Linux Security Week: July 25th 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Interview with Fyodor of Nmap," "Open authentication initiative gaining ground," and "Linux Security, Audit and Control Guidance Featured In New Book."


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, advisories were released for krb5, heimdal, phpgadmin, ekg, heartbeat, affix, zlib, cacti, java, diskdumputils, radvd, bind, kdelibs, freeradius, firefox, thunderbird, ypserv, mysql, setarch, openoffice, pvm, fetchmail, mozilla, epiphany, devhelp, yelp, php, ruby, acroread, phpgroupware, dhcpd, mediawiki, cpio, shorewall, and kdenetwork. The distributors include Debian, Fedora, Gentoo, and Red Hat.

LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Domain Hijacking Takes ICANN Spotlight
  18th, July, 2005

Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found.

http://www.linuxsecurity.com/content/view/119807

 
  Network monitoring with ngrep
  20th, July, 2005

Constant monitoring and troubleshooting are key to maintaining a network's availability. With ngrep, you can analyze network traffic in a manner similar to that of other network sniffers. However, unlike its brethern, ngrep can match regular expressions within the network packet payloads. By using its advanced string matching capabilities, ngrep can look for packets on specified ports and assist in tracking the usernames and passwords zipping off the network, as well as all Telnet attempts to the server.

http://www.linuxsecurity.com/content/view/119829

 
  Review: GFI LANguard Network Security Scanner 6
  21st, July, 2005

This is a review of the new release of LANguard Network Security Scanner (GFI LANguard NSS) from GFI. NSS will scan computers for known vulnerabilities and common misconfigurations and other potential security issues. It produces reports that can be used to assist in the tracking and mitigation of security issues that have been identified. Furthermore, NSS provides patch management capabilities that allow you to centrally download and push out patches to systems with identified vulnerabilities.

http://www.linuxsecurity.com/content/view/119840

 
  Interview with Fyodor of Nmap
  17th, July, 2005

Nmap ("Network Mapper") is a free utility for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL. Read at TuxJournal.net

http://www.linuxsecurity.com/content/view/119797
 
  Mozilla Fixes Thunderbird Flaws In 1.0.5
  18th, July, 2005

The Mozilla Foundation this week updated its rival to Microsoft Outlook, the Thunderbird stand-alone POP3 e-mail and news client, to plug some of the same security holes that earlier were fixed in the open-source group's popular Firefox browser.

http://www.linuxsecurity.com/content/view/119806

 
  ISPs versus the zombies
  19th, July, 2005

In the next few months, ISPs in the United States will begin receiving reports on the zombies, or PCs open to control by hackers, that lurk on their networks. The data will be sent out by the Federal Trade Commission, which said in May that zombies have become such a serious problem that more industry action is required.

http://www.linuxsecurity.com/content/view/119819

 
  Greasemonkey Flaw Prompts Critical Uninstall Warning
  20th, July, 2005

A gaping security hole in a popular Firefox browser extension could allow malicious hackers to hijack files from a user's hard drive, developers warned Tuesday.

The vulnerability was flagged in Greasemonkey, the Firefox add-on that allows users to load custom scripts that modify Web sites on the fly.

http://www.linuxsecurity.com/content/view/119827

 
  Open authentication initiative gaining ground
  20th, July, 2005

Backers of open standards-based interoperable authentication technologies are happy to report growing membership in the authentication initiative known as OATH, which released its OATH Reference Architecture Version 1.0 specification for cross-device authentication in May. Now they're working to convince more organizations, many of which are reportedly unaware of the option, to go beyond disparate, proprietary standards or one-word passwords.

http://www.linuxsecurity.com/content/view/119830

 
  Major Firefox release delayed
  21st, July, 2005

The next version of Firefox has been delayed for a few months, the Mozilla Foundation confirmed Thursday. Earlier Mozilla stated on its Web site that the next major release of Firefox, called version 1.1, would be released in July. But on Wednesday, lead Firefox engineer Ben Goodger updated the group's roadmap to indicate that the next major release would now not be until after August.

http://www.linuxsecurity.com/content/view/119851

 
  Hacker Mitnick preaches social engineering awareness
  22nd, July, 2005

Properly trained staff, not technology, is the best protection against social engineering attacks on sensitive information, according to security consultant and celebrity hacker Kevin Mitnick.

http://www.linuxsecurity.com/content/view/119863

 
  Linux Security, Audit and Control Guidance Featured In New Book
  22nd, July, 2005

More than 10 years after its debut, Linux has matured from a student hobby to a highly respected platform used by major organizations worldwide. Because of this growing popularity and increased legislation requiring tight controls over IT, the Information Systems Audit and Control Association (ISACA) has issued a new publication with detailed guidance on security, audit and control of Linux.

http://www.linuxsecurity.com/content/view/119865

 
  Is wireless security pointless?
  21st, July, 2005

What with country singer Lee Greenwood's recorded rendition of patriot songs like "Glory, Glory, Hallelujah" and "God Bless America" playing over the sound system at 8:30 a.m. in the Commerce Department auditorium in Washington, D.C., one could have been excused for thinking the July 20 conference: "Pharmers and Spimmers, Hackers and Bluejackers: Combating Wireless Security Threats" was taking place during a national emergency. Far from it.

http://www.linuxsecurity.com/content/view/119841

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!