Linux Security Week - December 6th 2004
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include, Anti-Hacker Tool Kit 2/e, A Secure Network Needs Informed Workers, Network Forensic Tools, and Transcript of the Launch Chat.

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

Linux Advisory Watch - This week advisories were released for java, abiworld, cyrus, squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Trustix, Red Hat, and SuSE. Feature Extras:

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Anti-Hacker Tool Kit 2/e
  2nd, December, 2004

In every day life people do all sorts of things with all sorts of tools. But, do they get it right? Every tool has to be used in a certain manner, and if one doesnÕt know how to use it, the result can be damage. It's the same is with computer and network security tools. Before you can select the right tools for the job, you have to know what tools are available and learn how to use them.
  Panelists: A Secure Network Needs Informed Workers
  1st, December, 2004

Analysts, law enforcement agents and corporate IT managers focused on surprisingly nontechnical security solutions Tuesday as they discussed the latest risks to corporate networks as part of Ziff Davis Media's online "virtual" tradeshow on security.
  Network Forensic Tools
  3rd, December, 2004

Stage 1: Network-capable initial analysis products for first responders, such as Guidance's EnCase Enterprise Edition and Technology Pathway's ProDiscover. These two products can acquire drive images remotely in a live environment, and their use eliminates the need for the Stage 2 tools.
  Transcript of Launch Chat
  2nd, December, 2004

To celebrate the launch of the new, we hosted a community chat event. It was held yesterday (December 1st 2004) at 4:00pm, and featured several prominent visionaries from the open source community including Jay Beale, Brian Hatch, Paul Vixie, Lance Spitzner, and Dave Wreski. The topics discussed ranged from authentication, patch management, honeypots, virtues of open source, SELinux, as well as others. We are planning another event to held in January; please send us your ideas!
  Unprotected PCs can be hijacked in minutes
  30th, November, 2004

Simply connecting to the Internet -- and doing nothing else -- exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.
  AirTight Networks announced first Wi-Fi Firewall
  1st, December, 2004

AirTight Networks, formerly Wibhu Technologies, announced on Tuesday the availability of SpectraGuard 2.0, the first Wi-Fi firewall to protect enterprise networks from wireless security threats.
  There Is Intelligent Life On Protego's New Security Appliance, PN-MARS
  3rd, December, 2004

Protego Networks' line of PN-MARS security appliances helps network administrators manage and eliminate network attacks by combining intelligence, ContextCorrelation, SureVector analysis and AutoMitigate capability in a hardware-based solution that's easy to deploy. The appliance correlates data about security and network events from switches, routers, firewalls, intrusion-detection systems (IDSes), host logs and other hardware and software sources, and identifies incidents such as worms, Trojans, blended attacks, misconfigurations and internal abuse.
  Linux Netwosix 1.2 Jinko is released
  28th, November, 2004

I'm ready to announce that Linux Netwosix 1.2 is ready. I have completely rebuilt , upgraded and secured the system. Please, read the Announcement Release. Is based on the powerful and reliable Kernel 2.6.9 and has been created for the requirements of every SysAdmin. Nepote contains the updated packages. You can download Netwosix from our Download Center or from one of our mirrors. Thank you!
  Federated ID facilitates Web services
  1st, December, 2004

Companies looking to make Web services available to business partners and their respective user bases must first figure out how to federate identity. Federated identity management refers to managing access so that only those who have a right to use specific services may do so.
  User knowledge key to good security
  1st, December, 2004

Given the continual drive to secure today's enterprises, and in light of National Computer Security Day celebrated this week, Security Pipeline tapped Kathleen M. Coe, Symantec Corp.'s regional education director of education services, for insight on how to foster better user security behavior, as well as how to seed a strong corporate security culture companies require today.
  Why you should take information security seriously
  1st, December, 2004

All of us rely on information every day in just about every aspect of our life. As information is so important, we tend to rank it by its reliability. There are some people whose opinion we trust implicitly on certain matters. We accept as a matter of course that information is only valuable if it is accurate. The most valuable sources of information are those that are seen to be inherently reliable and easy to access.
  Community Spam Fighting Effort Faces Heat
  2nd, December, 2004

Lycos Europe is offering a "screensaver that spams the spammers," using idle computer time to attack sites that have been blacklisted for abusive spamming practices. Monitoring of three of the targets housed on Chinese servers shows that two of the sites, and, have been knocked offline by the attack. A third target,, has remained largely available, with intermittent outages.
  Follow-up: Lycos pulls anti-spam screensaver from site
  3rd, December, 2004

Lycos Europe appeared to have pulled a controversial anti-spam screensaver program from its site on Friday, after coming under fire from both security experts and the spammers themselves.
  FBI's Cyber-Crime Chief Relates Struggle for Top Talent
  1st, December, 2004

The FBI's inability to recruit and keep the best available IT talent has proven to be one of the biggest challenges facing the government's Internet Crime Complaint Center (I3C), a senior official said Tuesday.
  Linux in Government: The Government Open Code Collaborative
  3rd, December, 2004

As we celebrate the holiday season and prepare for the next round of legislation, a group of state and local governments has banded together to collect and distribute freely the costly software that normally runs taxpayers $100 billion annually. Called the Government Open Code Collaborative or, this organization states that its members work together voluntarily to encourage "the sharing, at no cost, of computer code developed for and by government entities where the redistribution of this code is allowed".
  Is Cyberterrorism Being Thwarted?
  3rd, December, 2004

Recently, there's been increased criticism of the federal government's efforts to secure the Internet. The September departure of Amit Yoran from the Department of Homeland Security was widely cited as indicative of problems that run deep, not just through DHS, but the entire government. While everyone agrees there's much work to do, it's important to recognize the accomplishments of the past few years.
  Hacking tool reportedly draws FBI subpoenas
  1st, December, 2004

The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site,
  SCO hacked in apparent IP protest
  1st, December, 2004

Visitors to SCO's website this morning were treated to a rare moment of corporate self-awareness after hackers apparently replaced an image linking to the undoubtedly scintillating "Extending Legacy Applications and Databases to the Web and Wireless Devices with SCOx Web Services Substrate" with a graphic bearing the rather more promising "We own all your code - pay us all your money":
  Bad, Bad Bots
  1st, December, 2004

Automated attacks are coming from unexpected quarters--from across the globe, across town, and most creepily, even from across the hall. According to a recent report from anti-virus vendor Symantec, this year's 450 percent increase in the number of attacks on Windows machines is evidence that automation is proving as efficient for 21st-Century hackers as it did for 20th-Century manufacturers.
  Mobile & Wireless: Security was the Watchword in 2004
  1st, December, 2004

It's no surprise that the issue that topped the Wi-Fi agenda in 2004 was the same one that's plagued it almost from its introduction. Security, or rather "lack thereof," was an inherent problem in WEP (Wired Equivalent Privacy), the native security spec in the 802.11 IEEE standard.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!