Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: January 16th 2006 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Advancing Firewall Protection," "Five mistakes of vulnerability management," and "A Step-By-Step Guide to Computer Attacks and Effective Defenses."

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

LINUX ADVISORY WATCH - This week, perhaps the most interesting articles include hylafax, hal, poppler, pdftohtml, libpaperl, xpdf, gpdf, and apache2. The distributors include Gentoo and Mandriva. Feature Extras:

Hacks From Pax: SELinux Administration - This week, I'll talk about how an SELinux system differs from a standard Linux system in terms of administration. Most of what you already know about Linux system administration will still apply to an SELinux system, but there are some additions and changes that are critical to understand when using SELinux.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Review: Advancing Firewall Protection
  9th, January, 2006

With more than one million users, U.K.-based SmoothWall's Firewall may just be the most popular software firewall that has yet to become a household name. Test Center engineers recently took at look at products from SmoothWall to see what all the buzz is about and to see exactly why one million users have chosen the product.
  A better VNC with FreeNX for remote desktop control
  9th, January, 2006

VNC is well-known for allowing the remote control of another desktop machine via your own computer. For instance, using VNC you can easily control your home PC from work, and vice versa. The problem with VNC is that it's not overly secure and it can be quite slow, particularly if you have a lot of fancy graphics or backgrounds on the remote computer. Other solutions also exist for remote control of a GUI, such as running X over ssh, proprietary tools like Apple's Remote Desktop, etc., but they all tend to have the same drawbacks; they are either insecure or tend to be slow.
  Hackers are ready for IPv6â€?are you?
  10th, January, 2006

One of the arguments for moving to version 6 of the Internet Protocols is that it will offer more security. This may well be true in the long run. But for the time being, IPv6 is likely to introduce more complexity and create more problems than it solves. "The hackers currently have the lead" in IPv6 technology, said Dave Goodrum, systems engineer for NFR Security Inc. of Rockville, Md.
  It's time to take IPS seriously
  13th, January, 2006

Fear unites us. We used to be afraid of network problems, such as bandwidth and broken switches. Now we're afraid of the bad guys. Our networks must be connected to the Internet, yet the Internet is a cesspool of attackers constantly hammering on our defences, looking for that chink in the armour. It's not just the Internet: we fear our own users, lest their indispensable laptops acquire some vagrant affliction while driving by a Starbucks Wi-Fi hot spot.
  Security flaws on the rise, questions remain
  11th, January, 2006

After three years of modest or no gains, the number of publicly reported vulnerabilities jumped in 2005, boosted by easy-to-find bugs in web applications. Yet, questions remain about the value of analyzing current databases, whose data rarely correlates easily. A survey of four major vulnerability databases found that the number of flaws counted by each in the past five years differed significantly. However, three of the four databases exhibited a relative plateau in the number of flaws publicly disclosed in 2002 through 2004. And, every database saw a significant increase in their count of the flaws disclosed in 2005.
  Five mistakes of vulnerability management
  12th, January, 2006

Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done with Microsoft Corp.'s monthly patch update. Yet another group considers it a marketing buzzword made up by vendors. This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.
  Linux Command Reference: Linux Shortcuts and Commands
  13th, January, 2006

This is a practical selection of the commands we use most often. Press to see the listing of all available command (on your PATH). On my small home system, it says there are 2595 executables on my PATH. Many of these "commands" can be accessed from your favourite GUI front-end (probably KDE or Gnome) by clicking on the right menu or button. They can all be run from the command line. Programs that require GUI have to be run from a terminal opened under a GUI.
  Apache shot with security holes
  9th, January, 2006

Companies running Apache and a PostgreSQL database are at risk from serious Internet intrusion. Red Hat warned of a flaw late last week in mod_auth_pgsql, an Apache module that allows authentication against information in popular open-source database PostgreSQL.
  Novell delivers security shield for Linux computers
  10th, January, 2006

Novell plans to release software on Tuesday that is designed to make it harder for new attacks to compromise existing Linux-based computers. The software, called AppArmor, is one of several products in the security realm based on the idea of mandatory access controls. The technology limits a running software program's privileges only to those absolutely necessary.
  A Step-By-Step Guide to Computer Attacks and Effective Defenses
  9th, January, 2006

Five years after writing one of the original books in the hack attack and countermeasures genre of books, Ed Skoudis has teamed up with Tom Liston to create a revised and updated version. Counter Hack Reloaded brings Counter Hack up to date with new technologies and attack types as well as providing the informaion you need to protect your computer and network from being targeted by these attacks.
  Information Security Salaries Rise
  10th, January, 2006

A new study released today confirms that there is indeed a growing market for IS expertise. Alan Paller, director of research at The SANS Institute, a respected IT research and education organization, suggests that people "are waking up to the fact that there's a shortage of security talent." The SANS Institute's 2005 Information Security Salary and Career Advancement study of over 4,250 IS pros finds that compensation for IS jobs is strong and growing. For U.S. IS professionals, the median income, including bonuses, is now $81,558. In Great Britain, it's $76,389. In Canada, it's $67,982. In the rest of the world, it's $51,250.
  Rising to a Higher Standard Isn't Easy
  10th, January, 2006

Some employees are held to a higher standard of behavior than most. Anyone in a position with broad powers or influence falls into this group, including accountants, managers, systems administrators -- and information security professionals. Like systems administrators, information security professionals generally have access to a great deal of data and information. Even if they don't have direct access, they generally know how to obtain it by exploiting a weakness (like hackers, but with the opposite intent) or by simply giving themselves elevated privileges.
  Debate Looms for GPL 3 Draft
  10th, January, 2006

The first draft of GNU General Public License Version 3 will be unveiled next week at the Massachusetts Institute of Technology in Cambridge, Mass., but that milestone is likely to be more of a beginning than an ending.
  Feds to banks: Put security policies in writing
  11th, January, 2006

Even if federal law doesn't explicitly say so, all companies that handle personal information for their customers should have written security policies, a computer security attorney said Tuesday. Last month, the Federal Reserve Board, which governs the U.S. banking industry, issued a new guide stating that all banks and other financial institutions must take certain steps to safeguard the personal data they handle.
  Establishing Information Security Standards
  11th, January, 2006

This Small-Entity Compliance Guide1 is intended to help financial institutions2 comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines).3 The guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs.
  Homeland Security Extends Scope To Open Source Software
  11th, January, 2006

Through its Science and Technology Directorate, the Homeland Security Department has given $1.24 million in funding to Stanford University, Coverity and Symantec to hunt for security bugs in open-source software and to improve Coverity's commercial tool for source code analysis.
  FBI says attacks succeeding despite security investments
  11th, January, 2006

Despite investing in a variety of security technologies, enterprises continue to suffer network attacks at the hands of malware writers and inside operatives, according to an annual FBI report released today. Many security incidents continue to go unreported.
  Linux Security: A Good Thing Keeps Getting Better
  12th, January, 2006

A tech expert explains why Linux has remained a bright spot in an increasingly grim IT security picture, and how businesses can ensure effective, reliable security for their own Linux-based systems.

Linux has never had to face the challenges that Microsoft Windows faces now (and in the past) in those areas of security that we are most familiar with today. Specifically those relating to client use of an OS.
  Linux Security HOWTO Updated
  12th, January, 2006

The Linux Security HOWTO has been revised and updated. The HOWTO provides a great overview of all issues involved in securing a Linux system, with links to software and other great sources of information on practical methods of enhancing the security of any Linux-based system.
  Mozilla Releases Thunderbird 1.5
  13th, January, 2006

Mozilla Corp. on Thursday released the 1.5 version of its Thunderbird e-mail client, building and improving on automated spam and security control as well as offering easy access to podcasts. Based on a year of feedback from its user base, Thunderbird said it has improved its updating procedures in the release for automatic downloading of some updates in background mode while prompting users when the updates are ready for installation.
  RSS malware plague predicted for 2006
  13th, January, 2006

The fast growing popularity of RSS (really simple syndication) means that the technology will pose increasingly significant problems for IT security professionals this year, new research has warned. ScanSafe's latest web security report notes an explosive growth in the use of RSS feeds to pull updated content via HTTP and XML rather than having it being pushed to them by SMTP.
  Three more states add laws on data breaches
  9th, January, 2006

Companies struggling to keep up with a patchwork of state laws related to data privacy and information security have three more to contend with, as new security-breach notification laws went into effect in Illinois, Louisiana and New Jersey on Jan. 1. Like existing statutes in more than 20 other states, the new laws prescribe various actions that companies are required to take in the event of a security breach involving the compromise of personal data about their customers.
  Nine city hotspots will offer wireless internet use
  12th, January, 2006

From March, residents in nine urban centres across Britain will be able to access the internet from their laptops outdoors, without cables, and use their mobile phones to make calls over the web after a small technology firm launches the first part of a nationwide WiFi network. The move to roll out wireless internet technology will threaten the revenues of Britain’s mobile phone operators.
  Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module
  13th, January, 2006

The sad thing about buffer overflow exploits is that good programming practices could wipe out even potential exploits, however, that simply has not happened. The own defence against such exploits should revolve around controlling access to sensitive systems, installing software updates that replace exploitable software, and being aware of what a buffer overflow exploit looks like when your system is the intended victim.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.