Master of Science in Information
Security - Earn your Master of Science in Information Security online
from Norwich University. Designated a "Center of Excellence", the program offers
a solid education in the management of information assurance, and the unique case
study method melds theory into practice. Using today's e-Learning technology,
you can earn this esteemed degree, without disrupting your career or home life.
LINUX ADVISORY
WATCH - This week, advisories were released for apache, kdelibs, cvs, mod_ssl,
tdiary, squid, mozilla, common-lisp, turqstat, slib, umb-scheme, psmisc, gtk,
file, subversion, unzip, e2fsprogs, selinux-policy-targeted, firefox, mozilla,
vte, xdelta, tvtime, dhcp, gnupg, util-linux, mc, libwnck, pcre, exim, and squid.
The distributors include, Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes - One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I'll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction:
Buffer Overflow Vulnerabilities - Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Real-time exploits tracking with Anti-Exploit
14th, September, 2005
This is a review of the first on-access Anti-Exploit scanner.
Anti-Exploit can help IT professionals to discover local attackers before
they manage to execute malicious programs.
Users tackle question of Linux vs. Windows on the server
13th, September, 2005
The battle between Linux and Windows for server-side dominance
is continuing to play out in data centers worldwide. While some are drawn
to Microsoft due to Windows' ease-of-use, manageability and application
availability, others feel that low cost, high stability and the freedom
of being able to tweak and analyze source code makes Linux the only choice.
Security can be a double-edged sword, especially if you buy
a used computer. Many people protect their laptops with a password for
the BIOS — the “basic input/output system� — that controls a computer
when you first turn it on. If you don’t know the BIOS password, you might
as well be buying a paperweight. Computer manufactures charge $300 to
$500 to remove a BIOS password, often more than the cost of a used laptop.
There's lots of innovation going on in security - we're inundated
with a steady stream of new stuff and it all sounds like it works just
great. Every couple of months I'm invited to a new computer security conference,
or I'm asked to write a foreword for a new computer security book. And,
thanks to the fact that it's a topic of public concern and a "safe issue"
for politicians, we can expect a flood of computer security-related legislation
from lawmakers. So: computer security is definitely still a "hot topic."
But why are we spending all this time and money and still having problems?
Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new
paper showing that if you have an audio recording of somebody typing on
an ordinary computer keyboard for fifteen minutes or so, you can figure
out everything they typed. The idea is that different keys tend to make
slightly different sounds, and although you don’t know in advance which
keys make which sounds, you can use machine learning to figure that out,
assuming that the person is mostly typing English text. (Presumably it
would work for other languages too.)
he penguins were on the streets of Kanata yesterday, searching
for scarce Linux software developers. In a sign of the recovering technology
industry, recruiters from Liquid Computing dressed up as penguins -- the
symbol of the popular open-source technology -- in a bid to find 20 more
staff. Since raising $14 million U.S. in new capital in May, Liquid has
doubled the workforce to 60 full-time and contract employees.
The gloves are off taking the fight to the spammers
16th, September, 2005
2005 has already seen spammers and virus writers become more
shrewd, more malicious, more sophisticated and more hungry for commercial
gain. The potential damage that this will inflict on brand reputation,
customer relationships, and capacity to run a business will continue to
move IT security management further up the boardroom agenda - never has
it been so important to get it right.
Security researchers claim to have found ways to exploit a serious
bug in Firefox and Mozilla Web browsers, a sign that attacks could be
on the way. ... Disclosure of a flaw typically starts a race in the security
community to exploit it. In the past few days, at least two security researchers
have posted messages to popular security mailing lists claiming they have
found ways attackers could take advantage of the vulnerability.
The Non-Wireless Wireless Network Monitoring System
12th, September, 2005
This new Linux-based wireless intrusion detection system is
aimed at stopping a network's security from being compromised by detecting
the installation of unauthorized access points. The wireless detection
system utilizes wireless drones to develop a wireless network solely to
detect any wireless signals that emanate from within their workplace.
By incorporating a GPS module the location of any intruding device can
be pinpointed. A standard web interface allows the administrator to monitor
network usage; the system uses e-mail and pop-up alerts to signal possible
intrusions of the network.
