LINUX ADVISORY
WATCH - This week, advisories were released for turqstat, centericq, lm-sensors,
kdebase, python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam, mod_ssl,
Zebedee, umount, squid, and mod_ssl. The distributors include Debian, Fedora,
Gentoo, and Red Hat.
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes - One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I'll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction:
Buffer Overflow Vulnerabilities - Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Firefox woes spread to Linux
22nd, September, 2005
When I saw all the headlines this week about a new Symantec
report contradicting popular perception that Firefox was the secure alternative
to Microsoft Internet Explorer, the timing couldn't have been better.
Just three days earlier I wrote this blog about Firefox surpassing Microsoft
Internet Explorer in monthly vulnerabilities and a flood of angry comments
followed in the talkback and Slashdot had another 500 plus comments.
Cisco Systems Inc. is revamping its security professional-level
certifications to better reflect the networking giant's emphasis on its
Self-Defending Network strategy.
As many systems administrators will tell you, attacks from automated
login scripts specifically targeting common account names with weak passwords
have become a substantial threat to system security, especially via SSH
(a popular program that allows remote users to log in to a Linux computer
and execute commands locally). Here are some common-sense rules to follow
that can greatly improve security, as well as several scripts to cut down
on the computing resources wasted by these attacks.
Deep underground somewhere in south-east England, security experts
have built a data hosting center almost entirely based on open source
operating systems. The cryptologists at the Bunker, an ex-Nato anti-nuclear
hideout owned by a data hosting group also known as the Bunker, are so
confident of good security, that they say they have no need for firewalls
– the tools commonly used for keeping hackers away.
At Novell's Brainshare user conference in Barcelona last week,
the software supplier said it had strengthened its identity and access
management security products, Novell Identity & Access Management. Novell
also claimed significant customer gains in Europe with its open source
SuSE Linux desktop and enterprise server.
"Guardian Digital is shortly going to be announcing the next
major release of its award-winning EnGarde Secure Linux platform, and
we'd like to offer the engarde-users community a first-glimpse at this
release. Within this new release, codenamed Rapier, you'll find: Linux
2.6 kernel featuring SELinux Mandatory Access Control; Guardian Digital
Secure Network features free access to all system and security updates;
support for new hardware, including 64-bit AMD architecture; web-based
management of all functions...."
Peter Zelezny has discovered a vulnerability in Firefox, which
can be exploited by malicious people to compromise a user's system. The
vulnerability is caused due to the shell script used to launch Firefox
parsing shell commands that are enclosed within backticks in the URL provided
via the command line. This can e.g. be exploited to execute arbitrary
shell commands by tricking a user into following a malicious link in an
external application which uses Firefox as the default browser (e.g. the
mail client Evolution on Red Hat Enterprise Linux 4).
The Prelude Project has
released the 0.9 version of their Hybrid IDS Framework. Which represents
over seven years of development. It supports over 40 different types of
devices and log types. As well as other security software such as Snort
and Samhain offering support
for reporting to Prelude. Many other advancements have been made to the
Prelude Framework. Including the all new Prewikka front-end for correlation
and monitoing of alerts.
The Auditor security collection is a GPL-licensed live CD based
on Knoppix, with more than 300 security software tools. Auditor gives
you easy access to a broad range of tools in almost no time.
Workers are more like to indulge in risky Internet behavior
-- surfing to unknown or even suspicious sites, for example -- when they
have an IT department behind them to clean up their mess, a recently released
study claims. According to the July study -- which was released Tuesday
by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each
in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed
that their company's IT department would keep them safe from viruses,
worms, spyware, spam, and phishing and pharming attacks.
Computer attackers are trying to circumvent improved defences
in corporate networks by creating smaller worms and viruses that infect
individual computers, says a report on Internet security to be released
today.
Internet Security Systems Chairman, CEO and President Tom Noonan
says customers increasingly are looking for security platforms that do
two basic things: Let the good guys in and keep the bad guys out. He spoke
with Network World's Editor in Chief John Dix and News Editor Bob Brown.
Here is an edited transcript of Noonan's thoughts on a host of topics.
Breaking into corporate networks, and thereby corporate information,
has never been
easier. Why? Firstly, access to systems (usually Windows) at the desktop
is universal. Secondly, most people, including techies, don't appear to
know how to select adequately secure passwords.
According to a report from antivirus company Kaspersky, Mozilla.org
recently hosted Linux versions of the Mozilla browser and Thunderbird
mail client that were infected with the Linux RST.b virus. The versions
involved were the localised Korean releases, and they have now been removed.
RST.b infects ELF executable files to insert a backdoor onto the victim's
computer and automatically downloads exploit scripts from an Internet
site.
Information Security is such a broad discipline that it’s easy
to get lost in a single area and lose perspective. The discipline covers
everything from how high to build the fence outside your business, all
the way to how to harden a Windows 2003 server.
It’s important, however, to remember not to get caught up in the specifics.
Each best practice is tied directly to a higher, more philosophical
security concept, and those concepts are what I intend to discuss here.
After seeing the same mistakes repeated by different IT managers
over the years, I've noticed a pattern of common errors. Here are the
five common mistakes, along with tips for avoiding them.
Zotob.E, Tpbot-A, Rbot.CBQ and IRCbot.worm: all names given
to a single worm that wreaked havoc in Windows 2000 systems last month.
Among the plethora of identifiers, perhaps the most useful--CME-540--didn't
make an impact.
You have problems. The annual report spreadsheet has disappeared
from a server. A virus is loose in company e-mail. Someone has access
to the network through some kind of back door. Those are big problems.
