Linux Security Week: April 18th 2005
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Diffie: Infrastructure a disaster in the making," "From SATAN to OVAL: The Evolution of Vulnerability Assessment," and "Taking a swipe at two-factor authentication.

DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!

LINUX ADVISORY WATCH - This week packages were released for axel, gftp, wireless-tools, glibc, selinux-policy-targeted, kernel, autofs, GnomeVFS, phpMyAdmin, shorewall, gtk, shareutils, gdk-buf, kdegraphics, dhcp, and gaim. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE. Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  A federated crypto guy
  14th, April, 2005

WHEN budgets get tight, R&D is often one of the first departments to feel the squeeze. But at RSA Security, vice-president of research Burt Kaliski and his team are considered the heart and soul of the business. RSA puts about 18-20 per cent of its revenue into applied research and standards development at its research centre, RSA Laboratories.

  TuxJournal is online!
  11th, April, 2005

The first on-line Italian Magazine is on-line. All the Italian readers can find here a very good source of news and articles about the OpenSource and Technology World.
  And here's a key to combat hacking
  11th, April, 2005

As we rely more on computers, the potential for hackers to hurt us and destroy our personal records has grown. Corporates and public networks, instead of individuals face the brunt of hackers’ ingenuity. However, there are ways to build unhackable network.

  Using a Linux failover router
  13th, April, 2005

Today, it's hard to imagine an organization operating without taking advantage of the vast resources and opportunities that the Internet provides. The Internet's role has become so significant that no organization can afford to have its Net connection going down for too long. Consequently, most organizations have some form of a secondary or backup connection ready (such as a leased line) in case their primary Net connection fails.

  Diffie: Infrastructure a disaster in the making
  13th, April, 2005

In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe for one of today's most widely used security algorithms in a paper called "New Directions in Cryptography. The paper mapped out the Diffie-Hellman key exchange, a major advancement in Public Key Infrastructure (PKI) technology that allows for secure online transactions and is used in such popular protocols as the Secure Sockets Layer (SSL) and Secure Shell (SSH). In 2000, they received the prestigious Marconi Foundation award for their contributions.

  Network monitoring with Nagios
  14th, April, 2005

How can a system administrator monitor a large number of machines and services to proactively address problems before anyone else suffers from them?

The answer is Nagios.

Nagios is an open source network monitoring tool. It is free, powerful and flexible. It can be tricky to learn and implement, but can reduce enormously the amount of time required to keep track of how your organization's IT infrastructure is performing.

  From SATAN to OVAL: The Evolution of Vulnerability Assessment
  15th, April, 2005

With the growing reliance and dependence on our inter-connected world, security vulnerabilities are a real world issue requiring focus and attention. Security vulnerabilities are the path to security breaches and originate from many different areas - incorrectly configured systems, unchanged default passwords, product flaws, or missing security patches to name a few. The comprehensive and accurate identification and remediation of security vulnerabilities is a key requirement to mitigate security risk for enterprises.

  Developers Rate Linux More Secure Than Windows In Survey
  14th, April, 2005

A new study addressing security issues finds that software-development managers generally rate Linux as a more secure operating system than Windows. The study, which will be released by the end of the month, was conducted by BZ Research, the research subsidiary of publisher BZ Media LLC. It was not funded by any vendors.

  Breaking software easier than you think
  15th, April, 2005

One reason software security vulnerabilities are so tough to fix is because they are so hard to find. Unlike other bugs that become apparent when an application acts up, security holes tend to hide from normal view. And that's just how the hacker underground likes it.

  Fortinet in court for hiding Linux in its code
  15th, April, 2005

A German court has granted a preliminary injunction against security firm Fortinet for allegedly violating the general public licence (GPL) and hiding Linux in its code. The ruling could prevent the security appliance vendor from further distributing its products until it complies with the open source licence.

  Cisco: Malicious ICMP messages could cause denial of service
  15th, April, 2005

A publicly available document on how to use how the Internet Control Message Protocol (ICMP) to launch denial-of-service attacks has prompted Cisco Systems to issue an advisory outlining a variety of vulnerable products.

  Taking a swipe at two-factor authentication
  11th, April, 2005

An essay in an April trade magazine maintains two-factor authentication can't counter emerging threats, and that the industry would be wise to come up with a better solution to the nation's biggest cyberproblem: identity theft.

Most readers of Bruce Schneier's popular blog on security got a sneak preview last month when he posted the essay online under the heading "The Failure of Two-Factor Authentication." It led to a strong response from those who agree the solution has limited appeal and others who argue it works well when done right.

  HIPAA Compliance In 30 Days or Less
  12th, April, 2005

HIPAA. We are all sick of the acronym by now, and the April 20 compliance deadline for the Health Insurance Portability and Accountability Act is looming. At the state agency where I work, the information security officer (ISO), who is responsible for HIPAA security rule compliance, has spent the past seven months or so writing policies and procedures. He divided them into two groups: "required" (stuff we have to do) and "addressable" (stuff we'd better be thinking about doing).

  Strategic Security
  12th, April, 2005

Christofer Hoff is on a mission. As the director of information security at Western Corporate Federal Credit Union (WesCorp), Hoff has launched an initiative to quantify the benefits of information security spending for business executives at the San Dimas, Calif.-based company.

  Linux servers praised for security
  12th, April, 2005

Software development managers rate Linux significantly higher than Windows server products for security, according to the latest research.

Over 6000 software development managers were asked in a survey conducted by BZ Media to rate the security of server operating systems against hacks and exploits. Linux was rated as 'secure' or 'very secure' by 74 percent of respondents, while Microsoft Windows Server was given one of these ratingd by 38 percent of respondents. Thirteen percent of respondents rated Linux as insecure or very insecure, a figure that rose to 58 percent for Windows server products.

  The two-edged sword: Legal computer forensics and open source
  12th, April, 2005

Ryan Purita of Totally Connected Security is one of the leading computer forensic experts in private practice in Canada. He is a Certified Information Systems Security Professional, holding one of the most advanced security qualifications in the world. Working for both the prosecution and the defence in legal cases, Purita has also taught computer security to law enforcement agencies, probation officers and social workers, and is currently developing programs for the Justice Institute of British Columbia. Much of his daily work is an extension of a system administrator's activities. A good part of it involves the advanced use of open source tools, including several standard system tools. His work methods offer fresh perspectives on security, privacy issues and the relative merits of Windows and GNU/Linux -- to say nothing of a niche industry where open source is more than holding its own.

  First Spam Felony Case Nets 9-Year Jail Term
  11th, April, 2005

A Virginia judge sentenced a spammer to nine years in prison Friday in the nation's first felony prosecution for sending junk e-mail, though the sentence was postponed while the case is appealed.

  Universities To Aid U.S. Cybersecurity Effort
  12th, April, 2005

Experts from a consortium of colleges will lead a far-reaching effort to keep the nation's computer data safe from cyberattack, the National Science Foundation announced Monday.

The effort comes after a flurry of security breaches have dramatized the vulnerability of a society that increasingly entrusts its secrets to computers.

  Linux programmer wins legal victory
  14th, April, 2005

A Linux programmer reported a new victory in a German court Thursday in enforcing the General Public License, which governs countless projects in the free and open-source software realms.

A Munich district court on Tuesday issued a preliminary injunction barring Fortinet, a maker of multipurpose security devices, from distributing products that include a Linux component called "initrd" that Harald Welte helped write.

  LexisNexis Data on 310,000 People Feared Stolen
  12th, April, 2005

Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly 10 times the number found in a data breach announced last month.

An investigation by the firm's Anglo-Dutch parent Reed Elsevier determined that its databases had been fraudulently breached 59 times using stolen passwords, leading to the possible theft of personal information such as addresses and Social Security numbers.

  180,000 warned credit-card data exposed
  14th, April, 2005

Data apparently stolen from the popular clothing retailer Polo Ralph Lauren Inc. is forcing banks and credit card issuers to notify thousands of consumers that their credit-card information may have been exposed.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!