EnGarde Secure Linux 3.0 - Download Now!
Linux 2.6 kernel featuring SELinux Mandatory Access Control
- Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
- Support for new hardware, including 64-bit AMD architecture
- Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
- Apache v2.0, BIND v9.3, MySQL v5.0(beta)
- Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
- Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
- Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
- RSS feed provides ability to display current news and immediate access to system and security updates
- Real-time access to system and service log information
LEARN MORE:
https://guardiandigital.com/cloud-email-security
LINUX ADVISORY WATCH - This week, advisories were released for gtkdiskfree, util-linux, ClamAV, loop-aes, helix-player, backupninja, squid, mysql, ntlmaps, mysql-dfsg, gopher, prozilla, cfengine, mozilla-firefox, apachetop, drupal, mailutils, egroupware, arc, mod-auth-shadow, mason, slocate, vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb. The distributors include Debian, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| 2005 Semi-Annual Web Security Trends Report | ||
3rd, October, 2005
Websense released the 2005 Semi-Annual Web Security Trends Report issued by Websense Security Labs. The new report summarizes findings for the first half of 2005 and presents projections for the upcoming year. |
||
| Details from the Anti-Phishing Act of 2005 | ||
5th, October, 2005
California is the first US state to pass anti phishing laws. Finally someone went a step further into, at least, trying to create a more secure cyberspace. Here are some of the most important snippets from the act. |
||
| Common Malware Enumeration Initiative | ||
6th, October, 2005
The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks. |
||
| Check Point to Acquire Makers of Snort | ||
6th, October, 2005
Check Point Software Technologies Ltd. and Sourcefire, Inc., developers of Snort, today announced that they have signed a definitive agreement for Check Point to acquire privately held Sourcefire for a total consideration of approximately $225 million. |
||
| Guideline for Implementing Cryptography in the Federal Government | ||
3rd, October, 2005
The US National Institute of Standards and Technology has released an updated draft version of its 'Guideline for Implementing Cryptography in the Federal Government'. This is the second edition of a white paper first released in 1999, and a welcome to the literature on practical applications of cryptography. |
||
| What is the most challenging Sarbanes-Oxley issue facing Enterprises today? | ||
7th, October, 2005
Companies are now finding that log management is a cornerstone best practice in their compliance efforts. Sarbanes-Oxley 404 Internal IT Control requirements infer rigorous end-to-end Log Management and Archival. Net Report helps companies face this issue. |
||
| But Wait, There's More | ||
4th, October, 2005
The ink is barely dry on all of the Red Hat Enterprise Linux 4 materials, and the company is already gearing up for the launch of RHEL 5. While Red Hat is not being terribly specific about what is in RHEL 5 just yet, the company did announce last week that it is working with server maker IBM and security expert Trusted Computer Solutions to begin the Common Criteria security certification for the forthcoming RHEL 5, which is due in late 2006. |
||
| Pass on Passwords with scp | ||
7th, October, 2005
In this article, I show you how to use the scp (secure copy) command without needing to use passwords. I then show you how to use this command in two scripts. One script lets you copy a file to multiple Linux boxes on your network, and the other allows you to back up all of your Linux boxes easily. |
||
| Firefox 1.5 gets the sniff test | ||
3rd, October, 2005
First came all the praise about Firefox 1.0 being more secure than Internet Explorer (IE). Then came headlines about mega-downloads chipping away at Microsoft's market share. Then came months of uncovered flaws and security updates that now has Firefox up to version 1.0.7. |
||
| RealNetworks Fixes Linux RealPlayer Flaw | ||
4th, October, 2005
RealNetworks has patched the Linux media players that were susceptible to a zero-day attack for much of last week. |
||
| SanDisk embeds DRM engine in Flash cards | ||
5th, October, 2005
Flash memory pioneer SanDisk has embedded DRM and copy protection functions into several flash card form factors. "TrustedFlash" will allow users to buy music, movies, and games on flash cards for use interchangeably in mobile phones, PDAs, laptops, and other devices, according to the company. |
||
| Nessus security tool closes its source | ||
7th, October, 2005
The source code of one of the world's most popular free security tools will no longer be available to all, its creator has announced, saying the software's open-source license was fueling competition. |
||
| Does Instant Messaging improve communication or threaten security? | ||
3rd, October, 2005
Companies should have their content filtering systems upgraded now because the cost of improving IT security is more than offset by the ensuing increase in productivity. |
||
| The Open Source Highway | ||
4th, October, 2005
Open source is the foundation for the future. By definition, open source is code accessible to all. The free re-distribution of code allows anyone to download code and take advantage of it. The community of open source contributors depicts a truely collaborative environment. Developers around the globe donate to the code repository resulting in accelerated advancement and cleanliness of the available code. The Internet encouraged this open source movement by providing a breeding ground for collaboration. |
||
| PortAuthority Updates Data-Fingerprinting Technology | ||
5th, October, 2005
While no two fingerprints are alike for people, the same cannot be said for digital data. But new data-fingerprinting technologies have cropped up to take traditional watermarking strategies to the next level in preventing theft of intellectual property. PortAuthority 3.5 is one such technology. The newly updated data-fingerprinting software from PortAuthority Technologies examines the content of documents to give customers the ability to prevent information leaks and data theft. |
||
| A legal shield for pen-test results | ||
7th, October, 2005
Routine network penetration testing may shed light on exposures to external threats, but it can also put damning evidence in the hands of competitors and plaintiffs who sue your organization. Attorneys caution that pen tests generate lengthy reports of system inaccuracies and vulnerabilities that could be used in court against a company. |
||
| Court Rules in Favor of Anonymous Blogger | ||
7th, October, 2005
In a decision hailed by free-speech advocates, the Delaware Supreme Court on Wednesday reversed a lower court decision requiring an Internet service provider to disclose the identity of an anonymous blogger who targeted a local elected official. |
||
| Learning To Hack Just Got Easier | ||
4th, October, 2005
Now you can learn hacking in the comfort of your own home. Training company Learn Security Online (LSO) teaches hacking techniques online at a low cost. LSO teaches computer security with interactive simulators, hacking games, and security challenges that require students to break into real servers. |
||
