This week, perhaps the most interesting articles include "A
Gentle Introduction To Cryptography," "The
Potential for an SSH Worm," and "Taking
the guesswork out of information security.
Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
LINUX ADVISORY WATCH - This week, advisories were released for squid, smail, XFree86, lapack, system-config-bind, gnutls, util-linux, libexif, ethereal, postgresql, gaim, pygtk, GnuTLS, gzip, TCPDump, libTIFF, HT, and openmotif. The distributors include Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| A Gentle Introduction To Cryptography | ||
|
12th, May, 2005
Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. This action of mixing the molecules of the egg is encryption. Since the molecules are mixed-up, we say the egg has achieved a higher state of entropy (state of randomness). To return the scrambled egg to its original form (including uncracking the shell) is decryption. Impossible? |
||
| The Web Security Mailing List | ||
|
9th, May, 2005
The Web Application Security Consortium (WASC) is proud to present 'The Web Security Mailing List'. What is The Web Security Mailing List? The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry news and technical discussions surrounding web applications, proxies, honeypots, new attack types, methodologies, application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and others. |
||
| European security appliance sales soar | ||
12th, May, 2005
Demand for security appliances is going through the roof, with western European sales of the devices predicted to reach over $1.4bn in 2009, up from around $625m in 2004. |
||
| Think before deploying Security-Enhanced Linux in RHEL 4 | ||
9th, May, 2005
One of the most exciting new features in RHEL v.4 is the implementation of Security-Enhanced Linux (SELinux). In this tip, we'll look at how you can use it to beef up system security. |
||
| OS makers: Security is job No. 1 | ||
|
11th, May, 2005
That's the attitude of operating system makers, who aren't just focusing on features such as snazzy graphics and better networking tools when revamping products. Now they're also providing sturdier defenses. |
||
| The Potential for an SSH Worm | ||
|
11th, May, 2005
SSH, or secure shell, is the standard protocol for remotely accessing UNIX systems. It's used everywhere: universities, laboratories, and corporations (particularly in data-intensive back office services). Thanks to SSH, administrators can stack hundreds of computers close together into air-conditioned rooms and administer them from the comfort of their desks. |
||
| Hyper-Threading Considered Harmful | ||
|
13th, May, 2005
Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected. |
||
| School Studies Effects of Internet Attacks | ||
|
9th, May, 2005
A new test laboratory at Iowa State University will allow researchers to study how computer networks respond to massive Internet attacks and could lead to breakthroughs in computer defenses and forensics, said a researcher behind the project. |
||
| High-severity vulnerability in IPsec | ||
|
10th, May, 2005
Attackers could exploit a major flaw in the Internet Protocol Security [IPsec] framework to obtain the plaintext version of IPsec-protected communications "using only moderate effort," the British-based National Infrastructure Security Co-Ordination Centre [NISCC] warned in an advisory. |
||
| DDoS: don’t get stuck in denial | ||
|
13th, May, 2005
Companies have long realised the great business opportunities that the Internet offers and it’s no secret that organisations are shifting more and more of their business processes online. While this move brings many advantages with it, such as widening customer reach and reducing overheads, the emergence of organised crime in the online world means that business needs to be sharper than ever when it comes to security. |
||
| Security players shoot an all-in-one | ||
11th, May, 2005
Juniper Networks, Cisco Systems and 3Com's TippingPoint division are integrating a trifecta of security features into all-in-one appliances that give partners new ways to help cut the cost and complexity of security solutions. |
||
| Novell snaps up Linux security company | ||
10th, May, 2005
Linux vendor Novell Inc. has acquired Immunix Inc., a security software vendor in Portland, Ore. The 15-person company was bought last week, but terms of the deal aren't being released, according to Novell. |
||
| What is Cisco doing with Linux? | ||
|
12th, May, 2005
While networking giant Cisco has advantages most competitors don't - dominant market share, a multi-billion-dollar R&D budget, thousands of engineers - the vendor is also taking advantage and making the most of resources that are open to everyone: Linux and open source software. |
||
| Serious Firefox, Mozilla vulnerabilities surface | ||
|
10th, May, 2005
Recently discovered "zero-day" exploit code that takes advantage of two vulnerabilities could mean serious trouble for Mozilla Firefox 1.0.3 users, and, to a lesser extent, Mozilla Suite users. Yesterday, Mozilla.org issued an advisory explaining the vulnerabilities and what measures to take to work around them. |
||
| Messaging security pros get back to basics | ||
|
11th, May, 2005
Gone are the days when viruses were the number one concern of messaging administrators. Administrators and vendors say the the new focus in the messaging security game deals with patching holes in the infrastructure, identity management, and good old fashioned password maintenance. |
||
| Taking the guesswork out of information security | ||
13th, May, 2005
Network security practitioners need to base their technology and policy decisions less on what attacks are possible and more on which are probable, according to the chief scientist for Resonance Networks. |
||
| Alliance Asks Congress To Consider VoIP Vulnerabilities In Updated Telecom Act | ||
|
11th, May, 2005
The Cyber Security Industry Alliance (CSIA) has called on Congress to include security recommendations related to securing voice over IP (VoIP) technologies as it reviews the 1996 Telecommunications Act. |
||
| Exploit code chases two Firefox flaws | ||
9th, May, 2005
Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them. |
||
| Internet Attack Called Broad and Long Lasting by Investigators | ||
10th, May, 2005
The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. |
||
| Cisco Confirms Arrest In Theft Of Its Code | ||
12th, May, 2005
Cisco Systems issued a statement Monday confirming that police in Sweden have arrested a suspect in connection with the theft of its networking equipment source code last year. |
||
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!