Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: September 1st, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Security Configuration Guides," "SSH Key-Based Attacks," and "Protecting Your MySQL Database From SQL Injection Attacks With GreenSQL."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.20 Now Available (Aug 19)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Firefox 3.0, released not too long ago, was generally well-received. It added a load of new features, while also providing much-needed speed improvements and better memory management. Some new features, however, have met more resistance - one of them is the rather complicated user interface thrown at users when they reach a website with an invalid or expired SSL certificate.
Find out why the new SSL certificate interface for Firefox 3.0 may be difficult to grasp for ordinary users, even though it is designed to improve user security. Check it out in the following article.
NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security.
The NSA has new page on their site with information on a tons of security resources for both open source and proprietary software. Check it out you might learn something new.
US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed.
Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.
The US-CERT released on there list of security vulnerability, a attack on SSH keys. If you want more detail on this security risk check out this article on their site.
Revealed: The Internet's Biggest Security Hole (Aug 27)
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
Find out about a new exploit that uses a weakness in the design of the internet's Border Gateway Protocol (BGP) to re-direct traffic to an eavesdropper. How do you think ISPs will respond to defending against this new technique? Check it out in the article below.
Next-generation Computer Antivirus System Developed (Aug 27)
Traditional antivirus software is installed on millions of individual computers around the world but according to researchers, antivirus software from popular vendors is increasingly ineffective. The researchers observed malware --malicious software--detection rates as low as 35 percent against the most recent threats and an average window of vulnerability exceeding 48 days. That means new threats went undetected for an average of seven weeks. The computer scientists also found severe vulnerabilities in the antivirus engines themselves.
The researchers' new approach, called CloudAV, moves antivirus functionality into the "network cloud" and off personal computers. CloudAV analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.
This is an interesting article about the research and development of improvements to virus scanner software. Do you think this new approach will help to catch more viruses on user's machines?
Mozilla Firefox Browser Gets Security Boost (Aug 26)
Carnegie-Mellon University Monday announced it's making available a free add-on to Mozilla Firefox 3.0 that's intended to boost browser security.
Find out about how you can protect your Firefox 3.0 browser from digital-certificate and man-in-the-middle threats by using the new free add-on from Carnegie Mellon University. Check it out in the following informative article.
Ubuntu Issues Security Patch For Kernel Flaw (Aug 26)
Ubuntu today became the latest Linux vendor to patch a vulnerability in the open source operating system's kernel that could have left the door open for hackers to find their way into users' machines.
In an email sent overnight, the Linux vendor warned users to update all machines running recent versions of Ubuntu, ranging from 6.06, which was released back in mid-2006, to version 8.04, which came out earlier this year. The problem also applied to other versions of Ubuntu such as Kubuntu, Edubuntu and Xubuntu.
I am glad to see Ubuntu letting users know that they should update their kernel's because of a security vulnerability. What do you think? Do you trust your distro to provide you with important computer security information?
Protecting Your MySQL Database From SQL Injection Attacks With GreenSQL (Aug 25)
SQL injection attacks can allow hackers to execute arbitrary SQL commands on your database through your Web site. To avoid these attacks, every piece of data supplied by a user on a Web form, through HTTP Post or CGI parameters, or other means, must be validated to not contain information that is not expected. GreenSQL is a firewall for SQL -- it sits between your Web site and MySQL database and decides which SQL statements should and should not be executed. At least that's the idea -- in execution, I found some open doors.
Do you want to know how you can protect your website's MySQL server from SQL injection attacks? Then read the following article which reviews GreenSQL, a proxy which guards against these types of attacks.
Online Intruders Hit Red Hat, Fedora Project (Aug 25)
The most significant breach involved a system used by the Fedora Project to sign the software packages used to automatically update end users' systems. The breach also affected the Fedora Project's database and proxy servers, hosted systems and collaboration network. A smaller number of servers used by Red Hat were affected by the breach, the Fedora Project stated in its announcement.
This article looks into the recent attack on the Fedora Project. What do you think the affects of this attack will be for Fedora users?
