Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: April 28th, 2008
Source: LinuxSecurity.com Contributors - Posted by Ryan W. Maple
This week, perhaps the most interesting articles include "Targeted Attacks Using Malicious PDF Files", "Protecting Directory Trees with gpgdir", and "Introduction to Forensics."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: The Book of Wireless - “The Book of Wireless” by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Targeted Attacks Using Malicious PDF Files (Apr 25)
Dating back to the end of February, we have been tracking test runs of malicious PDF messages to very specific targets. These PDF files exploit the recent vulnerability CVE-2008-0655.
Ever since the end of March, beginning of April, the amount of samples seen in the wild has significantly increased. Interestingly enough, there is almost no "public, widespread" exploitation. All reports are limited to very specific, targeted attacks. However, due to the wide scope of these attacks, and the number of targets we know of, we feel a diary entry was in order.
Remember the old saying of "if it ain't broke, don't fix it"? It appears this exploit seems very focused on targeting not only the vulnerability mentioned in the article, but the very facet of sticking with stable software. Nothing is apparently "broken" about Adobe Acrobat v7, however as you can tell by the diary entry, updating is the key to preventing "it ain't broke" software from having to be "fixed" due to exploits such as this one.
gpgdir uses GNU Privacy Guard (GnuPG) to encrypt and decrypt files or a directory tree. You could accomplish the same objective by tarring the filesystem up and then encrypting the tar.gz file with GnuPG, but then you would still have to shred or wipe every file in the original directory tree. With gpgdir the whole tree is encrypted in one command.
Do you use gpgdir? What do you think about it? This article goes through everything you need to encrypt and data on your system.
Plat'Home's latest product, OpenBloks is a pint-sized Linux server that weighs in at a measly 225 grams. It's not much bigger than a deck of cards, but it can run many of the same server applications full-sized machines run. It's ideal for many surveillance and automation processes that rely heavily on reliability.
Check out this article for an interesting look into alternatives for huge rack-mount, power-eating servers. What do you feel are the postivies and negatives for this implementation of Linux servers?
A break-in can happen to any system administrator. Find out how to use Autopsy and Sleuthkit to hit the ground running on your first forensics project.
There are certain aspects to system administration that you can learn only from experience. Computer forensics (among other things the ability to piece together clues from a system to determine how an intruder broke in) can take years or even decades to master. If you have never conducted a forensics analysis on a computer, you might not even know exactly where to start. In this guide, I cover how to use the set of forensics tools in Sleuthkit with its Web front end, Autopsy, to organize your first forensics case.
Computer forensics is a important skill for an Linux administrator. This article looks into what you need to know to investigate if your network have been attacked.
WifiZoo v1.3 Released - Passive Info Gathering for Wifi (Apr 22)
WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security. The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering all wifi channels.
A quick war-drive around my neck of the woods still reveals plenty of open wifi networks (and for some reason a lot of them like to name their networks 'linksys'). Read on to see how WifiZoo can help you gain more information in your wonderful wild world of wireless!
Microsoft: Finding flaws on our website is OK (Apr 21)
In a first for a major company, Microsoft has publicly pledged not to sue or press charges against ethical hackers who responsibly find security flaws in its online services.
The promise, extended Saturday at the ToorCon security conference in Seattle, is a bold and significant move. While researchers are generally free to attack legally acquired software running on their own hardware, they can face severe penalties for probing websites that run on servers belonging to others. In some cases, organizations have pursued legal action against researchers who did nothing more than discover and responsibly report serious online vulnerabilities.
Although not exactly Linux-centric, according to this article Microsoft is at least making an effort to take a more "open source" approach to security. Read on for an interesting account of the security conference and let us know what you think about this topic!
A Linux system has two kinds of users: ordinary users and the root user. Each ordinary user has a robust set of permissions to manage his or her own files (and files that belong to a group that he or she is a member of), but an ordinary user cannot affect system configuration, start or stop essential services such as the SSH daemon, and cannot reserve a so-called privileged port, or any networking port numbered less than 1,024. The root user, though, is free to access and modify any file, perform any task, and affect the system at will.
We have all used sudo some point in using Linux but do you know the importance of sudo to Linux security? This article guides the user through everything a Linux user needs to know about sudo.
