Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: October 3rd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Guideline for Implementing Cryptography in the Federal Government," "Rule Set Based Access Control 1.2.5," and "Linux RealPlayer Could Face Zero-Day Attack."

EnGarde Secure Linux 3.0 - Download Now!

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information


LINUX ADVISORY WATCH - This week, advisories were released for python, XFree86, kdeedu, courier, zsync, gtkdiskfree, util-linux, mantis, Webmin, Qt, PHP, firefox, mozilla, cups, HelixPlayer, RealPlayer, wget, ghostscript, slocate, net-snmp, openssh, and binutils. The distributors include Debian, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Pointsec full-disk encryption for Linux debuts
  27th, September, 2005

The product is meant to ensure an entire hard drive's data can be encrypted in real time and only accessed by authorised users. A full-disk end-user software encryption product for Linux was launched on Monday by security software company Pointsec. Full-disk encryption protects all data on the hard disk including the operating system, system files, and "supposedly deleted files", the company claims.. Pointsec is pitching the product — Pointsec for Linux — at "large technology and telecommunications corporations needing to protect intellectual property stored on laptop and desktop computers".

  Guideline for Implementing Cryptography in the Federal Government
  3rd, October, 2005

The US National Institute of Standards and Technology has released an updated draft version of its 'Guideline for Implementing Cryptography in the Federal Government'. This is the second edition of a white paper first released in 1999, and a welcome to the literature on practical applications of cryptography.

  Sun Solaris Patches for Xsun(1) and Xprt(1) Vulnerability Released
  29th, September, 2005

Sun has released a security patch to fix a vulnerability in Solaris, which could be exploited by a local attacker to gain elevated privileges.

  Cisco Bolsters Network Security
  29th, September, 2005

Cisco Systems took steps Tuesday to address the growing need for more secure networks that can defend themselves against a variety of threats with the introduction of new incident-control and threat-mitigation software and services. It also has new versions of the company's intrusion-prevention signature (ISP) system and IOS router operating system software.

  'Trusted' Linux OS tipped for next year
  29th, September, 2005

Linux vendor has made plans to put its operating system through the paces of a US evaluation program to create the first "trusted" Linux operating system. Red Hat, with help from IBM and Trusted Computing Solutions, said it would put its operating system through the paces of the National Information Assurance Partnership's Common Criteria evaluation program to create the first "trusted" Linux operating system.

  Automating Linux security should be a higher priority
  30th, September, 2005

I know Linux has a firewall. I know about iptables. I know Linux has fewer viruses targeting it than Windows does. But I strongly believe that Linux users badly need the kind of automated anti-viral patch management service that Windows users now take for granted. The present approach, in my view, just won't scale.

  Sarbanes-Oxley and realtime's identity management solution
  27th, September, 2005

Realtime's Risk Management Tool, APM, has been installed over 150 times to SAP customers and our bioLock is well established in the SAP world as the first SAP certified biometric identity management solution. These were enough reasons for SAP to approach realtime to include us in an educational movie about Sarbanes-Oxley. We facilitated an interview with Professor Paul Foote, (a Harvard educated Accounting Professor in California and Sarbanes-Oxley expert), that has built a biometric research center around the bioLock technology. SAP decided to make an additional movie about the bioLock technology to point out the powerful capabilities of biometrics, when it comes to complying with mandatory regulations. Both movies were shown on SAP TV worldwide.

  Rule Set Based Access Control 1.2.5 Available
  29th, September, 2005

RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels. From a practical standpoint, it allows possibilities such as full fine grained control over objects, memory execution prevention, real time integrated virus detection and more.

  French military body to install Linux cluster
  30th, September, 2005

An agency of the French Ministry of Defence is planning to install a high-performance Linux cluster for technical and scientific work. The Technical Establishment of Bourges (ETBS), which tests and manufactures armaments, has issued a tender for the supply of a 64-bit Linux cluster, according to a document on an EU website. The deadline of the tender was reached on Thursday but it was unclear from the tender document when the ETBS plans to start implementing the cluster.

  Finger On The Pulse Of Identity
  27th, September, 2005

The contours of the finger, the patterns of the iris and the shape of the hand can all be used to provide strong authentication, but are these - and other – biometric technologies sufficient to provide good security while also ensuring the privacy and trust of end users?

  Agencies need a mix of tools for incident response
  29th, September, 2005

Federal information technology managers need a mix of tools to quickly respond to security incidents. The more effective technologies will combine tracking of IT assets with vulnerability management capabilities as well as event correlation functions, expert say.

  Spyware is Being Designed For a Broader Audience Than Ever Before
  27th, September, 2005

There are over 530 commercial spy programs, with about 5 brand new ones appearing each month. Commercial monitoring spyware includes keyloggers, email redirectors, screen recorders and more. It should not to be confused with adware.

  Using a Blog Service to Minimize Exposure to Spam
  28th, September, 2005

Blogs are extremely popular nowadays. I spend most of my non-business related surfing time on blogs. As the number of blogs is increasing evey day, I often come across something innovative.Coveno is your typically looking blog, but it has a twist - it is, as the authors call it, web's first public email account.
  Multiple Lines of Defense
  29th, September, 2005

No matter how good any single network security application is, there is someone out there smarter than the people who designed it with more time on his hands than scruples who will eventually get past it. It is for this reason that common security practice suggests multiple lines of defense, or defense in depth.

  Aligning IT Security with Business Goals
  30th, September, 2005

Most people believe security can’t be directly linked to the business initiatives, supporting SOX compliance or improving top line revenue. Ask the executive management team of most companies if they still think of security as an “art? rather than a science and you’ll find most believe it’s a necessity, but wonder if they can ever be truly secure. Finances can be quantified, network operations can be measured to understand bandwidth requirements now and projected into the future, but most see security as nebulous at best. Even as the awareness of cyber-attacks increases and the importance of government regulations grows, security professionals are still battling for resources and budget.

  PDAs and mobiles left open to 'Bluesnarfing'
  27th, September, 2005

Businesses are at risk of losing confidential data to hackers asoffice workers leave their Bluetooth-enabled PDAs and mobile phones unsecured. A survey of commuters in three central London railway stations found that one in 10 are travelling with mobile devices that are open to eavesdropping by hackers.

  RealPlayer and Helix Player in Linux security scare
  28th, September, 2005

Users who run the media players on Linux or Unix are at risk of attack, security experts claim Popular media players RealPlayer and Helix Player are at risk of a security vulnerability that could let malicious attackers launch remote attacks on a user's system, security experts say.

  Linux RealPlayer Could Face Zero-Day Attack
  28th, September, 2005

The Linux versions of RealNetworks' popular RealPlayer and Helix Player can be used by attackers to load malicious code onto systems, several security organizations reported Tuesday. Both RealPlayer 10.x and Helix 1.x sport a zero-day vulnerability that could let a hacker execute commands remotely once he'd convinced the user to open a malformed .rp (realpix) or .rt (realtext) file. RealPix and RealText files are image slideshow and text-based displays (such as a scrolling ticker-style message) played by RealPlayer and Helix.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.