by increasing fears of virus and hack attacks, global network security appliance and software sales continue to climb steadily, rising four per cent to $1bn between the first and second quarters of this year, according to newly published figures.
  OpenSSH update fixes recent vulnerabilities
  5th, September, 2005

The first fix prevents "GatewayPorts" from being "incorrectly activated for dynamic ('-D') port forwardings when no listen address was explicitly specified," according to the changelog. The update also prevents GSSAPI credentials being "delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it." The update also includes a host of bug fixes, improvements and added features according to the announcement.
  The GIMP threatens PIN number security
  29th, August, 2005

This must be a first: Linux image manipulation programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post. It's not all open source gloom, though, Photoshop can also be used to, in certain circumstances, enhance illicitly-obtained printed PIN numbers.
  Linux Kernel Update Improves Event Monitoring
  29th, August, 2005

The next stable update of the Linux kernel will bring advances in file system event monitoring, the Xtensa architecture, and a set of system calls that allows users to load another kernel from the currently executing Linux kernel. While the 2.6.13 –rc (release candidates) are currently being tested, the stable version is expected to be released in the next few weeks, kernel developers told eWEEK.
  Safeguarding IT against the next Katrina
  29th, August, 2005

IT managers nationwide should take a cue from Hurricane Katrina's destructive power and develop disaster-recovery plans to safeguard their computer systems against catastrophe, security experts advise.
  Sainsbury's vets suppliers over IT continuity plans
  30th, August, 2005

Sainsbury's has begun a drive to ensure its key suppliers have business continuity plans in place to deal with disruptions such as the loss of IT systems or key sites becoming inaccessible.
  CISSP vs. CCISP creating confusion for certification holders
  30th, August, 2005

Some holders of the security industry's much vaunted Certified Information Systems Security Professional [CISSP] certification are worried their hard-earned credential will lose its cache with the introduction of another, similar sounding designation awarded to those guarding critical infrastructure networks. That certification, awarded by the Critical Infrastructure Institute, is known informally as the CCISP.
  Phishing vs. pharming
  31st, August, 2005

Phishing involves the receipt of an e-mail message that appears to come from a legitimate enterprise. Pharming attacks compromise at the DNS server level, re-directing you to a hacker's site when you type in a company's Web address.
  Tweaks, Regressions in Latest Linux Kernel
  31st, August, 2005

The third stable major Linux Kernel update of the year, v. 2.6.13 was released this week. The new kernel includes a long list of updates, a few enhancements and even an odd regression. Among the new enhancements to the Linux kernel is "Kexec," which allows for a fast reboot without the need to go through a bootloader.
  MS wrong on security claims: Red Hat
  1st, September, 2005

Red Hat is accusing Microsoft of getting its facts wrong in its latest attack on Linux security. In an update on security at Microsoft’s recent worldwide partner conference, the company’s security head Mike Nash took aim at Linux and singled out Red Hat.
  The myths of open source
  2nd, September, 2005

Once seen as flaky, cheap and the work of amateur developers, open source has emerged blinking into the daylight. So who's using open source? Why are they using it? And are the benefits worth the risks? The answers are surprising -- and dispel some of the myths surrounding open source.
  Suspected Zotob Hacker Also Wrote Mytob Worm, Security Firm Says
  30th, August, 2005

One of the two men arrested last week on charges of creating and mailing the Zotob bot worm also authored some, but not all, of the many Mytob worms in circulation, a security firm said Monday. Finnish anti-virus vendor F-Secure identified Farid Essebar, 18, who was arrested by Moroccan authorities, as the author of some Mytobs. "We know that [Essebar] had also authored several of the Mytob variants since February this year," F-Secure's Mikko Hypponen wrote on the company's blog. "However, he's not behind all of them."
  Creating Security Policies That Work for Your Company
  1st, September, 2005

This week, our discussion on security and compliance continues with Julian Waits, president and CEO of Brabeion Software, which provides enterprise-class software for creating, managing and deploying IT security policies, with support for a wide range of technologies from leading vendors, including Microsoft, Cisco, Oracle and Red Hat Linux.
  The Mobility Threat
  5th, September, 2005

We live in an era where mobile devices are being used by all levels of society. Today, it is fairly common to see a CEO or a school kid carrying a PDA or mobile phone. According to a survey by Infocomm Authority of Singapore (IDA), the penetration rate of mobile phones in Singapore has grown to 91 percent in 2004. Sophisticated PDA phones and other mobile devices such as the Blackberry are actually miniaturised PCs and they have become ubiquitous.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.