Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: November 7th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles includes "The importance of Web application scanning," "Linux Developer Ready for Scrutiny," and "Kevin Mitnick on Hacking's Evolution."

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

LINUX ADVISORY WATCH - This week, advisories were released for lynx, OpenSSL, gnump3d, netpbmfree, gallery, phpmyadmin, SELinux PAM Local, TikiWiki, mantis, Ethereal, XLI, libgda, ImageMagick, kernel, and wget. The distributors include Debian, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Crypto gurus hash out future
  3rd, November, 2005

Encryption experts met in Gaithersburg, Maryland, this week to discuss retiring the SHA-1 hashing algorithm and creating a stronger version of the cryptographic workhorse.

  The importance of Web application scanning
  2nd, November, 2005

Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data.

  PHP Users at Risk?
  1st, November, 2005

A new patch is out for a prior version of open source scripting language PHP, which addresses a recently-discovered security issue in version 4. But the current version of PHP 5 (define) may also be at risk from vulnerabilities that aren't currently patched in that version.

  Linux in Action: Understanding Federated Identity Management Business Drivers
  2nd, November, 2005

What's Federated Identity Management (FIM)? Actually, we should be asking how important is FIM. It's the linchpin of digital convergence and probably one of the most important technologies of the modern era. Soon, we will begin to swim in digital television, multifunctional phones, devices of all kinds, and at the core of making all these things work together with our computer networks and the Internet lies identity management. At the core of identity management lies federation.

  EnGarde Secure Linux v3.0.1 Now Available
  1st, November, 2005

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.1 (Version 3.0, Release 1). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, the SELinux policy, and the LiveCD environment.

  Trying out the new OpenBSD 3.8
  2nd, November, 2005

Yesterday OpenBSD, the proactively secure Unix-like operating system, released version 3.8, featuring several improvements to networking, RAID management tools, and increased security. At you can download installation files or order the official three-disc CD set, which supports 16 processor architectures out of the box. I took this new release as an opportunity to perform my first ever OpenBSD install.

  Review: Mandriva Linux 2006
  3rd, November, 2005

MandrakeLinux always had a reputation as an ideal distribution for beginners. Now that the renamed Mandriva has included technologies from Conectiva and Lycoris into Mandriva Linux 2006, this reputation seems more justified than ever. From its installation program to its selection of software and desktop design to its package design and security options, Mandriva is one of the easiest to use distributions available today.

  Return of The BSDs
  4th, November, 2005

The clocks have fallen back, the leaves are hitting the ground and new BSD releases are on the Net. Among all the noise and buzz created by Linux, it's important to remember that it's not the only open source variant of Unix. OpenBSD, NetBSD and FreeBSD are all still very much alive and kicking and have recently been released from their respective projects

  Linux Developer Ready for Scrutiny
  31st, October, 2005

The Common Criteria evaluation covers three protection profiles related to controlling access to information. A successful evaluation will mean that the operating system meets government security standards for assured information sharing within and across government agencies.

  SECURITY: True or false?
  31st, October, 2005

A survey conducted by the National Cyber Security Alliance (NCSA) and the US Department of Homeland Security found that more than 70% of computer owners falsely believed they were safe from online threats such as adware, spyware and viruses. The eight top cyber security practices recommended by NCSA are "practical steps you can take to stay safe online and avoid becoming a victim of fraud, identity theft, or cyber crime". (1) Protect your personal information.

  Turning Sarbanes-Oxley into a strategic Advantage
  1st, November, 2005

Author: Nerys Grivolas, Senior Consultant, Net Report SAS
The key to turning your company’s conformity with Sarbanes-Oxley into a strategic advantage is to sustain your compliance year-on-year. To do so, you must embrace the idea that Sarbanes-Oxley compliance is an ongoing journey not a final destination.

  Data Security: It's Not Just for Secret Agents Anymore
  1st, November, 2005

The secret agent quietly enters the generic-looking office complex. The agent's assault team has the building surrounded and is standing by in case the operation goes bad. The mission: to find a computer containing information that will save the country from an enemy attack. The agent moves from the warehouse area to the offices in search of the target's computer. He finds it in the last office. The machine is on, and after gaining access to the computer, the agent starts scanning through files only to find them encrypted.

  IT security weakened by compliance issues
  2nd, November, 2005

Companies are devoting too much of their IT security budgets trying to comply with EU directives and regulations like Sarbanes-Oxley when they should be spending more on other security threats, according to the yearly security report by Ernst and Young.

  Anti-Virus Information Exchange Network (AVIEN) statement on spyware
  3rd, November, 2005

Members of AVIEN take the spyware threat seriously and call upon all parties involved, including vendors of security software, leaders in organizations, and government officials alike to increase their dedication to fighting this problem.

  IT Security Concerns Spreading
  4th, November, 2005

The Trusted Network Initiative is not just about who the user is, but their devices too -- and how we can only allow access to devices with up-to-date security patches and without any known Trojans and malware.

IT security used to be a matter of securing the organization, but with more and more components of the organization outsourced to strategic partners, each given access to important information, it is now a matter of being able to trust these partners.

  Kevin Mitnick on hacking's evolution
  4th, November, 2005

To many, the name Kevin Mitnick is synonymous with "notorious hacker." He was caught by the FBI in 1995 after a well-publicized pursuit. Mitnick pled guilty to charges of wire and computer fraud and served five years behind bars. Today, Mitnick is a computer security consultant and has written two books, including one on social engineering, his forte. He is a celebrity, especially at events such as the annual Defcon gathering of hackers in Las Vegas, where attendees ask him to sign their badges.

  The battle to shape data security laws
  1st, November, 2005

It has been a bad year for data security. The Privacy Rights Clearinghouse, a consumer advocacy group in San Diego, has counted 80 data breaches since February, involving the personal information of more than 50 million people. The sensitive data--names, Social Security and credit card numbers, dates of birth, home addresses and the like--have either been lost by or stolen from companies and institutions that compile such data.

  Court shock: denial of service attacks not illegal
  4th, November, 2005

A judge has ruled that denial of service attacks are not illegal under the UK's outdated Computer Misuse Act. A teenager charged with launching a denial of service (DoS) attack against his former employer escaped punishment when the judge threw out the charge after his defence successfully argued that DoS attacks were not covered by the parts of the act he was charged under.

  Discover Potential Security Risks in Nearby Bluetooth Devices
  31st, October, 2005

AirMagnet introduced its BlueSweep software, designed to identify nearby devices with Bluetooth wireless technology and alert users to potential Bluetooth security risks. The AirMagnet software identifies and tracks devices up to 300 feet away and lets users know what their own Bluetooth devices are doing.

  Is VoIP Ripe for Attack?
  2nd, November, 2005

"As soon as the enterprise opens up VoIP to the Internet, they put a potentially huge security hole in their network," Andrew Graydon, vice president of technology at BorderWare Technologies, says. Essentially the days of closed corporate VoIP systems are over.

  Wi-Fi is not 'enterprise-secure', says AT&T
  3rd, November, 2005

Wi-Fi networks are not secure enough for enterprises to run their businesses, according to a senior AT&T executive. Steve Hurst, product director for managed security services at AT&T, told ZDNet Asia that although some attempts to improve the security of Wi-Fi networks have met with success, engineers involved in the technology have yet to develop a secure architecture.

  It's unofficial: Microsoft bets business on Linux
  4th, November, 2005

The next time Bill Gates sends an e-mail through Microsoft's shiny new Wireless LAN it will be passed through a behind-the-scenes Linux-based network appliance. Earlier this year Microsoft and Aruba Networks jointly announced the two companies will work to replace Microsoft's existing Cisco wireless network with Aruba's centrally-managed infrastructure, which eliminates the need for individual changes on the access points.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.