Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: November 10th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Automatically mount Encrypted Filesystems at Login With pam_mount," "Rreally Simple Keyless Steganography For Linux," and "Be Aware of SOA Application Security Issues."
Norwich University's Master of Science in Information Assurance
(MSIA) program, designated by the National Security Agency as providing academically excellent education in Information Assurance, provides you with the skills to manage and lead an organization-wide information security program and the tools to fluently communicate the intricacies of information security at an executive level.
Learn more
LinuxSecurity.com
Feature Extras:
Never Installed a Firewall on Ubuntu? Try Firestarter - When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing.
Read on for more information on Firestarter.
Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.21 Now Available (Oct 7)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Automatically mount Encrypted Filesystems at Login With pam_mount (Nov 7)
The pam_mount project lets you unlock an encrypted filesystem automatically when you log in. The same password used to log in is used as the key to unlock the encrypted filesystem, so you only need to type it once. Using this method, you can easily share a laptop and have only a single user's home directory unlocked and mounted when he logs in. And pam_mount can mount any filesystem, not just encrypted filesystems, so you can use it, for example, with an NFS share that you are interested in but which you might not like to leave mounted when you are not logged in.
Did you ever wanted to know how to mount an encrypted filesystem automatically? This article will show you how.
These days, most of us can use our Wi-Fi cards on Linux using native drivers. Some of us, though, are still stuck with using Windows drivers on Linux. This kludge is usually done by using the Windows driver with NDISwrapper. Unfortunately, it's recently been discovered that there's a crack in the kludge.
Do you think this bug is capable enough to crash a system? Read on for more information.
Firefox 3.1 will Have a Private Browsing Mode (Nov 6)
Mozilla is adding a private browser feature to its forthcoming Firefox 3.1 release. Private browsing aims to help users make sure their Web browsing doesn't leave traces on their computers, said the function's developer, Ehsan Akhgari. Akhgari said. "Private browsing is only about making sure that Firefox doesn't store any data which can be used to trace your online activities -- no more, no less."
Will you be using the new private browser mode that will be included in Firefox 3.1? Check out this article to learn more about it.
Rreally Simple Keyless Steganography For Linux (Nov 5)
Today we're going to take a look at a topic that most people are probably familiar with to one degree or another. To use the dictionary definition, steganography is the art of "hiding a secret message within a larger one in such a way that others can not discern the presence or contents of the hidden message."
I find steganography to be an interesting part of computer security. It's not as popular as encryptions but it does have some uses. This article discusses the basics of this technology.
Solving Privacy Issues in Ubuntu 8.10 Intrepid Ibex (Nov 4)
One of the new features in Ubuntu 8.10 is the ability to create an encrypted directory for content you do not want others to access. Oh, by the way, did you know that anyone can read your files that are in your home directory?
Do you want to know how you can protect the privacy of your data on Ubuntu 8.10? Check out this article which tells you alternative ways to do this including a cryptographic filesystem package.
The Metasploit Project develops a set of security tools to create and execute exploit code on remote computers. Some people say Metasploit makes the job easier for black hat hackers who attack networks looking for vulnerabilities to take advantage of; others says the tool helps network security administrators do a better job of finding and repairing weaknesses before the bad guys get to them. H.D. Moore, the 20-something creator of the Metasploit Project, says it all depends on your perspective.
Have you ever used Metasploit? This article looks at the creator of Metasploit H.D. Moore and how he started this project.
Be Aware of SOA Application Security Issues (Nov 3)
"Extensible Markup Language (XML), Web services, and service-oriented architecture (SOA) are the latest craze in the software development world. These buzzwords burn particularly bright in large enterprises with hundreds or thousands of systems that were developed independently. If these disparate systems can be made to work together using open standards, a tremendous amount of time, money, and frustration can be saved. Whether or not we are on the verge of a new era in software, the goal alone is enough to make security people cringe. It might be easy to glue System A and System B together, but will the combination be secure?
Have you ever used or developed a SOA application? If so, you might be interested in this article that talks about some security concerns with it.
