Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: January 28th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Anti Tamper Module for Apache," "Linux security guru joins Microsoft," and "Sourcefire boasts strong IPS management toolset."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
SSH: Best Practices - If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible?
Read on for my best practices for using Secure Shell.
Open Source Tool of the Month: GnuPG! - It’s the new year! And to start it off right, LinuxSecurity.com wants to start things off with January’s Open Source Tool of the month: GnuPG!
Encryption is one of the main pillars of security, and GnuPG is a robust and flexible tool with great functionality that is fully GPL Licensed. And since it just celebrated its landmark 10th Anniversary, it was an easy choice for our tool of the month.
Ten years is a long time in the open source community; a very long time. Lasting a decade, especially in these years of open source development, is nothing short of remarkable. And like all great open source projects, it came from humble beginnings - it was initiated as a way to encrypt data without relying on restricted patents (namely RSA and IDEA) by Werner Koch from Germany. Why?
Back in 1999 Richard Stallman was interested in pursuing a PGP replacement after existing patents had run out and had decided to turn to European developers...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
The old adage, you get what you pay for, doesn’t have to apply. In fact, for a small business the high price tag of “threat management” software can often mean a company will just go without to its detriment. Here’s some high quality free and open source software to help, at a price any CFO will love.
This is a great article. What are the 5 best FOSS security applications for businesses?? The strength and weaknesses? Well he goes over the value of Snort, ClamAV, SpamAssassin, L7 Filter and Open VPN, and discusses the value issues for businesses.
A new bug in Firefox could be used by attackers to scout out a system prior to mounting a more thorough assault, according to Mozilla's head of security.
The flaw, said Window Snyder, Mozilla's chief security officer, is in the browser's chrome protocol - 'chrome' is the Firefox term for its user interface - as she responded to reports of the vulnerability and the public posting of a proof-of-concept exploit.
Flaw in Firefox Add-On could lead to data leak (Jan 24)
Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.
The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.
Of course, the issue is affecting certain add-ons, and it's likely it can be dealt with soon, or averted. The add-ons that are affected include Download Statusbar or Greasemonkey, becuase they store scripts in such a way that they could be found on the hard drive.
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
I am interested if anyone has tested out mod_anti_tamper. I like using mod_security but mod_anti_tamper look like it will work well side my side with mod_security increase a web servers security.
First Case of "Drive-by Pharming" Identified in the Wild (Jan 23)
The theory is now a reality. Symantec reported Tuesday that drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild.
This type of attack goes to another level of "sneakiness" by aiming at your actual broadband router. The good news is that it takes advantage of default usernames and passwords - you did change these settings, didn't you?
Crispin Cowan, the Linux security expert behind StackGard, the Immunix Linux distro and AppArmor, has joined the Windows security team.
Originally posted by a blogger over at Microsoft. It's interesting though - what is making Microsoft go for Linux security professionals? Is there something inherently more effective about security developers with an Open Source background? Something else?
Do you use Apache? HTTP Server versions get Security Fixes (Jan 21)
Announced today, the Apache HTTP Server Project has new versions for 1.3.41, 2.0.63 and 2.2.8. 9 updates have been included and show that the project fixed some big bugs for these specific projects. Among some of the major fixes included those to mod_status and mod_proxy.
Some positives, some negatives. So it goes with Sourcefire's most recent release of their 3D IPS System. This review covers the big changes with two aspects of their software: RNA (Realtime Network Awareness) and RUA (Realtime User Awareness). With this release they've upgraded RNA by including it into macro management.
Two of the most important changes in 3D System Version 4.7 lie in the RNA and RUA components. When we looked at the RNA in its first releases, we found its ability to provide network visibility by passively discovering systems, applications and vulnerabilities useful. However, RNA was not integrated into IDS and IPS policy definition at that point. In this release, Sourcefire finally brings RNA into the big picture by letting the network manager easily use RNA-discovered information to refine IDS and IPS policy and build compliance policies.
