Linux Security Week: July 4th 2005
Source: Contribtors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Linux to the rescue: A review of three system rescue CDs," "We Don't Need the GPL Anymore," and "Senators propose sweeping data-security bill."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for crip, Network Manager, HelixPlayer, gedit, gzip, selinux, gnome, openssh, libwpd, openoffice, openssh, binutils, totem, rgmanager, magma-plugins, iddev, fence, dlm, cman, css, GFS, mod_perl, Heimdal, and sudo. The distributors include Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  ActiveState Releases ActivePerl, ActivePython & ActiveTcl for Sun's Solaris 10
  28th, June, 2005

ActiveState, a leading provider of developer tools and services for dynamic languages, today announced the release of ActiveState's ActivePerl, ActivePython, and ActiveTcl language distributions for Sun's Solaris 10 Operating System (OS) for SPARC, x86 and x64 systems. The release underlines ActiveState's commitment to providing developers with up-to-date scripting languages on Sun Solaris 10.
  Linux to the rescue: A review of three system rescue CDs
  30th, June, 2005

We've all had this nightmare. You turn on your functioning Windows/Linux PC, and all you get is a blank screen, or a message telling you that certain files are missing, or the kernel has panicked for some obscure reason. Nothing works, and you need the data on your machine. Yes, now's the time to whip out that trusty backup disk, and heave a sigh of relief that all the important stuff is backed up, right? Well, think again.
  What is the Best Firewall for Servers?
  28th, June, 2005

I maintain a bunch of servers at our labs in the university. Of late, the number of attacks on the computers has been more noticeable. The university provides firewall software (Kerio) but that doesn't work with Win 2003. And so we keep getting hit by zombie machines taken over in the Education Department or from Liberal Arts. So what does the Slashdot crowd use when they need to secure their Linux and Windows servers? Does it cost less than US $100?
  Xen Developers Focus on Security
  28th, June, 2005

With the next major release of the Xen Virtual Machine Monitor expected this August, the project's developers have turned their attention to a new issue: security. Over the last few months, a group of the project's open source developers have begun work on a "security enhanced" version of Xen called XenSE that is similar in concept to the Security Enhanced Linux project backed by the U.S. National Security Agency (NSA).
  Browser Identification For Web Applications
  27th, June, 2005

Browser identification is not a new concept. With the focus having shifted to desktops from networks and servers, a topic such as remote browser identification needs to be revisited.
  The Going Gets Hot
  28th, June, 2005

As if angry customers, declining consumer confidence, and the threat of fines weren't enough, business executives have something new to mull on the troubling issue of lost or stolen customer data. Two U.S. senators are floating the prospect of jail time for business leaders who knowingly conceal such breaches. If top managers can't secure data in a well-guarded environment, well, perhaps they'll find themselves in one.
  Virtual Private Servers Virtualize the OS
  29th, June, 2005

In today's never-ending crusade to reduce IT costs, various techniques are used to squeeze every drop of computing power out of servers. One popular technique is consolidation. Through consolidation, under used servers are subdivided into smaller, more usable pieces. And with these pieces, you generally achieve greater server performance overall. Often, it completely eliminates the need for some of the physical servers.
  Open-source projects get free checkup by automated tools
  29th, June, 2005

More open-source software projects are gaining the benefits of the latest code-checking software, as the programs' makers look to prove their worth. On Tuesday, code-analysis software maker Coverity announced that its automated bug finding tool had analyzed the community-built operating system FreeBSD and flagged 306 potential software flaws, or about one issue for every 4,000 lines of code. The tool, which identifies certain types of programming errors, has previously been used to find flaws in other open-source software, including the Linux kernel and the MySQL database.
  Open source ‘not big' in SMEs
  30th, June, 2005

Open source software has not made a big impact in small to medium enterprises (SMEs), according to a report by research firm BMI-TechKnowledge – “SME IT End-User Trends and Market Forecast?. BMI-T analyst Astrid Hamilton says 74% of the 165 respondents indicated they were not currently considering the use of open source software (OSS). Fifteen percent of respondents said they were using OSS, while 11% said they were considering using it.
  Return of the Anti-Zombies
  30th, June, 2005

It's a recurring theme on security discussion lists: Someone ought to build a worm that infects insecure systems and remedies the problems on them.

Every six months or so someone thinks they're the first one to think of it. So in case any of you think it's a good idea, please stop wasting your time. It's a dreadful idea, it's been tried, and it's failed in the most miserable way. It's a Frankenstein's Monster in an e-mail attachment.
  Final Draft of ISO 27001 Released
  1st, July, 2005

Following hot on the heels of the publication of the latest release of ISO 17799, ISO have published the final draft of ISO 27001.

This is the eagerly awaited replacement for BS7799-2, the Information Security Management Systems standard. It is anticipated that the final version will be published before the end of the year.
  ESR: "We Don't Need the GPL Anymore"
  1st, July, 2005

Recently, during FISL (Fórum Internacional de Software Livre) in Brazil, Eric Raymond gave a keynote speech about the open source model of development in which he said, "We don't need the GPL anymore. It's based on the belief that open source software is weak and needs to be protected. Open source would be succeeding faster if the GPL didn't make lots of people nervous about adopting it." Federico Biancuzzi decided to interview Eric Raymond to learn more about that.
  White hat heroes
  4th, July, 2005

Scanit is holding an ethical hacking course from September 4-8 2005 at Knowledge Village in Dubai in a bid to encourage regional network professionals to use the black arts of hacking to make their companies safer. The course is intended for network and system engineers that want to learn how to assess the security of their IT infrastructure and IT consultants who want to learn to perform in-depth security assessments.
  Rats in the security world
  4th, July, 2005

Not too long ago my wife and I decided to try out a Chinese restaurant in our area we had never visited before. I was looking at the menu and my wife gasped, then laughed a bit. I looked up and she pointed out a rat crawling right under the restaurant's buffet table.

I got the waitress's attention and pointed out the rat to her. The waitress, a large Asian woman with a heavy oriental accent replied, "Oh ya' his name is Tock." She giggled a bit then walked off.
  Italian Police 1 / Privacy 0
  27th, June, 2005

The cryptographic services offered by the Autistici/Inventati server, housed in the Aruba web farm, have been compromised on 15th June 2004. We discovered the fact on 21st June 2005. One year later.

One year ago the authorities (i.e. the postal police), during the investigation that led to the suspension of an email account (, shut down our server without any notice, and copied the keys necessary for the decryption of the webmail. Since then, they potentially had access to all the data on the disks, including sensible information about our users. This happened with the collaboration of Aruba, our provider.
  Senators propose sweeping data-security bill
  30th, June, 2005

Corporate data-security practices would be hit with an avalanche of new rules and information burglars would face stiff new penalties under a far-reaching bill introduced Wednesday in the U.S. Senate.

The bill represents the most aggressive--and at 91 pages, the most regulatory--legislative proposal crafted so far in response to a slew of high-profile security breaches in the last few months.
  Hackers unleash industrial spy Trojan
  29th, June, 2005

IT security experts have detected a malware-based hack attack that attempts to gain unauthorised access to the networks of specifically targeted domains.

Security firm MessageLabs, which discovered the attack, explained that the Trojan targets only a small number of email addresses - 17 in this case - rather than mass mailing itself to as many recipients as possible.
  Phishing Up By 226 Percent
  1st, July, 2005

Phishing is up dramatically over the last two months according to data released Thursday by computer maker IBM and message filtering firm Postini.

IBM's monthly security report said that phishing jumped 226 percent in May over the previous month to record an all-time high that beat out the earlier record in January of this year.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!