Linux Security Week: January 17th 2005
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Open-Source Tool Roots Out More Exploits," "Major penetration tool upgrade gets sysadmin hearts beating," and "How Security Exploits Threaten Government Infrastructures."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for php, ethereal, krb, kerberos, lintian, kdelibs, linpopup, bmv, exim, libc6, exim-tls, gopher, libtiff, gtk, selinux-policy-targeted, epiphany, kernel, yum, samba, cups, subversion, vim, samba, gdpdf, dillo, tikiwiki, pdftohelp, mpg123, imlib2, poppassed_pam, kde, nfs-utils, hylafax, fcron, lesstif, and unarj. The distributors include Contectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and TurboLinux. Feature Extras:

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

A 2005 Linux Security Resolution - Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide.

State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Patching takes over IT for a day
  10th, January, 2005

The engineers at vulnerability testing tool vendor nCircle Network Security spend US$100 per month at the coffee shop in the lobby of their office building in downtown San Francisco. But there is one day each month when a trip to the cafe is more urgent than at any other time: Patch Tuesday.

  Open-Source Tool Roots Out More Exploits
  13th, January, 2005

A group of security volunteers on Tuesday released a new version of an advanced open-source framework for developing, testing and using exploits.

  Not Dead Yet: NT Gets Patches Even Though Support's Over
  13th, January, 2005

Although Microsoft has repeatedly warned users of Windows NT that security fixes would cease and desist as of Jan. 1, 2005, January's regularly-scheduled patches actually included one for the obsolete and retired operating system.

  Vital Files Exposed In GMU Hacking
  13th, January, 2005

A computer hacker apparently broke into a George Mason University database containing student and employee Social Security numbers, leaving 32,000 people uncertain whether their finances or identities might be compromised.

  Major penetration tool upgrade gets sysadmin hearts beating
  14th, January, 2005

A major update to highly regarded open-source penetration testing tool Metasploit Framework (MSF) has been released by its volunteer developers. MSF is designed to exploit dozens of security holes with just a few clicks.

  It's Patch Time For Linux Distros
  14th, January, 2005

Linux vendors have patched a flurry of flaws uncovered in multiple distros by independent security firms.

  Letting The Telecommuters Into The Network
  10th, January, 2005

Locking down the network and patrolling the perimeter is a never-ending job. Still, it feels good to get through another shift on the Forbidden Planet without an invisible force penetrating your shield and setting off alarms. But there's a change: now, other humans want to work from their home worlds -- but by mind alone, over the computer screen. It's up to you to create for them a safe passage (one that won't have Robby the Robot all stirred up and carrying Anne Francis around like a rag doll) and to make sure the Krell don't come sneaking in, under the fence, behind the newcomers.

  VOIP Security Gets Extreme
  11th, January, 2005

With the launch of its Aspen 8800 enterprise LAN switches, Extreme Networks Inc. is challenging network designers to rethink the way they build systems to deal with voice traffic and growing internal security threats.

  How To Keep Spyware Off Your Enterprise Network
  11th, January, 2005

Spyware is challenging spam and viruses for the top spot on IT worry lists. Spyware poses considerable threats and risks to enterprise networks and remediation and countermeasures are now being regarded as critical to network security.

  Cyberterrorism could devastate U.S. economy
  12th, January, 2005

Don't say we didn't warn you: At some point in the next decade, there will be a "devastating attack" on the Internet or power grid.

  Hacker Takes Seven-Month Spree On T-Mobile Network
  13th, January, 2005

A hacker broke into a wireless carrier's network over at least seven months and read e-mails and personal computer files of hundreds of customers, including the Secret Service agent investigating the hacker, the government said Wednesday.

  The Perils of Deep Packet Inspection
  14th, January, 2005

This paper looks at the evolution of firewall technology towards Deep Packet Inspection, and then discusses some of the security issues with this evolving technology.

  Sophos to Join 2005 Southern California Linux Expo
  12th, January, 2005

The Southern California Linux expo has announced that Sophos has signed on as one of the latest sponsors of SCALE 3x, the Third Annual Southern California Linux Expo. SCALE 3x has been called " .. one of the few good grass-root level technical conferences for Linux" by Linux Kernel Developer Robert Love.

  Linux Netwosix Virtual Community is born!
  9th, January, 2005

Finally the first Linux Netwosix Virtual Community is born.

  Firefox: The ultimate test for open source?
  10th, January, 2005

The adoption of the Mozilla Foundation's browser by millions of non-technical users could be the biggest test yet of open source development.

  VMware Introducing Secure Desktop Provisioning For Remote Workers
  10th, January, 2005

A new product from VMware stands to parlay its profitable virtualization technology into the growing enterprise desktop management and security space.

  PIKT 1.18.0 for Linux released
  11th, January, 2005

PIKT, Problem Informant/Killer Tool, v1.18.0 has been released. PIKT is a cross-categorical, multi-purpose toolkit to monitor and configure computer systems, organize system security, format documents, assist command-line work, and perform other common systems administration tasks.

  Guardian Digital Launches New Edition of Award-Winning EnGarde Secure Linux Distribution
  12th, January, 2005

Guardian Digital, Inc., the worldÕs premier provider of open source security solutions, today announced the expansion of its product portfolio with the launch of EnGarde Secure Linux: Basic Edition, a low-cost alternative to the award-winning EnGarde Secure Linux operating platform. Responding to the economic and network security requirements of individuals and small business users, EnGarde Basic is a flexible platform upon which users can build a comprehensive Internet infrastructure including features that provide leading-edge security, ease of management and standard Internet functions.

  BitDefender ups Linux AV offering
  14th, January, 2005

BitDefender has unveiled three new products for its 1.6.1 generation of BitDefender for Linux mail servers, in a bid to bolster its offering for the Linux community.

  Spammers' New Tactic Upends DNS
  10th, January, 2005

Although some ISPs and legislators are crediting the year-old CAN-SPAM Act and better technology for recent gains in the war on spam, many in the industry say the advances are forcing spammers to employ new tactics, which are destabilizing the Internet's crucial DNS.

  New Windows boxes under heavy fire, Linux largely untouched
  10th, January, 2005

There will be more new Windows computers booting up than those running Linux after the most recent season of giving. But there's no safety in numbers; recent analysis and expert opinion indicates the Microsoft machines will be quickly and heavily targeted by attackers, while Linux computers are largely left alone.

  Say 'No' to Bad Code
  11th, January, 2005

Opinion: Clean software at the start will save time and moneyÑnot to mention customersÑdown the road.

  Torvalds Criticizes Security Approaches
  14th, January, 2005

Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers. And it wasn't all good.

  2005 Off to an Insecure Start
  14th, January, 2005

Opinion: The development cycle of vulnerability definition, exploit programming and attack deployment is moving at full speed. The prospects for a 2005 full of grief for users and IT are excellent.

  Linux in Government: How Security Exploits Threaten Government Infrastructures
  10th, January, 2005

The Linux in Government series has taken a new format for 2005. This year's articles will provide fundamental information to government technologists about Linux and open-source software. Although we will continue to inform you about agencies and projects specifically using open-source solutions, we also are going to provide information about open-source resources available to governments.

  Homeland Security Offers Online Tool To Assess Stadium Security
  11th, January, 2005

Fashioned after online self-assessment tools used by authorities to assess vulnerabilities at airports, the Department of Homeland Security on Friday unveiled software it developed to let officials identify vulnerabilities and assess the security at stadiums with large seating capacity.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!