Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: June 1st, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Linux-ready networking SoCs scale to 40 cores," "Members Of Legendary '90s Hacker Group Relaunch Password-Cracking Tool," and "Snort To Go Virtual".
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Review: Malware-fighting firewalls miss the mark (May 30)
Many of today's UTM boxes have their roots in Linux. Which perform best?The InfoWorld Test Center attacks Astaro, SonicWall, WatchGuard, and ZyXel firewalls, and only one puts up a fight. Indeed, a rapidly growing number of small and mid-size companies are opting for the administrative and operational simplicity of the single-box solution. And so we decided that UTMs aimed at the mid-size company were the perfect group to use for the rollout of InfoWorld's new firewall and UTM test protocols. When we began this process well over a year ago, we asked for input from virtually every firewall and UTM vendor we knew, and we invited every UTM vendor we could find to send us an appliance to test. In the end, four vendors answered the call. Astaro, SonicWall, WatchGuard, and ZyXel submitted units for this first set of tests.
Linux-ready networking SoCs scale to 40 cores (May 29)
LinuxDevices has a neat article describing a new $275 processor that works well in UTM, crypto, intrusion detection, and other security-related applications.Netronome announced new multi-core "network flow processors" that are backward-compatible with Intel's IXP28xx, but claimed to offer over twice the MIPS. The Linux-compatible NFP-32xx system-on-chips scale from 16 to 40 cores, offer 20Gbps throughput, and provide a programmable dataplane, virtualization, and security processing, says the company.
Members Of Legendary '90s Hacker Group Relaunch Password-Cracking Tool (May 29)
Another article discussing the legendary l0phtcrack password cracking and auditing tool. Works on crypt, NTLM Windows passwords, and many other types. Great stuff. It's official: The famous password-cracking tool L0phtCrack is back, and its creators plan to keep it that way.
L0phtCrack 6 tool, released Wednesday, was developed in 1997 by Christien Rioux, Chris Wysopal, and Peiter "Mudge" Zatko from the former L0pht Heavy Industries -- the hacker think tank best known for testifying before Congress that it could shut down the Internet in 30 minutes. In January of this year, Rioux, Wysopal, and Zatko bought back L0phtCrack from Symantec, and later announced they would build a new version of the tool with support for 64-bit Windows platforms and other new features.
Open source IDS/IPS celebrates its tenth year with an all-new platform in the works, a new release candidate, and plans for a commercial a virtual appliance. The 10-year-old Snort IDS/IPS technology on which many of today's intrusion prevention products are based is poised for a face-lift.
U.S. Cyberattack Console Aims to Turn Grunts into Hackers (May 28)
Don't tools like this already exist on the Internet and through open source that enable script kiddies to launch an attack? The U.S. military is putting together a suite of hacking tools that could one day make breaking into networks as easy for the average grunt as kicking down a door.
That's the word from Aviation Week, which snuck an unusual peek inside a "U.S. cyberwarfare attack laboratory." There, researchers are building a "device" that would "weaponiz[e] cyberattack for the non-cyberspecialist, military user."
In the beginning was the firewall, and it was pretty good. A big box of rules that sat between your network and the evils of the Internet, the firewall examined ports and protocols to decide which packets got in and which were barred at the door. Then things got, as things often do, complicated. New threats came sneaking in on trusted protocols, ports and protocols became tangled, and looking inside packets became just as important as noting their source, destination, and type.
Test the strength of your password policy (May 27)
Great article on cracking passwords, including info from Bruce Schneier. Don't forget about l0phtcrack for some serious 64-bit auditing and recovery. What tools do you use?Roger Grimes presents a useful tool for figuring out how susceptible your network might be to a password-cracking attack. Most password-cracking scenarios focus on attacks that convert a captured hash to its plain-text password equivalent using an offline attack and hash or rainbow table database. Capturing password hashes assumes a lot. In most cases, the attacker must have highly privileged access (admin or root) to get to the hashes; if they do, they can inflict much more other damage. So why just discuss password cracking?
Presentation "Using Nessus In Web Application Assessments" (May 27)
Thanks to Taylor for sending this in. Great presentation on using Nessus to test web applications three different ways.At a recent OWASP meeting in Princeton, NJ I gave a short presentation on some techniques to have Nessus dig deeper into your web applications. There are several approaches to web application testing. You can download the slides from the presentation and see step-by-step how to configure Nessus to scan web applications, the options available for local checking and configuration auditing, and even how to tune the audit policies with custom checks.
Red Hat Sues Switzerland Over Microsoft Monopoly (May 26)
This could set an interesting precedent. I understood that European adoption of open source was very high. In fact, higher than in some areas in the US. Is Red Hat fighting a losing battle?£8 million a year to Microsoft, with no public bidding. And that's just the tip of the iceberg, say open source activists.
Linux vendor Red Hat, and 17 other vendors, have protested a Swiss government contract given to Microsoft without any public bidding. The move exposes a wider Microsoft monopoly that European governments accept, despite their lip service for open source, according to commentators.
Here's an OS News link to a LKML discussion with Eric Paris. Looks intersting.Eric Paris, a SELinux developer, has announced today a new SELinux feature: "Dan and I (mostly Dan) have started to play with using SELinux to confine random untrusted binaries. The program is called 'sandbox.' The idea is to allow administrators to lock down tightly untrusted applications in a sandbox where they can not use the network and open/create any file that is not handed to the process. Can be used to protect a system while allowing it to run some untrusted binary."
Pirate Bay Money Squeeze Rejected by Court (May 26)
The request from four major record labels to fine the Pirate Bay operators for every day the site remains up and running was declined by the Swedish District Court today. Contrary to what the labels had requested, the court said it wants to hear the defendants before it will take any action.
Clickjacking: Hijacking clicks on the Internet (May 25)
Read on for info on this new security vulnerability, and learn exactly how it works. Lots of people seem to have an opinion on this article at CNET. Do you see this vulnerability as being a big problem for you? "Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site."
The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly.
