LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: November 14th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "The Story of PGP: Past, Present and Future," "Evaluating Intrusion Prevention Systems," and "Linux: Secure as You Want It to Be."


Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec


LINUX ADVISORY WATCH - This week, advisories were released OpenSSL, httpd, Horde3, OpenVPN, chmlib, ClamAV, libungif4, gpsdrive, awstats, kdelibs, giflib, fetchmail, ImageMagick, scim-qtimm, e2fsprogs, drakxtools, emacs, w3c-libwww, libungif, and flash-plugin. The distributors include Debian, Gentoo, Mandriva, and Red Hat.

LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  The Story of PGP: Past, Present and Future
  8th, November, 2005

Recently we met with Jon Callas, CTO and CSO of PGP Corporation. Pretty Good Privacy (PGP) is today's most used crypto software with a lot of history. Presented here is the entire story of PGP in his words that covers everything from the the early days to future plans.

http://www.linuxsecurity.com/content/view/120752
 
  RSA-640 Factored
  9th, November, 2005

A team at the German Federal Agency for Information Technology Security (BSI) recently announced the factorization of the 193-digit number known as RSA-640. The team responsible for this factorization is the same one that previously factored the 174-digit number known as RSA-576 and the 200-digit number known as RSA-200.

http://www.linuxsecurity.com/content/view/120766
 
  New Linux live CD for security professionals
  10th, November, 2005

Arudius (formerly Securinix) is a live CD Linux distribution based on Slackware (Minislack) and Linux Live scripts. It contains an extensive set of software tools used by IT security professionals for penetration testing and vulnerability analysis. Its goal is to include the most comlete set of useful security tools and still maintain a small footprint.

http://www.linuxsecurity.com/content/view/120782
 
  Replacing FTP and Telnet in Cross-platform Networks
  7th, November, 2005

Telnet, Rsh, Rlogin, Rcp, and FTP are commonly used methods to access files and execute commands on remote servers. They are available in most operating systems and work seamlessly in multi-platform environments. However, this convenience comes with major security risks. This document is intended for IT professionals at enterprises who need to secure file transfer and system administration access methods in heterogeneous and large-scale environments.

http://www.linuxsecurity.com/content/view/120738
 
  CIOs nervous about IP network security
  8th, November, 2005

Despite high levels of concern about the security of IP networks, companies are planning to press ahead and roll out the technology regardless, according to research from the Economist Intelligence Unit (EIU).

http://www.linuxsecurity.com/content/view/120756
 
  Is This the Dawn of the Linux Worms?
  9th, November, 2005

Over the weekend reports began to filter in of a new network worm that focused on a variety of vulnerabilities in products typically found in Linux-based Web servers. It's been tagged by many as a Linux problem, and is, in a practical sense, although most of the vulnerabilities aren't strictly Linux issues. So far there's no evidence it's a serious real-world problem, although the Internet Storm Center has been reporting that they are seeing multiple variants of it circulating around the net.

http://www.linuxsecurity.com/content/view/120767
 
  Intrusion Detection for Database Tech
  8th, November, 2005

Application security differs from network and host security. The applications vary but the attacker's goal is always the same -- to access the database. Since applications use SQL to communicate with the database, a good application IDS parses SQL, providing an objective layer of protection that understands the traffic yet remains independent of the application.

http://www.linuxsecurity.com/content/view/120755
 
  Evaluating Intrusion Prevention Systems
  11th, November, 2005

With intrusion prevention systems (IPS) fast becoming as essential a purchase as the ubiquitous firewall, the choice is becoming ever more bewildering as more and more vendors scurry to bring new products to market.

http://www.linuxsecurity.com/content/view/120793
 
  Security Highlights USENIX 19th Large Installation System Administration Conference
  10th, November, 2005

The six-day LISA '05 training program includes 50 in-depth, immediately useful sessions on the latest techniques, effective tools, and best strategies for solving the toughest system administration challenges. The new Hit the Ground Running Track offers 15-minute talks that give a head start on the must-know topics in cutting-edge technologies including VoIP, SAN, configuration management, identity management, and network security.

http://www.linuxsecurity.com/content/view/120780
 
  Linux backers form patent-sharing firm
  10th, November, 2005

Three of the world's biggest electronics companies--IBM, Sony and Royal Philips Electronics--have joined forces with the two largest Linux software distributors to create a company for sharing Linux patents, royalty-free. The Open Invention Network (OIN), as the new firm unveiled on Thursday is known, could mark a breakthrough in resolving how to protect vendors and customers from patent royalty disputes resulting from freely shared Linux code.

http://www.linuxsecurity.com/content/view/120784
 
  Linux: Secure as You Want It to Be
  11th, November, 2005

Opinion: Yes, Linux will be attacked more often in the days ahead, but far fewer attacks will get through than do on Windows. My colleague Larry Seltzer thinks that we may be on the verge of an age of Linux worms that might rival the endless trouble that Windows users find themselves in.

http://www.linuxsecurity.com/content/view/120791
 
  Review: Hardening Linux
  11th, November, 2005

Hardening Linux, by James Turnbull, stands out as an important text that clearly lays out how to make your Linux boxes as secure as possible. Mr. Turnbull has done a noteworthy job in delineating many potential vulnerabilities, and how to mitigate them. Each chapter covers a particular area in depth, with carefully worded and easy-to-follow examples. In the cases where you need to install some other piece of software to provide extra security, Turnbull gives you the step-by-step details, removing the chance of misinterpretation. As you finish each chapter, you will want to apply your newfound knowledge to the machines at your disposal.

http://www.linuxsecurity.com/content/view/120794
 
  CA dumps Ingres database
  8th, November, 2005

Computer Associates has spun off its Ingres database into the privately held Ingres Corporation. The newly formed company has received an investment from private equity fund Garnett & Helfrich Capital, which will be the firm's majority shareholder. CA will provide the intellectual property rights for the database in exchange for a stake in the company.

http://www.linuxsecurity.com/content/view/120753
 
  Offshoring pushes BS7799 security
  7th, November, 2005

When organisations allow outsourcers or other third parties - whether local or offshore - to handle customers' information, they will increasingly demand evidence that this data is protected while offsite. And this requirement is growing as details of high-profile security breaches keep hitting the headlines. One way to ensure good practices for security is to use service providers certified to the BS7799 British security standard - or its international equivalent ISO 17799 - designed to help firms manage and minimise security risks.

http://www.linuxsecurity.com/content/view/120739
 
  IT security takes back seat to compliance
  7th, November, 2005

Complying with regulatory requirements is now the key driver for firms implementing information security rather than tackling traditional security threats such as worms and viruses. That is the conclusion of the eighth annual Ernst & Young information security survey of 1,300 public and private sector organisations in 55 countries.

http://www.linuxsecurity.com/content/view/120740
 
  Battling Bugs: A Digital Quagmire
  9th, November, 2005

In 1976, computer pioneer Edsger W. Dijstra made an observation that would prove uncanny: "Program testing can be quite effective for showing the presence of bugs," he wrote in an essay, "but is hopelessly inadequate for showing their absence." Thirty tears later, Dijsta's words have the ring of prophecy. Companies like Microsoft and Oracle, along with open-source projects like Mozilla and Linux, have all instituted rigorous and extensive testing programs, but bugs just keep slipping through. Last month, Microsoft's monthly drop of bug patches included fixes for 14 security holes that escaped prerelease testing, four of them rated "critical."

http://www.linuxsecurity.com/content/view/120763
 
  Considering Data Center Outsourcing
  9th, November, 2005

"All of the vendors have similar [product and marketing] concepts that they've demonstrated," says Tom de Swaan, CFO at ABN AMRO. "We were more concerned about how they met our needs in terms of service-level agreements and price points." Data center outsourcing is a different game from what it was earlier this decade. Contracts are shrinking from six to 10 years to three to five years, according to Deloitte Consulting. Single-provider mega-deals are on the wane, Gartner reports.

http://www.linuxsecurity.com/content/view/120764
 
  Linux Needs A Wormer
  10th, November, 2005

A new variation on the Slapper and Scalper worms has crept into the Linux lines. Most major security companies have picked up on it and have issued bulletins. Linux doesn't get hit as often as Windows but it does get hit. While this worm isn't considered life threatening, it can be quite annoying.

http://www.linuxsecurity.com/content/view/120781
 
  No Fed Security Laws
  11th, November, 2005

Despite the seemingly unending torrent of citizens' data pouring into the hands of identity thieves, Congress is unlikely to pass any data-security bills by the end of the year, according to Hill watchers. After the nationwide uproar when ChoicePoint admitted it sold 145,000 dossiers to Nigerian identity thieves, 20 states followed California's lead and passed laws requiring companies to notify citizens when their data had been compromised.

http://www.linuxsecurity.com/content/view/120792
 
  Hacking Back: Cyber Counterterrorism
  9th, November, 2005

The recent arrest and 17-count indictment against 20-year-old accused hacker and botmaster Jeanson James Ancheta for both using and selling the tools to attack a number of networks, including some within the Defense Department, should be taken as a shot across the bow by anyone who reads this. Ancheta is accused of being part of a new breed of criminal hacker: not just in it for the fame--sure, he's getting his 15 minutes, although it could be more like 50 years--but rather after money. According to the charges against him, Ancheta even managed to collect nearly $60,000 by creating, spreading, and selling bots to the highest bidders. By all accounts, Ancheta is smart and motivated, and there was a market for his black-market guerrilla hacking tactics and tools. How do you stop a smart, motivated attacker from making your life miserable?

http://www.linuxsecurity.com/content/view/120765
 
  Gold at the end of rainbow cracking?
  10th, November, 2005

Over the past two years, three security enthusiasts from the United States and Europe set a host of computers to the task of creating eleven enormous tables of data that can be used to look up common passwords. The tables--totaling 500GB-- form the core data of a technique known as rainbow cracking, which uses vast dictionaries of data to let anyone reverse the process of creating hashes--the statistically unique codes that, among other duties, are used to obfuscate a user's password.

http://www.linuxsecurity.com/content/view/120783
 
  Unsecured Wi-Fi would be outlawed by N.Y. county
  7th, November, 2005

According to a new proposal being considered by a suburb of New York City, any business or home office with an open wireless connection but no separate server to fend off Internet attacks would be violating the law.

http://www.linuxsecurity.com/content/view/120744
 
  'Lupper' Attacks Linux Systems
  8th, November, 2005

Security specialist McAfee has discovered a new virus, an internet worm that is attacking Linux systems. The worm spreads by exploiting web servers hosting vulnerable PHP/ CGI scripts and has been named 'Lupper' by Mcafee. McAfee, which has rated Lupper as low risk, says that the worm is a modified derivative of the Linux/ Slapper and BSD/ Scalper worms from which it inherits its propagation strategy. It scans an entire class B subnet created by randomly choosing the first byte from a hard-coded list of A classes and randomly generating the second byte.

http://www.linuxsecurity.com/content/view/120754
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.