LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: January 23rd 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Five Mistakes of Vulnerability Management," "Tips For Staying Secure in 2006," and "Stallman Speaks on the Future of GPL 3.0."


Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec


LINUX ADVISORY WATCH - This week, advisories were released for httpd, mod_auth_pgsql, auth_ldap, ethereal, struts, cups, gpdf, apache, and the kernel. The distributor for this week is Red Hat.

LinuxSecurity.com Feature Extras:

Hacks From Pax: SELinux Administration - This week, I'll talk about how an SELinux system differs from a standard Linux system in terms of administration. Most of what you already know about Linux system administration will still apply to an SELinux system, but there are some additions and changes that are critical to understand when using SELinux.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Cisco squashes VoIP, router bugs
  19th, January, 2006

Flaws in Cisco Systems software for routers and IP telephony could be a conduit for attacks on enterprise networks, the company has warned. On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs Internet-based phone calling. Two flaws exist in the software: One could allow an attacker to paralyze a Cisco IP telephony installation, the other could allow someone with read-only access to the system to gain full privileges, according to the alerts.

http://www.linuxsecurity.com/content/view/121238
 
  Five Mistakes of Vulnerability Management
  18th, January, 2006

Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done in conjunction with Microsoft Corp.'s monthly patch update. "Yet another group considers it a marketing buzzword made up by the vendors. This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.

http://www.linuxsecurity.com/content/view/121233
 
  Hey, hey it's Oracle patching day
  19th, January, 2006

Wednesday became a busy day for database administrators after Oracle released its quarterly patch update which, this time around, tackles more than 80 vulnerabilities in different Oracle software packages and components. Various flavours of Oracle database (37 security bugs), Oracle E-Business Suite and Applications (27), Oracle Collaboration Suite (20) and Oracle Application Server (17) are most in need of update.

http://www.linuxsecurity.com/content/view/121236
 
  Novell opens AppArmour source code
  17th, January, 2006

Looking to spread the usage of the AppArmour application security software it acquired when it bought Immunix, Novell announced last week that it would release the software's source code under the GNU General Public License (GPL) and sponsor a project to maintain and improve it.

http://www.linuxsecurity.com/content/view/121229
 
  D-Link Fortifies Security With Checkpoint Partnership
  18th, January, 2006

D-Link jumped aboard the unified threat management (UTM) bandwagon this week with a partnership with security vendor Checkpoint Software to develop a new line of small business-focused security appliances. Under the agreement, D-Link will weave Checkpoint's firewall and VPN technology into two new additions to its NetDefend line of SMB security appliances. Slated to be available sometime this quarter, the appliances are aimed at businesses of up to 100 seats and 25 VPN users.

http://www.linuxsecurity.com/content/view/121231
 
  Users take a shine to Fedora Directory Server 1.0
  19th, January, 2006

Putting on its fedora hat, Red Hat last month released the first version of its free, open-source Directory Server. The Fedora Project is Red Hat's pure open-source arm, with all product releases and source code being freely available without the company's licensing, or "subscription" restrictions, which are required for running Red Hat's enterprise product offerings.

http://www.linuxsecurity.com/content/view/121239
 
  Tips For Staying Secure in 2006
  16th, January, 2006

Securing data while it travels between applications, business partners, suppliers, customers, and other members of an extended enterprise is crucial. As enterprise networks continue to become increasingly accessible, so do the risks that information will be intercepted or altered in transmission.

http://www.linuxsecurity.com/content/view/121212
 
  Draft of GPL Version 3 now available for comment
  16th, January, 2006

The Free Software Foundation has published the first draft of the much-anticipated version 3 of the GNU General Public License. The draft of the new version is almost twice as long as version 2: It weighs in at more than 4,500 words, versus 2,900 for the earlier version.

http://www.linuxsecurity.com/content/view/121216
 
  Tracking the Attackers
  17th, January, 2006

It has become increasingly important for security professionals to deploy new detection mechanisms to track and capture an attacker's activities. Third Generation (GenIII) Honeynets provide all the components and tools required to gather this information at the deepest level. Sebek is the primary data capture tool for GenIII Honeynets.

http://www.linuxsecurity.com/content/view/121217
 
  Security Pros Get Their Due
  17th, January, 2006

There's a growing market for information security expertise, and salaries are reflecting heightened demand. But beware--when it comes to pay, there's essentially no difference between IS workers with high school diplomas and bachelor's degrees, according to the SANS Institute's 2005 Information Security Salary and Career Advancement survey of more than 4,250 IS pros. People with grad degrees can expect to earn significantly more, however.

http://www.linuxsecurity.com/content/view/121218
 
  IT security industry 'to be professionalised'
  18th, January, 2006

An organisation is being set up to ensure that IT security officers are competent, but it won't have the power to stop people working if they make mistakes IT security officers are to get their own professional body in the UK with the launch of the Institute of Information Security Professionals (IISP) next month. The IISP, which was given the go-ahead by the Department for Trade and Industry at the end of last year, is due to officially launch in February.

http://www.linuxsecurity.com/content/view/121232
 
  Hackers blackmail milliondollar site
  18th, January, 2006

The FBI is investigating the hijacking of milliondollarhomepage.com - the website that earned $1m (£566,000) for its British creator Alex Tew by hosting micro-advertisements - by hackers who demanded a ransom to restore the site. Mr Tew was sent a demand for $50,000 by e-mail by a hacker, believed to be Russian. When he refused, the website crashed.

http://www.linuxsecurity.com/content/view/121234
 
  New FBI Computer Crime Survey
  19th, January, 2006

Want insight into the cyber attacks that U.S. organizations are facing, what defenses they're using against these assaults, and the implications for industry and government? You'll be interested in reading the new 2005 FBI Computer Crime Survey (PDF), their largest survey on these issues to date.

http://www.linuxsecurity.com/content/view/121235
 
  Has Corporate Info Security Gotten Out of Hand?
  19th, January, 2006

What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline.

http://www.linuxsecurity.com/content/view/121237
 
  PC virus celebrates 20th birthday
  20th, January, 2006

Today, 19 January is the 20th anniversary for the appearance of the first PC virus. Brain, a boot sector virus, was let loose in January 1986. Brain spread via infected floppy disks and was a relatively innocuous nuisance in contrast with modern Trojan, rootkits and other malware. The appearance of the first Windows malware nonetheless set in train a chain of events that led up to today's computer virus landscape.

http://www.linuxsecurity.com/content/view/121243
 
  Computer crime costs $67 billion, FBI says
  20th, January, 2006

Dealing with viruses, spyware, PC theft and other computer-related crimes costs U.S. businesses a staggering $67.2 billion a year, according to the FBI. The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period.

http://www.linuxsecurity.com/content/view/121244
 
  Stallman Speaks on the Future of GPL 3.0
  20th, January, 2006

Q&A: Richard Stallman, founder of the FSF, talks about his goals for the GPL and the hopes and fears of free software advocates. The update to the GNU General Public License 2.0, which was some five years in the making, was released this week for a year of public commentary.

http://www.linuxsecurity.com/content/view/121245
 
  Flaw researcher offers ad space in report
  20th, January, 2006

A security researcher who previously tried to auction off a vulnerability in Microsoft Excel plans to sell ad space in the public report about the flaw, SecurityFocus has learned.

http://www.linuxsecurity.com/content/view/121246
 
  Novell urged to build open source around AppArmor Linux
  20th, January, 2006

On Jan. 10 2005, Novell announced the creation of the AppArmor project, an open-source project designed to develop Linux application security using Novell's AppArmor technology. AppArmor technology has previously been available with SUSE Linux 10.0 and Novell's SUSE Linux Enterprise Server 9 Service Pack 3. However, Gartner warned that the move does not guarantee that the AppArmor project will be successful.

http://www.linuxsecurity.com/content/view/121247
 
  US tests e-Passports
  16th, January, 2006

The US government has started testing electronic passports which contain an RFID chip holding information and a digital photo of the passport's carrier. The tests started yesterday at San Francisco airport, Changi Airport in Singapore and Sydney Airport in Australia. Singapore Airlines crew, some US diplomats and some citizens from Australia and New Zealand are carrying the new passports.

http://www.linuxsecurity.com/content/view/121214
 
  DOD Eyes Network Revamp
  17th, January, 2006

The U.S. Military's point man for global network operations says that a total overhaul of the government's classified and unclassified information networks may be necessary to ward off legions of hackers and adequately protect the military from crippling attacks in future conflicts.

http://www.linuxsecurity.com/content/view/121219
 
  Hackers: If You Can't Beat 'em, Recruit 'em
  16th, January, 2006

In the days of increased reliance on the Internet, hackers are making computers increasingly unsafe. To counter that, IT security firms are turning around and hiring talented hackers to find security system holes. Sebastian Schreiber's face lights up with a mischievous grin and his eyes gleam with excitement as he talks about computer hack attacks.

http://www.linuxsecurity.com/content/view/121215
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
CryptoWalls Haul: $1M in Six Months
A Google Site Meant to Protect You Is Helping Hackers Attack You
The Main Suspect Blamed For The Jennifer Lawrence Nude Leak Says He Is Innocent
Inside Google's Secret Drone-Delivery Program
Hackers Build a Skype Thats Not Controlled by Microsoft
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.