Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: October 10th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Details from the Anti-Phishing Act of 2005," "Nessus security tool closes its source," and "A legal shield for pen-test results."

EnGarde Secure Linux 3.0 - Download Now!

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information


LINUX ADVISORY WATCH - This week, advisories were released for gtkdiskfree, util-linux, ClamAV, loop-aes, helix-player, backupninja, squid, mysql, ntlmaps, mysql-dfsg, gopher, prozilla, cfengine, mozilla-firefox, apachetop, drupal, mailutils, egroupware, arc, mod-auth-shadow, mason, slocate, vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb. The distributors include Debian, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  2005 Semi-Annual Web Security Trends Report
  3rd, October, 2005

Websense released the 2005 Semi-Annual Web Security Trends Report issued by Websense Security Labs. The new report summarizes findings for the first half of 2005 and presents projections for the upcoming year.
  Details from the Anti-Phishing Act of 2005
  5th, October, 2005

California is the first US state to pass anti phishing laws. Finally someone went a step further into, at least, trying to create a more secure cyberspace. Here are some of the most important snippets from the act.
  Common Malware Enumeration Initiative
  6th, October, 2005

The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks.

  Check Point to Acquire Makers of Snort
  6th, October, 2005

Check Point Software Technologies Ltd. and Sourcefire, Inc., developers of Snort, today announced that they have signed a definitive agreement for Check Point to acquire privately held Sourcefire for a total consideration of approximately $225 million.
  Guideline for Implementing Cryptography in the Federal Government
  3rd, October, 2005

The US National Institute of Standards and Technology has released an updated draft version of its 'Guideline for Implementing Cryptography in the Federal Government'. This is the second edition of a white paper first released in 1999, and a welcome to the literature on practical applications of cryptography.

  What is the most challenging Sarbanes-Oxley issue facing Enterprises today?
  7th, October, 2005

Companies are now finding that log management is a cornerstone best practice in their compliance efforts. Sarbanes-Oxley 404 Internal IT Control requirements infer rigorous end-to-end Log Management and Archival. Net Report helps companies face this issue.

  But Wait, There's More
  4th, October, 2005

The ink is barely dry on all of the Red Hat Enterprise Linux 4 materials, and the company is already gearing up for the launch of RHEL 5. While Red Hat is not being terribly specific about what is in RHEL 5 just yet, the company did announce last week that it is working with server maker IBM and security expert Trusted Computer Solutions to begin the Common Criteria security certification for the forthcoming RHEL 5, which is due in late 2006.

  Pass on Passwords with scp
  7th, October, 2005

In this article, I show you how to use the scp (secure copy) command without needing to use passwords. I then show you how to use this command in two scripts. One script lets you copy a file to multiple Linux boxes on your network, and the other allows you to back up all of your Linux boxes easily.

  Firefox 1.5 gets the sniff test
  3rd, October, 2005

First came all the praise about Firefox 1.0 being more secure than Internet Explorer (IE). Then came headlines about mega-downloads chipping away at Microsoft's market share. Then came months of uncovered flaws and security updates that now has Firefox up to version 1.0.7.

  RealNetworks Fixes Linux RealPlayer Flaw
  4th, October, 2005

RealNetworks has patched the Linux media players that were susceptible to a zero-day attack for much of last week.

  SanDisk embeds DRM engine in Flash cards
  5th, October, 2005

Flash memory pioneer SanDisk has embedded DRM and copy protection functions into several flash card form factors. "TrustedFlash" will allow users to buy music, movies, and games on flash cards for use interchangeably in mobile phones, PDAs, laptops, and other devices, according to the company.

  Nessus security tool closes its source
  7th, October, 2005

The source code of one of the world's most popular free security tools will no longer be available to all, its creator has announced, saying the software's open-source license was fueling competition.

  Does Instant Messaging improve communication or threaten security?
  3rd, October, 2005

Companies should have their content filtering systems upgraded now because the cost of improving IT security is more than offset by the ensuing increase in productivity.

  The Open Source Highway
  4th, October, 2005

Open source is the foundation for the future. By definition, open source is code accessible to all. The free re-distribution of code allows anyone to download code and take advantage of it. The community of open source contributors depicts a truely collaborative environment. Developers around the globe donate to the code repository resulting in accelerated advancement and cleanliness of the available code. The Internet encouraged this open source movement by providing a breeding ground for collaboration.

  PortAuthority Updates Data-Fingerprinting Technology
  5th, October, 2005

While no two fingerprints are alike for people, the same cannot be said for digital data. But new data-fingerprinting technologies have cropped up to take traditional watermarking strategies to the next level in preventing theft of intellectual property. PortAuthority 3.5 is one such technology. The newly updated data-fingerprinting software from PortAuthority Technologies examines the content of documents to give customers the ability to prevent information leaks and data theft.

  A legal shield for pen-test results
  7th, October, 2005

Routine network penetration testing may shed light on exposures to external threats, but it can also put damning evidence in the hands of competitors and plaintiffs who sue your organization. Attorneys caution that pen tests generate lengthy reports of system inaccuracies and vulnerabilities that could be used in court against a company.

  Court Rules in Favor of Anonymous Blogger
  7th, October, 2005

In a decision hailed by free-speech advocates, the Delaware Supreme Court on Wednesday reversed a lower court decision requiring an Internet service provider to disclose the identity of an anonymous blogger who targeted a local elected official.

  Learning To Hack Just Got Easier
  4th, October, 2005

Now you can learn hacking in the comfort of your own home. Training company Learn Security Online (LSO) teaches hacking techniques online at a low cost. LSO teaches computer security with interactive simulators, hacking games, and security challenges that require students to break into real servers.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.