Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: June 2nd, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "PHP, Python, Samba Get Security Tick of Approval," "Samba Dinged by ‘highly critical’ Flaw," and "Open CourseWare for Linux Geeks: 50+ Resources."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: The Book of Wireless - “The Book of Wireless” by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
sqlninja 0.2.3 released - Advanced Automated SQL Injection Tool for MS-SQL (May 30)
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Being able to upload 'netcat.exe' as 100% plain ASCII GET/POST requests and no FTP? Evasion techniques, code obfuscation, and DNS-tunneld pseudo shells? Sounds like an SQL Injection tool to check out!
PHP, Python, Samba Get Security Tick of Approval (May 30)
The Scan Report on Open Source Software 2008 by vendor Coverity has found the number of defective lines of code in open source software has decreased in the past two years. According to Coverity, which analyses open source software as part of the US Department of Homeland Security's open source software hardening project, fewer lines of defective code means the overall quality and security of the software is improving.
This report makes the point that open source security is definitely something to look at. I am glad to see that the open source community is getting attention of it's strength in security.
Researchers at Secunia have flagged a “highly critical” vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. According to an advisory from Secunia, the vulnerability affects Samba versions 3.0.28a and 3.0.29 and can be exploited by malicious people to compromise a vulnerable system.
How secure do you think your Samba setup is? I feel with the right steps anyone can make Samba secure.
Today we are excited to announce another community initiative--the Open Source Software Security community (oss-security). This project is an ongoing effort to manage security information in Open Source software by building on the collaborative foundation of the open source model.
Have you hear about the Open Source Software Security community project. The purpose of this project is to encourage public discussion of security flaws, concepts, and practices in the open source community.
There is a great debate on the bugtraq mailing list regarding the apache utf7 xss issue. In this debate William Rowe (Apache) discusses why the Apache utf7 vulnerability is in fact not a vulnerability in Apache but in Internet Explorer for not following specifications properly. William first posted to bugtraq http://seclists.org/bugtraq/2008/May/0166.html with the following "Internet Explorer's autodetection of UTF-7 clearly violates this specification, introducing the opportunity for myriad similar attacks. These are literally everywhere on the web today, we can trust the kids to continue to explore this vector until it is fixed by Microsoft."
What do you think about this debate? Who should be responsible in fixing this vulnerability? This article looks at both side of the debate, letting you decide.
Open CourseWare for Linux Geeks: 50+ Resources (May 27)
The Open CourseWare movement is centered on freedom of information, so it’s only natural that Open CourseWare offers education on an open format such as Linux. Whether you’re just getting started or are an advanced developer, there’s something out there for you to learn. Here, we’ve highlighted more than 50 of the best Linux courses you can take.
Knowledge is key whenever we wish to understand problems and properly solve them. Open CourseWare provides the following article for those wanting to find a focused group of Linux based courses where one can expand their overall knowledge of Linux.
