Linux Security Week: January 24th 2005
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Linux Vulnerabilities Creep Toward the Desktop," "Unpatched Linux Systems Last Longer than Windows," and "Router Protection is Necessary in 2005."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for twiki, xine, libtiff, mc, gatos, playmidi, chbg, cups, imagemagick, mysql, xpdf, xtrlock, mysql, sword, squid, gimp, dovecot, dhcp, bind, vixie-cron, sysklogd, alsa-lib, grep, kernel-utils, ethereal, mpg123, playmidi, and krb5. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux. Feature Extras:

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

A 2005 Linux Security Resolution - Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide.

State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Linux Vulnerabilities Creep Toward the Desktop
  17th, January, 2005

As Linux increasingly hits the enterprise Relevant and consumer mainstream, a growing number of security threats are emerging which prey on holes in applications and files managed by desktop users.

  Honeypot Project: Unpatched Linux Systems Last Longer than Windows
  19th, January, 2005

The Honeypot Project has added fuel to the debate over which is more secureÑLinux or WindowsÑwith findings that unpatched Linux systems can be on the Internet for months before being successfully attacked while Windows systems have been compromised in as little as hours.

  Oracle Patch Fixes 23 'Critical' Vulnerabilities
  20th, January, 2005

Oracle Corp. late Tuesday issued a "critical patch update" to address 23 security holes in its database and application server products.

  Security Firm Uncovers Flaws in Mac OS X's Darwin
  20th, January, 2005

Security company Immunity says it has found several vulnerabilities in Darwin, the implementation of Unix that underlies Apple Computer Inc.'s Mac OS X operating system.

  VoIP Is Scary
  18th, January, 2005

Imagine that you deliver an application with 100%, instant-on availability. Security is rock-solid. Costs are dropping. Users never complain. And anytime you upgrade, even if you buy software and gear with new features from a different vendor, user acceptance is always immediate and training virtually nil.

  Review: Intrusion-Protection Systems
  20th, January, 2005

Detecting network intrusions is no longer enough. Smart organizations aim to prevent them. No wonder: The lag between vulnerability announcement, patch release and exploit is shrinking like a cheap trade-show T-shirt. The Blaster attack came only 25 days after the patch was released, and Sasser was even faster--18 days. In March, the Witty worm struck a buffer-overflow vulnerability one day after the flaw was discovered.

  Notes From Security School
  18th, January, 2005

The underground world of the computer hacker may seem like a place where chaos rules, but the reality is there's a method to the hacker's perceived madness. And understanding that method is critical to knowing how best to respond to a skilled attacker.

  Router Protection is Necessary in 2005
  21st, January, 2005

How safe is the router? Not too safe. From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network, says Dan Jackson, president and COO of DeepNines Technologies, the only company capable of protecting networks from in front of the router.

  Linux fights off hackers
  17th, January, 2005

Linux systems are getting tougher for hackers to crack, security experts have reported today.

  Automated Tools Fight Security Wars
  18th, January, 2005

Last year, a computer worm that conducts automated reconnaissance appeared; it uses the Google Inc. search engine to automatically find Web sites running vulnerable bulletin-board software and then defaces them. The financial-services industry noticed a spike last fall in phishing attempts to steal money from customers' accounts and put the blame on a new toolkit that made it easier to set up such scams.

  Linux servers safer than ever
  20th, January, 2005

Attackers are no longer bothering to attack average Linux systems, because there's so much more money to be made from invading Windows, according to security researchers.

  FBI retires its Carnivore
  17th, January, 2005

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday.

  US slaps on the wardriver-busting paint
  17th, January, 2005

Security-minded US decorators' supply outfit Force Field Wireless claims to have developed a DIY solution to the international menace of marauding geek wardrivers - DefendAir paint "laced with copper and aluminum fibers that form an electromagnetic shield, blocking most radio waves and protecting wireless networks".

  Build a wireless network sniffer
  18th, January, 2005

This article reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. You will learn how to build a lightweight wireless sniffer that runs on open source software and, see how simple it is to interact with wireless networks.

  'Evil Twin' Haunts Wi-Fi Users
  20th, January, 2005

An IT security expert, an academic and the U.K. government's cybercrime unit will give Londoners an introduction to the security dangers of wireless networking on ThursdayÑwith the star of the show being an attack method dubbed the "Evil Twin."

  Wi-Fi Boom Makes Life Easier for Computer Hackers
  20th, January, 2005

Wireless networks giving computer users Internet access from anywhere in the home could expose them to eavesdropping, and programmers should make their security software easier to use, researchers say.

  Securing Your Starbucks Experience
  21st, January, 2005

The original plan for this column was to write it at my neighborhood Starbucks while sipping down some good old French Roast and getting my blood caffeine level into the quadruple digits. Alas, it was not to be. My T-Mobile account seems to have expired; the Washington, DC, area was clobbered by a massive 3-inch snowfall, making travel impossible; and worst of all, Starbucks has all those high-carb goodies there at the coffee counter. I couldn't take the risk.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!