Linux Security Week: January 10th 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Authentication: The Power of Who," "SSH Port Forwarding," and "802.11i Strengthens Wi-Fi Security."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for mplayer, samba, wxgtk, cups, htmlheadline, nasm, zip, pcal, tiff, namazu, imlib2, selinux, tetex, pcmcia, kernel, mysql, gpdf, hotplug, linpopup, firefox, shoutcast, mit-kbr5, xine, phpgroupware, xzgv, vilistextum, vim, mc, and fam. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, and Red Hat.

LinuxSecurity.com Features:

A 2005 Linux Security Resolution - Without a mission and plan, very little gets accomplished. The new year should not only be a time to set personal goals such as an exercise regiment, but also a time to focus on security practices and configurations. 2005 will be hostile, now is the time to prepare.

State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education
continues to rise.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Report: Big boost for blogs in 2004
  4th, January, 2005

The number of blogs and the use of blog readers rose rapidly last year--but a majority of Americans still do not know what a blog is. A report by the Pew Internet and American Life Project, called the "State of Blogging," discovered that readership of Web blogs--essentially, Web-based diaries--spiked 58 percent last year, with 27 percent of Internet users, or 32 million people, saying that they read blogs. Twelve percent of people who read blogs also chose to post comments on them.

http://www.linuxsecurity.com/content/view/117748
 
  Internet Mobilizes To Aid Tsunami Victims
  4th, January, 2005

From bloggers to multi-billion-dollar tech vendors, the Internet community gave its money and resources to help victims of the Asian tsunamis. Here's a roundup of our stories on the subject, including moving reports from a blogger who described the toll via cell-phone text messaging, and other bloggers who wrote what they saw from the scene of the carnage.

http://www.linuxsecurity.com/content/view/117749
 
  Securing your workstation with Firestarter
  5th, January, 2005

Firestarter is a GPL-licensed graphical firewall configuration program for iptables, the powerful firewall included in Linux kernels 2.4 and 2.6. Firestarter supports network address translation for sharing an Internet connection among multiple computers, and port forwarding for redirecting traffic to an internal workstation. Firestarter's clean and easy to use graphical user interface takes the time out of setting up a custom firewall.

http://www.linuxsecurity.com/content/view/117766
 
  New Netcraft Toolbar Blocks Phishing, Analyzes Web Sites
  4th, January, 2005

Review: Protect yourself from fraudulent sites by having as much information as possible about them. The Netcraft Toolbar makes that information convenient. A new, free browser add-in from English Internet services firm Netcraft Ltd. fights phishing attacks and helps users investigate sites they visit.eWEEK.com tested the new tool bar, available initially only for Internet Explorer on Windows 2000 and Windows XP, and liked what we saw. All but one phishing link we visited was interrupted by a popup from the tool bar (click here to see a sample) and we used the built-in link to report the one site that the tool bar didn't block.

http://www.linuxsecurity.com/content/view/117746
 
  PC Desktop Anti-Virus Programs Tested
  5th, January, 2005

We've tested eleven popular anti-virus programs and come to some interesting conclusions. This is not strictly a Linux article, but if you run any Windows desktops on your network you should find this interesting.

http://www.linuxsecurity.com/content/view/117776

 
  Mozilla and Firefox Vulnerabilities Identified
  6th, January, 2005

Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.

http://www.linuxsecurity.com/content/view/117799

 
  What's The Difference Between Spyware And Viruses?
  7th, January, 2005

The differences are indeed subtle. Both are malicious software (malware): uninvited, intrusive, and potentially destructive.

http://www.linuxsecurity.com/content/view/117817

 
  High-Risk Flaws Flagged in IE, Mozilla
  7th, January, 2005

Security researchers have raised the alarm for a series of unrelated, high-risk vulnerabilities in Microsoft Corp.'s Internet Explorer and the open-source Mozilla browsers.

http://www.linuxsecurity.com/content/view/117824

 
  Year in review: Networking gets secure
  4th, January, 2005

Juniper Networks got the ball rolling in February with the $4 billion acquisition of NetScreen Technologies, which specialized in virtual private network and firewall technology. In July, Microsoft and Cisco Systems began butting heads on security. Each announced plans to develop a comprehensive security architecture that would not only scan for viruses but also police networks to deny connections to machines that don't conform with security policies.

http://www.linuxsecurity.com/content/view/117747
 
  Authentication >> The Power of Who
  4th, January, 2005

As colleges and universities continue to sharpen identity management applications, next-generation technologies are closer than ever before.

http://www.linuxsecurity.com/content/view/117755

 
  SSH Port Forwarding
  6th, January, 2005

SSH is typically used for logging into remote servers so you have shell access to do maintenance, read your email, restart services, or whatever administration you require. SSH also offers some other native services, such as file copy (using scp and sftp) and remote command execution (using ssh with a command on the command line after the hostname).

http://www.linuxsecurity.com/content/view/117782

 
  Linux Netwosix Virtual Community is born!
  9th, January, 2005

Finally the first Linux Netwosix Virtual Community is born.

http://www.linuxsecurity.com/content/view/117825
 
  Linux and Open Source: The 2005 Generation
  3rd, January, 2005

Sometimes people don't know when a revolution has happened until afterwards. Then, the historians tell us that 2004 was the year that open source started to become computing's mainstream.

http://www.linuxsecurity.com/content/view/117740

 
  Security challenges spread to multiple fronts and IT jobs will rebound in 2005
  3rd, January, 2005

In my last column, I reviewed the top security developments of 2004. Now I'm going to extrapolate on the trends that I see affecting IT security in 2005, both here and abroad.

http://www.linuxsecurity.com/content/view/117741

 
  2004: Year of the Cyber-Crime Pandemic
  3rd, January, 2005

Internet crime and security have gotten a lot more complicated in the past year, with phishing and spyware constantly taking on new forms.

http://www.linuxsecurity.com/content/view/117745

 
  2004: On the road to prevention
  4th, January, 2005

Even though it happened late in the year, 2004 will probably be remembered as the year that Microsoft Corp.'s Internet Explorer slipped.

http://www.linuxsecurity.com/content/view/117754

 
  Shun Linux and kiss your job security good-bye, part 1
  4th, January, 2005

IT managers who think that their Microsoft certifications give them all the tenure they need are in for a rude awakening. In fact, says author Robin Miller, their pink slips are only a point-and-click away.

http://www.linuxsecurity.com/content/view/117758

 
  Packaged Security Software: An Alternative To Expensive Consultants
  5th, January, 2005

Security consultancies will tell you that the explosive growth of system vulnerabilities and the risks of not complying with regulatory requirements, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA), require network architects to purchase vulnerability assessment (VA) consulting. We say, "Why bother?" Packaged VA solutions provide an affordable basis for systematic, repeatable methodologies that demonstrate compliance if used correctly (see "VA Deployment Tips" on page 49). The packaged VA solution architectures carry a common theme: They have matured to the point where inexperienced administrators can perform the sorts of security scans and analysis that were once the domain of hardcore security engineers.

http://www.linuxsecurity.com/content/view/117764
 
  Beyond Passport Vulnerabilities
  6th, January, 2005

Little more than a year ago, a company that I'm involved with found a serious flaw with Microsoft Passport.

http://www.linuxsecurity.com/content/view/117796

 
  From Russia with malice
  6th, January, 2005

Virus writing is no longer the exclusive domain of teenage geeks designing malicious code in their bedroom.

http://www.linuxsecurity.com/content/view/117797

 
  What you measure is what you get
  6th, January, 2005

Chief information officers (CIOs) have developed reliable performance measures for most aspects of their job. For example, anyone who has worked on a help desk or managed a network knows that there are specific performance expectations related to response time, cost per unit, and efficiency. These performance metrics are quantifiable, relate to actual dollars and cents, and correlate to enterprise objectives of situational awareness and continual performance improvement. But information security presents a more complex measurement challenge.

http://www.linuxsecurity.com/content/view/117800

 
  Linux comes down with security flu
  7th, January, 2005

Linux vendors are issuing patches for several serious bugs affecting an imaging component, a pdf viewer, two widely used media players and the Shoutcast audio server.

http://www.linuxsecurity.com/content/view/117816

 
  New WINS Exploits Making Rounds
  5th, January, 2005

Almost a month after Microsoft released a fix for a security issue in the WINS (Windows Internet Name Service) name server, malicious exploits continue to haunt tardy network administrators. According to an alert from the SANS ISC (Internet Storm Center), there has been a startling increase in hacker probes directed at TCP port 42 and UDP 42, which handle WINS services. "If you have not patched your WINS servers in respective companies or campuses, beware. Patching these systems is now overdue," the center warned.

http://www.linuxsecurity.com/content/view/117762
 
  Hackers Sniffing For Vulnerable Microsoft Servers
  5th, January, 2005

A vulnerability within Microsoft's WINS (Windows Internet Naming Service), a component of popular server software such as Windows Server 2003, has been heavily exploited since the last day of 2004, several security organizations reported Tuesday.


http://www.linuxsecurity.com/content/view/117765

 
  IE flaw threat hits the roof
  9th, January, 2005

Three unpatched flaws in Internet Explorer now pose a higher danger, a security company warned, after code to exploit one of the issues was published to the Internet. Secunia said Friday that it had raised its rating of the vulnerabilities in Microsoft's browser to "extremely critical," its highest rating. The flaws, which affect IE 6, could enable attackers to place and execute programs such as spyware and pornography dialers on victims' computers without their knowledge, said Thomas Kristensen, Secunia's chief technology officer.

{mos_sb_discuss:27}

http://www.linuxsecurity.com/content/view/117826
 
  United States Air Force Enforces Mobile Security Using Senforce
  4th, January, 2005

DRAPER, Utah --(Business Wire)-- Jan. 4, 2005 Disables Wireless When Users Are Connected to the Wired Network, Keeping Intruders Out

http://www.linuxsecurity.com/content/view/117759

 
  802.11i Strengthens Wi-Fi Security
  5th, January, 2005

With the recent ratification of 802.11i, and the certification and availability of products enabled for the wireless security specification, the time seems right for enterprises to feel safe in adopting wireless networking en masse. However, eWEEK Labs has found that issues ranging from incompatible legacy hardware to uneven migration strategies may slow adoption of 802.11i technology. To be sure, 802.11i is a huge step forwardÑit's the first standardized wireless security solution with which government and businesses can be comfortable.

http://www.linuxsecurity.com/content/view/117763
 
  Bluetooth viruses pose growing threat
  6th, January, 2005

There will also be a change in the way that viruses are spread, they say, with an increase in the number of viruses that spread wirelessly between devices, including viruses that can exploit the wireless capabilities of laptops.

http://www.linuxsecurity.com/content/view/117795

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!