Linux Security Week - December 13th 2004
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "What is policy enforcement, and why should we care," "Linux Camp Takes New Tack on Kernel," and "Sarbanes-Oxley: An Opportunity for Security Professionals."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux. Feature Extras:

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Xandros Steps Up Security in New Desktop Linux
  9th, December, 2004

Linux desktop vendor Xandros Inc. on Wednesday released the latest version of its flagship operating system, Xandros Desktop Operating System 3.0. This latest descendant of the first mass-market Linux desktop, Corel Linux, uses the KDE 3.3 interface. It is built on the foundation of a Linux 2.6.9 kernel.
  New set of Linux security flaws discovered
  9th, December, 2004

A security researcher has uncovered another set of security flaws in an image component, which could put Linux users at risk of system compromise if they view a maliciously crafted image.

  Hot Pick: SQL Guard
  7th, December, 2004

Similar to a firewall, SQL Guard's filtering rules alert security managers to traffic from defined sources and users or to traffic that includes particular commands, such as excessive logons, one-user/one-IP, clients executing administrative commands, SQL overflows and SQL injection attacks.
  The Threats To Come
  7th, December, 2004

As security pros protect their applications and networks from today's most common attacks, hackers are preparing to wage new wars. As new technologies such as Web services, radio-frequency identification, and smart phones loaded with complex operating systems become prevalent, new attack techniques against business-technology systems will follow.

  Security 'Honey Pots' May Snare Private Details
  8th, December, 2004

Though some legal issues still surround "honey pots," their use within the security industry is fairly common and is considered a critical weapon in fighting malicious hackers and viruses.

  How to verify that Snort is operating
  7th, December, 2004

Is your new Snort system running too quietly? Whether you're new to using Snort or you've deployed it on a new platform -- a low-noise level may have you worried. It could be a tightly-tuned (or too tightly-tuned) system, or you may have the IDS residing on a quiet network segment. Fortunately, several methods exist for testing Snort over the wire to ensure it's working properly in your environment.

  Sarbanes-Oxley: An Opportunity for Security Professionals
  6th, December, 2004

Sarbanes-Oxley (SOX) is not just another regulation security professionals have to contend with in your already very busy lives. Instead, SOX should be viewed as opportunity for security teams to demonstrate your value as a key enabler of creating a sound business environment at the highest levels within your organizations. SOX presents this opportunity to every company, whether already a public entity that has to comply or private companies who fall outside mandated compliance, by providing a model for sound internal controls and a template to demonstrate the effectiveness those controls to executive management.
  Linux Camp Takes New Tack on Kernel
  6th, December, 2004

A stable and mature Linux kernel is enabling its chief developers to shift away from the common kernel development model to one that will result in more frequent releases.

  Security Sells
  6th, December, 2004

If the challenge for CSOs is to market themselvesÑand the security messageÑmore effectively, then surely the companies below must represent the end goal. Citigroup, Microsoft, OnStar and El-Al are so security-conscious that they've all, in one way or another, incorporated it into their brand image. Translation: They advertise security or otherwise make it part of the message they present to customers and business partners. Look closely, though, and you'll find that these companies share a common goal: to create a sense of trust for their customersÑwhile being careful not to overpromise.

  The 12 Thefts Of Christmas
  8th, December, 2004

Of all the things you might want for Christmas this year, a clone is probably not one of them. But if statistics are true to form this holiday season, in the 12 days leading up to Christmas nearly quarter of a million Americans will lose something that Santa wonÕt be able to replace ? their identity.

  Who says safe computing must remain a pipe dream?
  9th, December, 2004

I am regularly asked what average Internet users can do to ensure their security. My first answer is usually "Nothing--you're screwed."

  What is policy enforcement, and why should we care?
  9th, December, 2004

Security administrators typically consider "authorization" in the context of user identities, which are verified via passwords or randomly generated codes or iris scans. Once identity has been validated, it's used to establish appropriate levels of access to computers, network resources and information. People with networking and Web server experience may go so far as to include certificates in their understanding of "authentication" and authorization, since IPsec and SSL/TLS both rely on certificates for validation of machine identities.
  Group Enlists Honey Pots to Catch IM Threats
  10th, December, 2004

IMlogic Inc. on Tuesday announced plans to use so-called honey pots, or vulnerable machines, to track malicious virus activity on instant messaging and peer-to-peer networks.

  Committee pushes for cybersecurity post
  6th, December, 2004

Members of the House Select Homeland Security Committee have recommended establishing a new assistant secretary position within the Homeland Security Department to better integrate and coordinate cybersecurity issues.

  Mobile phones the biggest target for hackers
  7th, December, 2004

Having managed to cripple PCs on more than one occasion over the last decade, viruses, worms and trojans are now heading for mobile phones. And while many experts worry they could be as malicious as their PC predecessors, some fear they could be a whole lot worse.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!