Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LINUX ADVISORY WATCH - This week, advisories were released for lynx, OpenSSL, gnump3d, netpbmfree, gallery, phpmyadmin, SELinux PAM Local, TikiWiki, mantis, Ethereal, XLI, libgda, ImageMagick, kernel, and wget. The distributors include Debian, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Crypto gurus hash out future | ||
3rd, November, 2005
Encryption experts met in Gaithersburg, Maryland, this week to discuss retiring the SHA-1 hashing algorithm and creating a stronger version of the cryptographic workhorse. |
||
| The importance of Web application scanning | ||
2nd, November, 2005
Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data. |
||
| PHP Users at Risk? | ||
1st, November, 2005
A new patch is out for a prior version of open source scripting language PHP, which addresses a recently-discovered security issue in version 4. But the current version of PHP 5 (define) may also be at risk from vulnerabilities that aren't currently patched in that version. |
||
| Linux in Action: Understanding Federated Identity Management Business Drivers | ||
2nd, November, 2005
What's Federated Identity Management (FIM)? Actually, we should be asking how important is FIM. It's the linchpin of digital convergence and probably one of the most important technologies of the modern era. Soon, we will begin to swim in digital television, multifunctional phones, devices of all kinds, and at the core of making all these things work together with our computer networks and the Internet lies identity management. At the core of identity management lies federation. |
||
| EnGarde Secure Linux v3.0.1 Now Available | ||
1st, November, 2005
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.1 (Version 3.0, Release 1). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, the SELinux policy, and the LiveCD environment. |
||
| Trying out the new OpenBSD 3.8 | ||
2nd, November, 2005
Yesterday OpenBSD, the proactively secure Unix-like operating system, released version 3.8, featuring several improvements to networking, RAID management tools, and increased security. At openbsd.org you can download installation files or order the official three-disc CD set, which supports 16 processor architectures out of the box. I took this new release as an opportunity to perform my first ever OpenBSD install. |
||
| Review: Mandriva Linux 2006 | ||
3rd, November, 2005
MandrakeLinux always had a reputation as an ideal distribution for beginners. Now that the renamed Mandriva has included technologies from Conectiva and Lycoris into Mandriva Linux 2006, this reputation seems more justified than ever. From its installation program to its selection of software and desktop design to its package design and security options, Mandriva is one of the easiest to use distributions available today. |
||
| Return of The BSDs | ||
4th, November, 2005
The clocks have fallen back, the leaves are hitting the ground and new BSD releases are on the Net. Among all the noise and buzz created by Linux, it's important to remember that it's not the only open source variant of Unix. OpenBSD, NetBSD and FreeBSD are all still very much alive and kicking and have recently been released from their respective projects |
||
| Linux Developer Ready for Scrutiny | ||
31st, October, 2005
The Common Criteria evaluation covers three protection profiles related to controlling access to information. A successful evaluation will mean that the operating system meets government security standards for assured information sharing within and across government agencies. |
||
| SECURITY: True or false? | ||
31st, October, 2005
A survey conducted by the National Cyber Security Alliance (NCSA) and the US Department of Homeland Security found that more than 70% of computer owners falsely believed they were safe from online threats such as adware, spyware and viruses. The eight top cyber security practices recommended by NCSA are "practical steps you can take to stay safe online and avoid becoming a victim of fraud, identity theft, or cyber crime". (1) Protect your personal information. |
||
| Turning Sarbanes-Oxley into a strategic Advantage | ||
1st, November, 2005
|
||
| Data Security: It's Not Just for Secret Agents Anymore | ||
1st, November, 2005
The secret agent quietly enters the generic-looking office complex. The agent's assault team has the building surrounded and is standing by in case the operation goes bad. The mission: to find a computer containing information that will save the country from an enemy attack. The agent moves from the warehouse area to the offices in search of the target's computer. He finds it in the last office. The machine is on, and after gaining access to the computer, the agent starts scanning through files only to find them encrypted. |
||
| IT security weakened by compliance issues | ||
2nd, November, 2005
Companies are devoting too much of their IT security budgets trying to comply with EU directives and regulations like Sarbanes-Oxley when they should be spending more on other security threats, according to the yearly security report by Ernst and Young. |
||
| Anti-Virus Information Exchange Network (AVIEN) statement on spyware | ||
3rd, November, 2005
Members of AVIEN take the spyware threat seriously and call upon all parties involved, including vendors of security software, leaders in organizations, and government officials alike to increase their dedication to fighting this problem. |
||
| IT Security Concerns Spreading | ||
4th, November, 2005
The Trusted Network Initiative is not just about who the user is, but their devices too -- and how we can only allow access to devices with up-to-date security patches and without any known Trojans and malware. |
||
| Kevin Mitnick on hacking's evolution | ||
4th, November, 2005
To many, the name Kevin Mitnick is synonymous with "notorious hacker." He was caught by the FBI in 1995 after a well-publicized pursuit. Mitnick pled guilty to charges of wire and computer fraud and served five years behind bars. Today, Mitnick is a computer security consultant and has written two books, including one on social engineering, his forte. He is a celebrity, especially at events such as the annual Defcon gathering of hackers in Las Vegas, where attendees ask him to sign their badges. |
||
| The battle to shape data security laws | ||
1st, November, 2005
It has been a bad year for data security. The Privacy Rights Clearinghouse, a consumer advocacy group in San Diego, has counted 80 data breaches since February, involving the personal information of more than 50 million people. The sensitive data--names, Social Security and credit card numbers, dates of birth, home addresses and the like--have either been lost by or stolen from companies and institutions that compile such data. |
||
| Court shock: denial of service attacks not illegal | ||
4th, November, 2005
A judge has ruled that denial of service attacks are not illegal under the UK's outdated Computer Misuse Act. A teenager charged with launching a denial of service (DoS) attack against his former employer escaped punishment when the judge threw out the charge after his defence successfully argued that DoS attacks were not covered by the parts of the act he was charged under. |
||
| Discover Potential Security Risks in Nearby Bluetooth Devices | ||
31st, October, 2005
AirMagnet introduced its BlueSweep software, designed to identify nearby devices with Bluetooth wireless technology and alert users to potential Bluetooth security risks. The AirMagnet software identifies and tracks devices up to 300 feet away and lets users know what their own Bluetooth devices are doing. |
||
| Is VoIP Ripe for Attack? | ||
2nd, November, 2005
"As soon as the enterprise opens up VoIP to the Internet, they put a potentially huge security hole in their network," Andrew Graydon, vice president of technology at BorderWare Technologies, says. Essentially the days of closed corporate VoIP systems are over. |
||
| Wi-Fi is not 'enterprise-secure', says AT&T | ||
3rd, November, 2005
Wi-Fi networks are not secure enough for enterprises to run their businesses, according to a senior AT&T executive. Steve Hurst, product director for managed security services at AT&T, told ZDNet Asia that although some attempts to improve the security of Wi-Fi networks have met with success, engineers involved in the technology have yet to develop a secure architecture. |
||
| It's unofficial: Microsoft bets business on Linux | ||
4th, November, 2005
The next time Bill Gates sends an e-mail through Microsoft's shiny new Wireless LAN it will be passed through a behind-the-scenes Linux-based network appliance. Earlier this year Microsoft and Aruba Networks jointly announced the two companies will work to replace Microsoft's existing Cisco wireless network with Aruba's centrally-managed infrastructure, which eliminates the need for individual changes on the access points. |
||
