Linux Security Week: May 23rd 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Security and the Linux process," "Security's shortcoming: Too many machines, Not enough training," and "Towards proactive security."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for kde, phpsysinfo, fonts-xorg, gaim, phpBB, mozilla suite, PostgreSQL, FreeRADIUS, ncpfs, kdelibs, cyrus-imapd, rsh, glibc, ia32el, and the Red Hat kernel. The distributors include Conectiva, Debian, Fedora, Gentoo, and Red Hat.

LinuxSecurity.com Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  SSH hole putting big business at risk
  17th, May, 2005

Secure business networks are at risk thanks to a vulnerability in a fundamental protocol, according to security researchers at the Massachusetts Institute of Technology (MIT). Researchers have highlighted the increasing danger of attacks exploiting weaknesses in SSH (Secure Shell), and warned that such attacks are likely to be automated in the near future.

http://www.linuxsecurity.com/content/view/119125
 
  KDE users have to patch twice
  20th, May, 2005

Linux and Unix users of KDE who lovingly patched their systems last month to avoid a major security glitch will have to go through the whole process again, it has transpired.

http://www.linuxsecurity.com/content/view/119157
 
  Computer Crime Forensics Get A Boost
  19th, May, 2005

Chatsworth CA-based Intelligent Computer Solutions introduces a new portable high-speed hard drive duplicator. Called the Image MASSter Solo 3 Forensic, the device can duplicate hard drives as speeds of up to 3GB per minute. The IDE and SATA unit can seize SCSI drive information, and will work through FireWire and USB ports. The IMS Solo 3 has multiple ports available to capture information from other media devices.

http://www.linuxsecurity.com/content/view/119148
 
  Security query over Intel hyperthreading
  17th, May, 2005

Intel's hyperthreading technology could allow a hacker to steal security keys from a compromised server using a sophisticated timing attack, a researcher has warned. Hyperthreading allows software to take advantage of unused execution units in a processor. It essentially allows two separate processes, or software threads, to execute on a single processor at the same time, improving performance.

http://www.linuxsecurity.com/content/view/119124
 
  Security and the Linux process
  19th, May, 2005

In his latest entry, Dana asks whether the Linux process is insecure, because it’s not possible to warn the "vendor" before warning the general public about security flaws in Linux. He also notes that "Microsoft has theoretical control of this situation." There are several problems with this line of reasoning. I’m not going to argue that the open source model of development is perfect, but it offers several advantages over the proprietary model. Let’s start with the most obvious.

http://www.linuxsecurity.com/content/view/119149
 
  Microsoft to buy Red Hat? Say it ain’t so
  16th, May, 2005

In Paris, Ontario, there’s a large plaza sign advertising both The Paris Sleep Laboratory and the Canadian Post Office. The synergy there, of course, should be obvious –at least from the point of view of the humorist. Recent revivals of the idea that Microsoft might want to take over Red Hat have a similar quality to them.

http://www.linuxsecurity.com/content/view/119121
 
  IBM bundle service seeks to protect smaller businesses
  16th, May, 2005

IBM is looking to make it easier for smaller businesses to protect themselves against spam and viruses that make their way onto the network through e-mail.

The Armonk, N.Y., company last week rolled out an Express configuration for its eServer OpenPower 710 system bundled with e-mail security software from a third-party vendor, Message Partners. In addition, IBM is offering a service to small and midsize businesses in which IBM and its partners will manage SMBs' e-mail security.

http://www.linuxsecurity.com/content/view/119122
 
  Security needs bring redundant systems back in style
  17th, May, 2005

Whether you're considering a multifunction appliance, a broad suite of software or a combination of both to secure your Windows infrastructure, security consultants say there is one key principal to keep in mind: Don't rely on a single vendor for everything.

The issue comes to the fore as more market-leading vendors introduce devices that offer a simple way to ward off all types of security breaches with a single device.

http://www.linuxsecurity.com/content/view/119127
 
  Security’s weakest links
  17th, May, 2005

Not a month has gone by in 2005 without a far-reaching computer security breach making the nightly news hour. Headliners compelled to walk the plank of shame include Bank of America — the nation’s second-largest bank — Ameritrade, Polo Ralph Lauren, and LexisNexis.

http://www.linuxsecurity.com/content/view/119128
 
  Before You Fire the Company Geek...
  17th, May, 2005

If you notice a fellow employee suddenly freaking out or acting really suspicious, he may be having personal problems -- or he may be in the process of hacking the company. So says a new study on "insider threats" released Monday by the U.S. Secret Service and the Carnegie Mellon Software Engineering Institute's CERT.

http://www.linuxsecurity.com/content/view/119133
 
  The Propaganda War
  18th, May, 2005

Linux has gradually become the standard OS on the server and is probably destined to become the desktop standard too. It might seem premature to say this, because the statistics from IDC and other market analysts indicate that Linux hasn't overtaken Windows on the server yet and it does not even have a significant share of the desktop market. Nevertheless, the contest is almost over. The tide is running in Linux's favour. It will take its time to come in, but it will not be stopped.

http://www.linuxsecurity.com/content/view/119136
 
  UK IT bosses confused about governance
  18th, May, 2005

IT heads in the UK are convinced that better IT governance will impress senior management, but few of them have the money to invest in better systems. Research from the Economist Intelligence Unit, commissioned by Mercury Interactive, showed that chief information officers around the world think that better IT governance will restore management's faith in IT, with 70 per cent of UK CIOs stating that better IT governance would lead to more accurate financial reporting.

http://www.linuxsecurity.com/content/view/119137
 
  Security's shortcoming: Too many machines, not enough training
  18th, May, 2005

Companies can spend all they want on antivirus, intrusion prevention systems and all-in-one appliances. These tools will do nothing for enterprises that ignore the human side of security, said Tara Manzow, product manager for the workforce development group at the Computing Technology Industry Association [CompTIA].

"Security has to be everyone's concern, right down to the person who fills the mailboxes," Manzow said. "You have to educate anyone in the enterprise that touches a PC."

http://www.linuxsecurity.com/content/view/119138
 
  Criminal IT: Why insecurity is implicit in computing
  18th, May, 2005

Some statements are undoubtedly true; I am an adult male. Others undoubtedly false; I can breathe underwater. And some of them need more information; I live in a house with a green-tiled bathroom. You can visit my house, you can ask my family; it is decidable, provided that you can get some more information.

http://www.linuxsecurity.com/content/view/119139
 
  Towards proactive security
  18th, May, 2005

To businesses, security is still not equal to paying your electric bill. It is a nuisance, a distraction, a resource drain, and it is expensive. However, when that worm hits, when that hacker attacks, then blame is quick to be assigned. What most organisations do not yet understand is that improving security is not all about buying the latest and greatest products. It is about changing the corporate culture to make security a realistic priority, and to understand that the upfront investment in security resources and processes will be far less costly than the reactionary efforts after an attack.

http://www.linuxsecurity.com/content/view/119147
 
  Keeping kids from succumbing to 'the dark side'
  19th, May, 2005

Edward Ajaeb got his first taste of steganography in sixth grade, when he set up a Web site for his teacher's husband to showcase his master's thesis on the subject. By then the Utica, N.Y., youth had designed Web sites for a couple of years, a side business he'd developed in the fourth grade.

http://www.linuxsecurity.com/content/view/119150
 
  Know your Enemy: Phishing
  19th, May, 2005

This KYE white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. This paper focuses on real world incidents that the Honeynet Project has observed in the wild, but does not cover all possible phishing methods or techniques. Attackers are constantly innovating and advancing, and there are likely to be new phishing techniques already under development or in use today.

http://www.linuxsecurity.com/content/view/119154
 
  Hack attack danger soars in 2005
  20th, May, 2005

Security experts have warned of a substantial rise in the number and complexity of hacking attacks during the first half of 2005.

According to research commissioned by carrier AT&T, the volume of traditional email attachment viruses has fallen, but the speed at which new variants are appearing is increasing.

http://www.linuxsecurity.com/content/view/119163
 
  VeriSign to put more backbone into the Net
  20th, May, 2005

VeriSign plans to significantly increase the number of DNS servers it operates, a move that it says will make a key part of the Internet's infrastructure more resilient to cyberattacks.

Over the next year, VeriSign aims to place additional replicas of one of its Domain Name System root servers--the "J"--in up to 100 data centers around the world, Aristotle Balogh, VeriSign's senior vice president of operations and infrastructure, said in an interview with CNET News.com on Thursday. The company runs two of the DNS root servers--the "A" is the other--that form an essential part of the Internet's naming system.

http://www.linuxsecurity.com/content/view/119162
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!